45 matches found
phpyun v3.2 (20141222) 无需登录无视过滤注入一枚。
简要描述: 无需登录。 最新版本。 demo测试。 功能越多 bug越多 bug越多 rank越多。 详细说明: 在model/subscribe.class.php中 function certaction if$GET'id' $arr=@explode"|",base64decode$GET'id';//当时我就震惊了。。。 $email = $arr0; $code = $arr1; $nid=$this-obj-DBupdateall"subscribe","status='1'","email='".$email."' and code='".$code."'";...
Threat Outbreak Alert RuleID12469: Email Messages Distributing Malicious Software on November 17, 2014
Medium Alert ID: 36448 First Published: 2014 November 18 16:18 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID12469 may contain the following files: Name |...
Threat Outbreak Alert RuleID11577: Email Messages Distributing Malicious Software on September 16, 2014
Medium Alert ID: 35730 First Published: 2014 September 16 16:16 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID11577 may contain the following files: Name ...
DEBIAN-CVE-2013-6427
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing HPLIP 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream...
Php168 读取任意文件漏洞
代码:..job.php Line:117 if eregi".php",$url die"ERR"; $fileurl=strreplace$webdbwwwurl,"",$url; ifisfilePHP168PATH."$fileurl"&&filesizePHP168PATH."$fileurl"10241024500 $filename=basename$fileurl; $filetype=substrstrrchr$filename,'.',1; $filename=pregreplace"/\d+200\d+^+.^.+/is","\3",$filename;...