Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2007/02/22 12:0 a.m.53 views

NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit

No description provided by source. !/usr/bin/php URL: http://www.acid-root.new.fr/ ------------------------------------------------------------------ Usage: $argv0&nbs...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/01/09 12:0 a.m.53 views

Kaspersky反病毒扫描引擎PE文件拒绝服务漏洞

Kaspersky Antivirus是一款流行的客户端和网关病毒扫描。 Kaspersky Antivirus处理特殊构建的PE文件存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 PE文件中其中之一的头数据是可选Windows头数据段,这个PE头字段数据包含Windows链接器和装载器所需的信息,如果'NumberOfRvaAndSizes'字段中数据包含非法值,可导致应用程序崩溃。 Kaspersky Anti-Virus Personal Pro 5.0 Kaspersky Anti-Virus Personal 5.0 Kaspersky Anti-Virus fo...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/25 12:0 a.m.53 views

DocuWiki With ImageMagick远程命令执行和拒绝服务漏洞

DocuWiki是一款基于web的WIKI程序。 DocuWiki存在多个安全问题,远程攻击者可以利用漏洞进行拒绝服务和命令执行攻击。 问题一是对图像的调整大小处理没有进行限制,可导致拒绝服务攻击。当libGD使用时(默认需要)必须先计算所需RAM,如果没有足够的RAM(一般8到20MB)给php进程使用,那么函数就会放弃。但是如果使用ImageMagick $conf'imconvert'使用时,没有限制存在,允许攻击者利用此特性消耗大量内存,造成拒绝服务攻击。...

7AI score
Exploits0
seebug.org
seebug.org
added 2006/12/22 12:0 a.m.53 views

CWMExplorer Index.PHP源代码信息泄露漏洞

CWMExplorer是一款基于PHP的WEB应用程序。 CWMExplorer不正确过滤用户提交的输入,远程攻击者可以利用漏洞获得敏感信息。 问题是'index.php'脚本对用户提交的'file'参数缺少过滤,提交脚本文件作为参数,可导致源代码泄露。 cwm-design cwmExplorer 1.0 http://explorer.cwm-design.de/ http://www.example.com/path/index.php?d=0&showfile=file...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/19 12:0 a.m.53 views

VerliAdmin <= 0.3 (index.php) Remote File Include Exploit

No description provided by source. ? / P.S Chcialem serdecznie niepozdrowic wszystkie kurwy takie jak Ne0 i jego dziwki!! Mam was w dupie, a Ty Ne0 pryszczu jebany pogodz sie z porazka bo to ja zawsze bede lepszy od Ciebie! Nie pozdrawiam tez wszystkie gnidy jakie chowaja sie na swoich smiesznych...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/10 12:0 a.m.53 views

FusionPHP Fusion News Index.PHP远程文件包含漏洞

Fusion News是一款基于PHP的新闻管理程序。 Fusion News不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Fusionphp Fusion News 3.7 http://www.fusionphp.net/index.php?cat=fnews&page=features !/usr/bin/perl Aria-Security.net Advisory Discovered by: OUTLAW...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/11/23 12:0 a.m.53 views

CA BrightStor ARCserve Backup Tape Engine服务远程缓冲区溢出漏洞

BrightStor ARCserve Backup可为各种平台的服务器提供备份和恢复保护功能。 BrightStor ARCserver Backup的Tape Engine服务(tapeeng.exe)没有正确处理RPC请求,远程攻击者可以通过向该服务(默认端口6502/TCP)发送特制报文触发缓冲区溢出,导致执行任意代码。 Computer Associates BrightStor ARCserve Backup 11.5 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.cai.com/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/31 12:0 a.m.53 views

杭州潮流公司虚拟主机业务平台系统漏洞

杭州潮流信息技术公司是国内一家专业的电信级软件产品服务提供商,主要专注于为国内电信运营商提供Internet系统软件,是面向电信运营商提供电信级软件产品、技术支持、服务的高新技术企业。公司1999年成立,注册于浙江杭州高新区,其软件研发中心设在成都。 公司拥有一批高技术水平人员,其中有博士、硕士研究生、双学位、全国重点大学本科学历的技术开发人员占公司总人数70%以上。公司核心、技术骨干自中国互联网出现伊始就活跃在该领域,主要软件开发工程师具有多年的电信ISP工作经验。 他们公司网站http://www.tideinfo.com.cn...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/27 12:0 a.m.53 views

Microsoft Windows RASMAN服务栈溢出漏洞(MS06-025)

Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Windows远程访问连接管理器RASMAN存在可远程调用的RPC接口,其中RPC接口 RasRpcSubmitRequest存在若干安全漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。 函数RasRpcSubmitRequest及其子函数对作为参数的函数指针的有效性检查不足;某些子函数对参数的处理存在缓冲区溢出漏洞;这些漏洞都可能被攻击者利用在服务器上执行任意指令,从而控制系统。 Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microso...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2006/09/14 12:0 a.m.53 views

phpQuiz 0.1 (pagename) Remote File Include Vulnerability

No description provided by source. SolpotCrew Community phpQuiz v0.01 design and coding byJule Slootbeek pagename Remote File Inclusion Download file : http://www.furor-normannicus.de/phpQuiz/download/phpQuiz.zip Bug Found By :Solpot a.k.a k. Hasibuan 14-09-2006 contact: [email protected]...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/07/21 12:0 a.m.53 views

Cyrus IMAPD 2.3.2 (pop3d) Remote Buffer Overflow Exploit (2)

No description provided by source. !/usr/bin/ruby cyrus-imapd pop3d exploit by bannedit 05/23/2006 This exploit takes advantage of a stack based overflow. Once the stack corruption has occured it is possible to overwrite a pointer which is later used for a memcpy this gives us a write anything...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/04/21 12:0 a.m.53 views

Symantec Scan Engine 5.0.x.x Change Admin Password Remote Exploit

No description provided by source. !/usr/bin/perl -w Remotely change the administrator password or password hash of Symantec Scan Engine. Author: Marc Bevand of Rapid7 marcbevandatrapid7.com Copyright 2006 Rapid7, LLC. All rights reserved. Redistribution and use in source and binary forms, with o...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2004/09/26 12:0 a.m.53 views

bsdi/x86 execve /bin/sh 46 bytes

No description provided by source. / BSDi execve of /bin/sh by v9 [email protected] / static char exec= "\xeb\x1f\x5e\x31\xc0\x89\x46\xf5\x88\x46\xfa\x89\x46\x0c" / 14 characters. / "\x89\x76\x08\x50\x8d\x5e\x08\x53\x56\x56\xb0\x3b\x9a\xff" / 14 characters. /...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.52 views

泛微OA8 前台SQL注入漏洞

...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2018/06/22 12:0 a.m.52 views

Insteon Hub PubNub Firmware Upgrade Confusion Permanent Denial Of Service Vulnerability(CVE-2018-3834)

Summary An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is...

7.6AI score0.00512EPSS
Exploits2
seebug.org
seebug.org
added 2018/06/21 12:0 a.m.52 views

Insteon Hub HTTPExecuteGet Firmware Update URL Parameter Code Execution Vulnerability(CVE-2017-14444)

Summary An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET reque...

0.3AI score0.01438EPSS
Exploits2
seebug.org
seebug.org
added 2018/03/15 12:0 a.m.52 views

Chromium: Incorrect size calculation when deserializing Mojo "Event" messages leading to OOB access

VULNERABILITY DETAILS Mojo IPC allows endpoints to communicate with one another, potentially across process boundaries. Each endpoint initially receives a handle to the broker host node, using which it can request subsequent "child" channels to be created...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2018/01/31 12:0 a.m.52 views

SEC Consult SA-20180131-0 :: Multiple Vulnerabilities in Sprecher Automation SPRECON-E-C, PU-2433

VENDOR DESCRIPTION “Sprecher Automation GmbH offers switchgears and automation solutions for energy, industry and infrastructure processes. Our customers are power utilities, industries, transportation companies, municipal utilities and public institutions. Company-own developments and cooperatio...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2018/01/10 12:0 a.m.52 views

CPP-Ethereum JSON-RPC miner_stop improper authorization Vulnerability(CVE-2017-12118)

Summary An exploitable improper authorization vulnerability exists in minerstop API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigge...

8.1AI score0.01599EPSS
Exploits2
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.52 views

InfraPower PPS-02-S Q213V1 Hard-coded Credentials Remote Root Access

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.52 views

InfraPower PPS-02-S Q213V1 Cross-Site Request Forgery

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.52 views

ZKTeco ZKBioSecurity 3.0 User Enumeration Weakness

Summary ZKBioSecurity3.0 is the ultimate "All in One" web based security platform developed by ZKTeco. It contains four integrated modules: access control, video linkage, elevator control and visitor management. With an optimized system architecture designed for high level biometric identificatio...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2017/12/25 12:0 a.m.52 views

Remote Stack Format String in 'nsd' binary from multiple OEM

Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full Disclosure: 0-Day PoC 1 $ curl...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2017/12/11 12:0 a.m.52 views

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2017/12/08 12:0 a.m.52 views

Schneider Electric Pelco Sarix/Spectra Cameras Multiple XSS Vulnerabilities

Summary Pelco offers the broadest selection of IP cameras designed for security surveillance in a wide variety of commercial and industrial settings. From our industry-leading fixed and high-speed IP cameras to panoramic, thermal imaging, explosionproof and more, we offer a camera for any...

