CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

seebug.org•added 2016/03/03 12:0 a.m.•44 views

Discuz X2.5 /uc_server/control/admin/db.php 路径泄露漏洞

No description provided by source...

7.1AI score

Exploits0

seebug.org•added 2014/08/21 12:0 a.m.•24 views

easytalk存储型XSS

简要描述： easytalk对用户提交数据过滤不严导致存储型跨站，利用该漏洞，攻击者可以盗取用户cookie或者进行其它攻击。详细说明： 1、涉及版本EasyTalk x2.5 2、EasyTalk开源微博系统对投票模块的投票说明字段设置不严谨，导致存储型FLASH跨站，由于FLASH可以执行javascript脚本，利用此漏洞，攻击者可以加载本地脚本，盗取用户cookie以及其它信息。漏洞证明： 1、登录系统，进入工具--》投票广场--》发起投票，发起投票时，添加投票说明，在说明字段选择添加flash...

7.1AI score

Exploits0

seebug.org•added 2014/07/29 12:0 a.m.•17 views

EasyTalk X2.5存储型XSS一枚

简要描述： EasyTalk X2.5存储型XSS一枚详细说明：在发起投票时允许添加投票说明在该处没有进行XSS过滤漏洞证明：直接看图说话啦插入xss后burp抓包修改...

7.1AI score

Exploits0

seebug.org•added 2013/09/18 12:0 a.m.•47 views

Discuz! --X2/X2.5管理权限用户修改创始人用户密码漏洞

简要描述： 0.0 详细说明： Discuz! --X2/X2.5低权限用户修改搞权限用户密码漏洞涉及 Discuz! X2/X2.5 X3未做测试。（涉及网站 http://bbs.xiangyang.net 副站长:风的方向密码：zhoujx626 ）（网站管理员：admin 密码不知道修改后密码：zlf123456 站长QQ：71629730）留下以上信息方面查证。今天工作关系友情检测一个网站拿到一个用户用户名：风的方向用户组：管理组用户职务：副站长如图：想拿shell 但是没有UC设置权限怎么办？刚开始是准备找地方写XSS盗取 admin 用户名...

7.1AI score

Exploits0

myhack58•added 2013/05/25 12:0 a.m.•23 views

dz3. 0/2. 5 Background to get shell-vulnerability warning-the black bar safety net

To work seen after the tick community has released a discuz x3 the background to get the shell method, then t00ls members also tested discuz x2. 5 the background to get the shell method. A good ass is I tested didn't, caught the packet and the given case is not the same now! After the study found...

7.1AI score

Exploits0

seebug.org•added 2013/04/14 12:0 a.m.•18 views

DZ X2.5某插件高危注入第一时间发布哦

简要描述： DZ X2.5高危注入第一时间发布哦求奖金或者移动硬盘啥的！详细说明： DZ X2.5高危注入第一时间发布哦求奖金求奖金或者移动硬盘啥的！闲的无聊发现的！漏洞证明：...

7.1AI score

Exploits0

myhack58•added 2013/03/26 12:0 a.m.•19 views

XSS: discuz X2. 5 cross-site vulnerabilities using the method of analysis-vulnerability warning-the black bar safety net

0×0 1 cannot get the COOKIE Log analysis Say DISCUZ X2. 5, hereinafter referred to as DZ25 the COOKIES got there is no way to login, but why? Today a simple look, we log a DZ25 of the station, landing after a look at the COOKIE ! On the inside we turned down, you will find a HTTPONLY fields, or...

7.1AI score

Exploits0

seebug.org•added 2013/03/22 12:0 a.m.•11 views

Discuz! X2.5 api.php 路径泄露

No description provided by source...

7.1AI score

Exploits0

seebug.org•added 2013/03/02 12:0 a.m.•23 views

Discuz!x2.5某处存储xss

简要描述： Discuz!x2.5某处存储xss 比较鸡肋详细说明：在论坛首页管理禁止用户那输入你能管理的用户名称然后选择禁言理由那插漏洞证明：...

7.1AI score

Exploits0

seebug.org•added 2013/02/21 12:0 a.m.•14 views

Discuz! X2.5 /source/function/function_core.php 跨站脚本漏洞

No description provided by source...

