Lucene search
K

102 matches found

myhack58
myhack58
added 2011/08/17 12:0 a.m.32 views

Discuz X2 SQL injection/Xpath latest vulnerability-vulnerability warning-the black bar safety net

| Vulnerability type: SQL injection/Xpath Request method: POST Affected page: http://127.0.0.1/member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes Parameters:username Parameters of the test: and 1=1 Attack details: username=1+and+1=1&cookietime=2 5 9 2 0 0...

1.1AI score
Exploits0
myhack58
myhack58
added 2011/07/05 12:0 a.m.40 views

Discuz X2 Safety study: SQL and XSS injection vulnerability 0day analysis-vulnerability warning-the black bar safety net

Recently, DiscuzX2 is out with two 0day, aSQL injectionvulnerability, an attacker can use this vulnerability to obtain the username and password, another is toXSSinjection vulnerabilities, the attacker can achieve the website hanging horse, Web sites, phishing and other acts, the current official...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2011/07/04 12:0 a.m.66 views

Discuz! X2远程SQL注入漏洞

Discuz! X2在处理请求数据时存在SQL注入漏洞,远程攻击者可利用此漏洞非授权操作数据库。 漏洞存在于如下代码中: if!defined'INDISCUZ' exit'Access Denied'; define'NOROBOT', TRUE; @list$G'gpaid', $G'gpk', $G'gpt', $G'gpuid', $G'gptableid' = explode'|', base64decode$G'gpaid'; if!empty$G'gpfindpost' && $attach = DB::fetchfirst"SELECT pid, tid FROM...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/04/25 12:0 a.m.14 views

Discuz! X2 Beta 存储型XSS

简要描述: Discuz! X2 Beta 存储型XSS 详细说明: Discuz! X2 Beta 【家园】相册描述 存储型XSS漏洞。 漏洞证明:...

7.1AI score
Exploits0
NVD
NVD
added 2011/03/01 11:0 p.m.16 views

CVE-2011-0454

Buffer overflow in the PPP Access Concentrator PPPAC on the SEIL/x86 with firmware 1.00 through 1.61, SEIL/B1 with firmware 1.00 through 3.11, SEIL/X1 with firmware 1.00 through 3.11, SEIL/X2 with firmware 1.00 through 3.11, SEIL/Turbo with firmware 1.80 through 2.10, and SEIL/neu 2FE Plus with...

8.3CVSS7.9AI score0.02608EPSS
Exploits0References6
Prion
Prion
added 2011/03/01 11:0 p.m.17 views

Buffer overflow

Buffer overflow in the PPP Access Concentrator PPPAC on the SEIL/x86 with firmware 1.00 through 1.61, SEIL/B1 with firmware 1.00 through 3.11, SEIL/X1 with firmware 1.00 through 3.11, SEIL/X2 with firmware 1.00 through 3.11, SEIL/Turbo with firmware 1.80 through 2.10, and SEIL/neu 2FE Plus with...

8.3CVSS8.6AI score0.02608EPSS
Exploits0References6Affected Software6
CVE
CVE
added 2011/03/01 10:0 p.m.58 views

CVE-2011-0454

SEIL Series routers (PPPoE PPPoE PPPAC) contain a buffer overflow vulnerability in the PPP Access Concentrator when processing PPPoE packets. Affected firmware ranges include SEIL/x86 1.00–1.61, SEIL/B1 1.00–3.11, SEIL/X1 1.00–3.11, SEIL/X2 1.00–3.11, SEIL/Turbo 1.80–2.10, and SEIL/neu 2FE Plus 1...

8.3CVSS8.2AI score0.02608EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2010/08/30 7:0 p.m.40 views

CVE-2010-2363

CVE-2010-2363 affects SEIL/X1, SEIL/X2, and SEIL/B1 routers (firmware 1.00–2.73). In strict mode, IPv6 Unicast Reverse Path Forwarding (RPF) fails to drop certain packets, potentially allowing remote spoofed-IP traffic to bypass access restrictions. Connected sources (NVD, JVN/JVNDB) confirm the ...

5.8CVSS7AI score0.01864EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2009/12/10 11:30 p.m.14 views

CVE-2009-4292

Buffer overflow in the URL filtering function in Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.40 through 2.51 allows remote attackers to execute arbitrary code via unspecified vectors...

9.3CVSS8.1AI score0.04756EPSS
Exploits0References7
Prion
Prion
added 2009/12/10 11:30 p.m.16 views

Code injection

Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service system restart via crafted GRE packets...

7.1CVSS7.3AI score0.01684EPSS
Exploits0References7Affected Software3
CVE
CVE
added 2009/12/10 11:0 p.m.49 views

CVE-2009-4292

CVE-2009-4292 corresponds to a buffer overflow in the URL filtering function of Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware versions 2.40–2.51. The vulnerability may allow a remote attacker to execute arbitrary code when processing specially crafted URLs. Public details consi...

9.3CVSS8.1AI score0.04756EPSS
Exploits0References7Affected Software2
NVD
NVD
added 2008/05/05 5:20 p.m.18 views

CVE-2008-2082

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...

4.3CVSS5.7AI score0.01472EPSS
Exploits1References4
Cvelist
Cvelist
added 2008/05/05 5:0 p.m.20 views

CVE-2008-2082

Cross-site scripting XSS vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message...

5.7AI score0.01472EPSS
Exploits1References4
CVE
CVE
added 2008/05/05 5:0 p.m.41 views

CVE-2008-2082

CVE-2008-2082: XSS vulnerability in Siteman 2.0.x2 (index.php) where an attacker can inject arbitrary script/HTML via the module parameter, with the error message leaking the path. Affected software is Siteman 2.0.x2; the vulnerability is triggered through the module parameter and is confirmed by...

4.3CVSS5.7AI score0.01472EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2008/05/05 5:0 p.m.22 views

CVE-2008-2081

Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. dot dot in the module parameter...

6.8AI score0.03042EPSS
Exploits1References5
Cvelist
Cvelist
added 2008/03/04 11:0 p.m.25 views

CVE-2008-1147

A certain pseudo-random number generator PRNG algorithm that uses XOR and 2-bit random hops aka "Algorithm X2", as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as I...

6.9AI score0.01772EPSS
Exploits0References10
Prion
Prion
added 2007/01/30 6:28 p.m.15 views

Improper access control

Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD...

5CVSS7AI score0.01213EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/01/30 6:28 p.m.11 views

CVE-2007-0594

Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD...

5CVSS6.5AI score0.01213EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/01/30 6:0 p.m.18 views

CVE-2007-0594

Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD...

6.5AI score0.01213EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2007/01/27 12:0 a.m.24 views

siteman-pass.txt

-=--------------------ADVISORY-------------------=- Siteman 2.0.x2 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Siteman 2.0.x2 -=+ Version: 2.0.x2 -=+ Vendor's URL: http://home.no.net/siteman/ -=+ Platform: Windows\Linux\Unix -=+ Bug type:...

7.4AI score
Exploits0
Rows per page
Query Builder