Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2006/11/26 12:0 a.m.232 views

MyAlbum Language.Inc.PHP远程文件包含漏洞

MyAlbum是一款基于php的WEB应用程序。 MyAlbum不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于'Language.Inc.php'脚本对用户提交的'langsdir'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 攻击所需条件 攻击者必须访问MyAlbum。 MyAlbum MyAlbum 3.02 http://www.comscripts.com/scripts/php.myalbum.1731.html...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/07/22 12:0 a.m.231 views

D-LINK DIR-3040 Zebra IP 路由管理器信息泄露漏洞(CVE-2021-21817)

The DIR-3040 is an AC3000-based wireless internet router. Zebra is an IP routing manager that provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols. The DIR-3040 runs this service by default on TCP port 2601 and can be accessed ...

5CVSS7.5AI score0.02013EPSS
Exploits2
seebug.org
seebug.org
added 2017/08/22 12:0 a.m.231 views

Foxit Reader command injection(CVE-2017-10951)and file writing Vulnerability(CVE-2017-10952)

A tale about Foxit Reader - Safe Reading mode and other vulnerabilities Some days ago someone send me the following link, which describes two vulnerabilities in Foxit Reader: http://thehackernews.com/2017/08/two-critical-zero-day-flaws-disclosed.html These two vulnerabilities are similar to the...

6.8CVSS8.7AI score0.07152EPSS
Exploits2
seebug.org
seebug.org
added 2016/03/19 12:0 a.m.231 views

泛微OA系统 /ServiceAction/com.eweaver.base.security.servlet.LoginAction 参数keywordid SQL注入漏洞

0x01漏洞简介 泛微OA系统在/ServiceAction/com.eweaver.base.security.servlet.LoginAction处对参数keywordid过滤不严格,导致出现SQL注入漏洞。远程攻击者可以利用该漏洞读取敏感信息。 0x02漏洞详情 http://...:9085/ServiceAction/com.eweaver.base.security.servlet.LoginAction?action=getLabelNameByKeyId&keywordid=402881e43c2385 正常页面 提示请输入用户名 输入' and 'a'='a...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/06/23 12:0 a.m.230 views

DouPHP轻量级企业建站系统CSRF添加管理员

简要描述: 版本:官网最新版本 详细说明: http://douco.com/ 官网的demo测试。http://demo.douco.com/ 没有验证token,也没有验证referer,所以造成了csrf 漏洞文件 admin/manage.php 第84行-121行 None...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/06/19 12:0 a.m.230 views

phpMyAdmin setup.php脚本PHP代码注入漏洞

BUGTRAQ ID: 34236 CVECAN ID: CVE-2009-1151 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin的Setup脚本用于生成配置。如果远程攻击者向该脚本提交了特制的POST请求的话,就可能在生成的config.inc.php 配置文件中包含任意PHP代码。由于配置文件被保存到了服务器上,未经认证的远程攻击者可以利用这个漏洞执行任意PHP代码。 phpMyAdmin phpMyAdmin 3.x phpMyAdmin phpMyAdmin 2.11.x 厂商补丁: phpMyAdmin ----------...

7.5CVSS9.4AI score0.95438EPSS
Exploits16
seebug.org
seebug.org
added 2006/12/05 12:0 a.m.230 views

deV!Lz Clanportal Show参数SQL注入漏洞

deV!Lz Clanportal是一款基于Invision的一个图库模块。 deV!Lz Clanportal不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Index.PHP'脚本对用户提交的'show'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 deV!Lz Clanportal deV!Lz Clanportal 1.3.6 目前没有解决方案提供: http://www.dzcp.de/news/index.php...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/12/31 12:0 a.m.229 views

实战绕过云锁1.3.145进行注入测试二

简要描述: 嘿嘿 详细说明: 之前http://www.wooyun.org/bugs/wooyun-2014-089487/trace/ca338e20666fbe79e87f32643c939075 通过id=8.0union select ...和id=8E0union select ...可绕过安全狗进行注入 然后这次是/!50000SeLect/这种姿势 漏洞证明: 获取管理员的pwd为例,没有任何提示...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.229 views