7.1AI score

Exploits0

myhack58•added 2012/11/26 12:0 a.m.•22 views

discuz X2. 5 latest vulnerability,a neglected physical path of the leak-vulnerability warning-the black bar safety net

Before everyone's attention that both the physical path of the leak: Before the two physical path of the leak address: http://www.myhack58.com/ucserver/control/admin/db.php http://www.myhack58.com/source/plugin/myrepeats/table/tablemyrepeats.php Actually install here also hide one, some people...

0.1AI score

Exploits0

myhack58•added 2012/11/12 12:0 a.m.•20 views

Discuz! X2. 5 the latest version of the background administrator permissions Getshell details of the disclosure-vulnerability warning-the black bar safety net

In the background - webmaster - Ucenter settings set at UcenterIP for XX\';eval$POSTa?;// XX ! 2. The discovery Management page code out. ! 3. Serving knife! ! 4. Look at the source code, Oh, the original is so! !...

2AI score

Exploits0

seebug.org•added 2012/09/16 12:0 a.m.•22 views

Discuz! X2.5 类似鸡肋存储Xss

简要描述：鸡肋存储XSS 详细说明：貌似鸡肋,因为要造成XSS是需要有一定的权限，比如论坛的斑竹什么的，普通会员的话好像不行，因为存在XSS的地方是一个转账功能，而在此转账功能下面还有一个留言框，而造成XSS的就是这个留言框。此留言框未做任务过滤处理。经测试用一个有权限的帐号给一个普通帐号转账附带留言XSS.可成功获取cookie. 漏洞证明：...

7.1AI score

Exploits0

myhack58•added 2012/09/04 12:0 a.m.•15 views

Discuz X2. 5 the latest version of the proof of the path-vulnerability warning-the black bar safety net

! Vulnerability to prove: http://www.erdare.com/source/plugin/myrepeats/table/tablemyrepeats.php Solution: add! defined'INUC' && exit'Access Denied';...

0.6AI score

Exploits0

seebug.org•added 2012/08/27 12:0 a.m.•27 views

Discuz X2.5最新版爆路径

简要描述： Discuz X2.5最新版爆路径详细说明：漏洞证明： http://www.erdare.com/source/plugin/myrepeats/table/tablemyrepeats.php...

7.1AI score

Exploits0

seebug.org•added 2012/08/08 12:0 a.m.•29 views

Discuz! X2.5最新版本日志功能存在XSS漏洞

简要描述： Discuz! X2.5最新版本日志功能存在XSS漏洞详细说明： Discuz! X2.5最新版本日志功能存在XSS漏洞日志发表没有过滤代码漏洞证明：从Discuz全新下载的X2.5安装包进行全新安装发表一篇日志写入XSS代码日志源码编辑没有进行XSS代码过滤...

7.1AI score

Exploits0

seebug.org•added 2012/07/27 12:0 a.m.•13 views

DZ x2.5 爆路径漏洞

简要描述： dzx2.5 爆路径漏洞详细说明： dzx2.5 爆路径漏洞官网测试有效看下图: 漏洞证明： dzx2.5 爆路径漏洞官网测试有效看下图:...

7.1AI score

Exploits0

seebug.org•added 2012/07/12 12:0 a.m.•15 views

Discuz X2.5 时区逻辑错误

简要描述： Discuz X2.5 时区逻辑错误，导致Discuz某些应用不能正常使用详细说明： Discuz X2.5 时区逻辑错误，导致Discuz某些应用不能正常使用比如QQ登陆漏洞证明：...

7.1AI score

Exploits0

myhack58•added 2012/05/25 12:0 a.m.•401 views

Discuz! X2. 5 latest GetShell0day detailed use-vulnerability warning-the black bar safety net

I heard that Discuz! This time and out of vulnerability, this was a GetShell vulnerabilities. This exploit is relatively new, it should be a lot of stations haven't updated it. Affects versions: 2 0 1 2 0 4 0 7, beta, rc Discuz! X2. 5 Release 2 0 1 2 0 4 0 7 edition in pregreplace using the e...

0.1AI score

Exploits0

seebug.org•added 2012/05/19 12:0 a.m.•34 views

Discuz!的改名卡道具可以改系统禁止的用户名

简要描述：【飞易】改名卡漏洞 2.0版本该漏洞可以更改系统禁止的用户名. 详细说明：在后台设置了禁止注册的用户名. 但是用改名卡道具就可以修改成任意用户名.长名字没测试过漏洞证明：可以自己测试下...我这里就不放出了 Discuz!X2.5的道具. 道具地址http://addon.discuz.com/[email protected]...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by