7AI score
Exploits0
seebug.org
seebug.org
added 2017/12/07 12:0 a.m.52 views

Dasan Networks GPON ONT WiFi Router H64X Series Authentication Bypass

Summary H64xx is comprised of one G-PON uplink port and four ports of Gigabit Ethernet downlink supporting 10/100/1000Base-T RJ45. It helps service providers to extend their core optical network all the way to their subscribers, eliminating bandwidth bottlenecks in the last mile. H64xx is...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/11/24 12:0 a.m.52 views

Linux Kernel XFRM Privilege Escalation

Vulnerability Summary The following advisory describes a Use-after-free vulnerability found in Linux kernel that can lead to privilege escalation. The vulnerability found in Netlink socket subsystem – XFRM. Netlink is used to transfer information between the kernel and user-space processes. It...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2017/11/09 12:0 a.m.52 views

Circle with Disney Rclient SSH Persistent Remote Access Vulnerability(CVE-2017-12084)

Summary A backdoor vulnerability exists in remote control functionality of Circle with Disney running firmware 2.0.1. A specific set of network packets can remotely start an SSH server on the device, resulting in a persistent backdoor. An attacker send an API call to enable the SSH server. Tested...

6.7AI score0.00973EPSS
Exploits2
seebug.org
seebug.org
added 2017/11/08 12:0 a.m.52 views

Circle with Disney libbluecoat.so SSL TLD MITM Vulnerability(CVE-2017-2913)

Summary An exploitable vulnerability exists in filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this...

5.8AI score0.00673EPSS
Exploits2
seebug.org
seebug.org
added 2017/10/20 12:0 a.m.52 views

Ruby WIN32OLE ole_invoke and ole_query_interface Type Confusion Vulnerabilities(CVE-2016-2336)

DESCRIPTION Type Confusion exists in two methods of Ruby's WIN32OLE class, oleinvoke and olequeryinterface. Attacker passing different type of object than this assumed by developers can cause arbitrary code execution. TESTED VERSIONS Ruby 2.3.0 dev Ruby 2.2.2 PRODUCT URLs https://www.ruby-lang.or...

7.5CVSS9.3AI score0.03291EPSS
Exploits2
seebug.org
seebug.org
added 2017/10/20 12:0 a.m.52 views

IBM Domino KeyView PDF Filter Trailer ID Code Execution Vulnerability(CVE-2016-0301)

SUMMARY A heap based buffer overflow vulnerability present in KeyView PDF filter as used by Domino can lead to remote arbitrary code execution. TESTED VERSIONS KeyView 10.16 as used by IBM Domino 9.0.1 PRODUCT URLs http://www-03.ibm.com/software/products/en/ibmdomino DETAILS While parsing an ID...

6.8CVSS8.3AI score0.0282EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.52 views

Pidgin MXIT Custom Resource Denial of Service Vulnerability(CVE-2016-2370)

DESCRIPTION A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle can send invalid data to trigger this vulnerability...

4.3CVSS6.7AI score0.02123EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/16 12:0 a.m.52 views

Mac OS X 10.12 isolation mechanism bypass vulnerability

Vulnerability summary Mac OS X a vulnerability exists that could allow an attacker to bypass the Apple of the isolation mechanism, without any restrictions to execute arbitrary JavaScript code. Vulnerability submitter From WeAreSegment security researcher Filippo Cavallarin to Beyond Security SSD...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2017/10/12 12:0 a.m.52 views

Hopper Disassembler ELF Section Header Size Code Execution Vulnerability(CVE-2016-8390)

Summary An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper App. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with...

7.9AI score0.01251EPSS
Exploits1
seebug.org
seebug.org
added 2017/09/26 12:0 a.m.52 views

Nitro Pro 10 PDF Handling Code Execution Vulnerability(CVE-2016-8711)

Summary A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability. Tested...

6.8CVSS8AI score0.01958EPSS
Exploits1
seebug.org
seebug.org
added 2017/09/22 12:0 a.m.52 views

Ichitaro Office Excel File Code Execution Vulnerability(CVE-2017-2790)

Summary A vulnerability was discovered within the Ichitaro word processor. Ichitaro is published by JustSystems and is considered one of the more popular word processors used within Japan. Ichitaro handles Microsoft Excel's .xls file format. When processing a record type of 0x3c from a Workbook...