FCKeditor 2.x <= 2.4.3 - Arbitrary File Upload Vulnerability

No description provided by source. Exploit Title: FCKeditor 2.0-2.4.3 arbitrary file upload Author: grabz Software Link: http://sourceforge.net/projects/fckeditor/ Version: FCKeditor 2.x = 2.4.3 Tested on: 2.0, 2.2, 2.3.2, 2.4.0, 2.4.3 for version 2.0 - 2.2: in file...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/07/09 12:0 a.m.229 views

phpMyAdmin 3.x Swekey Remote Code Injection Exploit

No description provided by source. ?php / Exploit Title: phpMyAdmin 3.x Swekey Remote Code Injection Exploit Date: 2011-07-09 Author: Mango of ha.xxor.se Version: phpMyAdmin 3.3.10.2 || phpMyAdmin 3.4.3.1 CVE : CVE-2011-2505, CVE-2011-2506 Advisory:...

7.5CVSS0.2AI score0.12879EPSS
Exploits16
seebug.org
seebug.org
added 2008/08/07 12:0 a.m.229 views

Discuz! 6.0.1 (searchid) Remote SQL Injection Exploit

No description provided by source. ?php errorreportingEALL&ENOTICE; printr" +------------------------------------------------------------------+ Exploit discuz6.0.1 Just work as php=5 & mysql=4.1 BY james +------------------------------------------------------------------+ "; if$argc4 $host=$argv...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/04/20 12:0 a.m.229 views

PHP-Nuke绕过SQL注入保护及多个SQL注入漏洞

PHP-Nuke是一个广为流行的网站创建和管理工具,它可以使用很多数据库软件作为后端,比如MySQL、PostgreSQL、mSQL、Interbase、Sybase等。 PHP-Nuke实现上存在多个SQL注入漏洞,远程攻击者可能利用这些漏洞非授权操作数据库。 在mainfile.php文件中435行: //Union Tap //Copyright Zhen-Xjell 2004 http://nukecops.com //Beta 3 Code to prevent UNION SQL Injections unset$matches; unset$loc;...

7.7AI score
Exploits0
seebug.org
seebug.org
added 2006/10/25 12:0 a.m.229 views

Mambo A6MamboCredits 1.0 组件远程文件包含漏洞

A6MamboCredits是Mambo中的一个组件,用于在一个集中的页面显示组件的致谢信息。 A6MamboCredits组件在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上有Web进程权限执行任意命令。 模块的administrator/components/coma6mambocredits/admin.a6mambocredits.php脚本没有正确地验证mosConfigabsolutepath参数的输入,允许攻击者可以通过包含本地或外部资源的任意文件导致执行任意代码。成功攻击要求打开了registerglobals。 active6...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/01/16 12:0 a.m.228 views

ISC BIND NSEC3签名域查询处理拒绝服务漏洞

BUGTRAQ ID: 64801 CVECAN ID: CVE-2014-0591 BIND是一个应用非常广泛的DNS协议的实现。 ISC BIND处理对NSEC3签名域的请求时出现错误,这可使恶意用户利用特制的查询,造成INSIST失败类崩溃。成功利用需要主域名服务器至少服务一个NSEC3签名的域。 0 ISC BIND 9.9.x ISC BIND 9.6.x 厂商补丁: ISC --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.isc.org/downloads...

2.6CVSS7.5AI score0.31671EPSS
Exploits1
seebug.org
seebug.org
added 2012/02/09 12:0 a.m.228 views

ISC BIND安全限制绕过漏洞(CVE-2012-1033)

BUGTRAQ ID: 51898 CVE ID: CVE-2012-1033 BIND是一个应用非常广泛的DNS协议实现,由ISC负责维护,具体的开发由Nominum公司完成。 ISC BIND在缓存更新策略的实现上存在无法正确处理废弃域名的安全限制绕过漏洞,可导致从注册表中删除后还可以解析域名。 0 ISC BIND 9.2.x ISC BIND 9.3.x ISC BIND 9.4.x ISC BIND 9.5.x ISC BIND 9.6.x ISC BIND 9.7.x ISC BIND 9.8.x 厂商补丁: ISC ---...