7.5CVSS9.4AI score0.01889EPSS
Exploits1
seebug.org
seebug.org
added 2017/09/20 12:0 a.m.52 views

Moxa AWK-3131A Web Application bkpath HTTP Header Injection Vulnerability(CVE-2016-8720)

Summary An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the...

4.3CVSS5.7AI score0.01362EPSS
Exploits2
seebug.org
seebug.org
added 2017/09/20 12:0 a.m.52 views

Moxa AWK-3131A Web Application Cleartext Transmission of Password Vulnerability(CVE-2016-8716)

Summary An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cleartext. An attacker capable of...

3.3CVSS7.5AI score0.00825EPSS
Exploits2
seebug.org
seebug.org
added 2017/09/18 12:0 a.m.52 views

MuPDF Fitz library font glyph scaling Code Execution Vulnerability(CVE-2016-8728)

Summary An exploitable heap out of bounds write vulnerability exists in the Fitz graphical library part of the MuPDF renderer. A specially crafted PDF file can cause a out of bounds write resulting in heap metadata and sensitive process memory corruption leading to potential code execution. Victi...

7.9AI score0.01936EPSS
Exploits1
seebug.org
seebug.org
added 2017/09/15 12:0 a.m.52 views

Foscam IP Video Camera CGIProxy.fcgi SMTP Test User Parameter Configuration Command Injection Vulnerability(CVE-2017-2842)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting...

6.5CVSS9.6AI score0.03439EPSS
Exploits1
seebug.org
seebug.org
added 2017/09/15 12:0 a.m.52 views

Foscam IP Video Camera CGIProxy.fcgi Account Password Command Injection Vulnerability(CVE-2017-2828)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resultin...

6.5CVSS9.7AI score0.07802EPSS
Exploits2
seebug.org
seebug.org
added 2017/05/27 12:0 a.m.52 views

Apple MacOS 32-Bit Syscall Exit Kernel Register Leak(CVE-2017-2509)

The XNU kernel, when compiled for a x86-64 CPU, can run 32-bit x86 binaries in compatibility mode. 32-bit binaries use partly separate syscall entry and exit paths. To return to userspace, unixsyscall in bsd/dev/i386/systemcalls.c calls threadexceptionreturn in osfmk/x8664/locore.s, which in turn...

4.3CVSS7.7AI score0.02321EPSS
Exploits2
seebug.org
seebug.org
added 2017/04/21 12:0 a.m.52 views

Drupal Core - Access Bypass vulnerability (CVE-2017-6919)

This is a critical access bypass vulnerability. A site is only affected by this if all of the following conditions are met: The site has the RESTful Web Services rest module enabled. The site allows PATCH requests. An attacker can get or register a user account on the site. While we don't normall...

6CVSS7.5AI score0.01606EPSS
Exploits1
seebug.org
seebug.org
added 2017/03/31 12:0 a.m.52 views

DedeCMS stored xss vulnerability

Vulnerability description: Dedecms is an open source PHP open source website management system. Dedecms member function shopsdelivery. in php des parameters there is stored XSS vulnerability, the attacker may exploit the vulnerability to obtain the users cookie. Test environment: DedeCMS-V5...

6.5AI score
Exploits0
seebug.org
seebug.org
added 2016/05/14 12:0 a.m.52 views

南京擎天政务系统 /webpages/login_ex.aspx POST型sql注入

用户名输入:test';WAITFOR DELAY '0:0:5' -- 密码:随便输入 就可以看到明显的延时:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/19 12:0 a.m.52 views

科创CMS /web/doc_hit.jsp等3处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/13 12:0 a.m.52 views

泛微协同商务系统e-cology某处SQL注入(附验证中转脚本)

简要描述: RT 详细说明: 官网http://...//services/ 随便找个吧 以http://...//services/MobileService?wsdl为例 使用wvs checkUserLogin方法 三个参数 分别为字符型、字符型和数字 正确的时候返回3 错误返回4 (本想采用抓包工具(WSockExpert ) 使用某度搜索了一个 评分还挺高 结果系统多了个某度影音 和某度输...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/11/25 12:0 a.m.52 views

Thinksns cms v4存在越权漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/11/08 12:0 a.m.52 views

正方教务管理系统 /service.asmx SOAP无条件注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/18 12:0 a.m.52 views

Windows ATMFD.DLL CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access

CVE-2015-2460We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: ---PAGEFAULTINNONPAGEDAREA 50Invalid system memory was referenced. This cannot be protected by try-except,it must be protected by a Probe...

9.3CVSS7.1AI score0.31334EPSS
Exploits3
Total number of security vulnerabilities5000