5CVSS8.4AI score0.13538EPSS
Exploits1
seebug.org
seebug.org
added 2008/03/26 12:0 a.m.228 views

ZyXEL ZyWALL Quagga及Zebra进程默认帐号口令漏洞

BUGTRAQ ID: 28184 CVECAN ID: CVE-2008-1160 Zywall是一款由Zyxel开发和维护的硬件防火墙。 Zyxel的Quagga和Zebra路由守护程序访问认证的实现上存在漏洞,远程攻击者可能利用此漏洞获取非授权访问。 即使已经更改了设备的口令,仍没有更改登录到Quagga/Zebra守护程序所需的口令。这些守护程序运行在TCP 2601、2602(Quagga/RIP)和2604(Quagga/OSPF)端口上。攻击者可以使用默认的口令zebra登录到Quagga/Zebra服务,查看并操控设备的路由信息。 ZyWall 1050 ZyXEL...

7.5CVSS6.4AI score0.14761EPSS
Exploits5
seebug.org
seebug.org
added 2006/09/02 12:0 a.m.228 views

TikiWiki &lt;= 1.9 Sirius (jhot.php) Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? printr' -------------------------------------------------------------------------------- TikiWiki = 1.9 Sirius "jhot.php" remote commands execution exploit by rgod [email protected] site: http://retrogod.altervista.org dork...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2018/05/04 12:0 a.m.227 views

TPLINK TLWR740N路由器远程代码执行漏洞(CVE-2017-13772)

INTRODUCTION In October of 2017 we disclosed multiple vulnerabilities in TP-Link’s WR940n router that occurred due to multiple code paths calling strcpy on user controllable unsanitised input CVE-2017-13772 The httpd binary responsible for these vulnerabilities contained patterns of code that...

9CVSS8.9AI score0.52559EPSS
Exploits8
seebug.org
seebug.org
added 2013/06/03 12:0 a.m.227 views

用友致远A6协同管理SQL注射漏洞

简要描述: 用友致远A6协同管理SQL注射漏洞,需登录账户。 详细说明: 注入发生在searchresult.jsp文件中的docTitle参数 http://xxxxxx.com/yyoa/oaSearch/searchresult.jsp?docType=协同信息&docTitle=1'and//1=2// union//all//select//user,2,3,4,5%23&goal=1&perId=0&startTime=&endTime=&keyword=&searchArea=notArc 查询表名: http:// xxxxxx.com...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.226 views

CUPS < 1.3.8-4 - (pstopdf filter) Privilege Escalation Exploit

No description provided by source. / cve-2008-5377.c CUPS 1.3.8-4 pstopdf filter exploit Jon Oberheide [email protected] http://jon.oberheide.org Usage: $ gcc cve-2008-5377.c -o cve-2008-5377.c $ ./cve-2008-5377 $ id uid=0root gid=1000vm ... Information:...

6.9CVSS0.3AI score0.00717EPSS
Exploits7
seebug.org
seebug.org
added 2008/11/11 12:0 a.m.226 views

VMware VirtualCenter目录遍历漏洞

BUGTRAQ ID: 32172 CVECAN ID: CVE-2008-4281 VirtualCenter是VMware的虚拟服务器管理系统。 VirtualCenter中的目录遍历漏洞可能允许拥有Datastore.FileManagement权限的管理员获得提升的权限。 VMWare ESX 3.5 VMWare ESXi 3.5 VMWare ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://download3.vmware.com/software/vi/ESXe350-200810401-O-UG.zip...

9.3CVSS6.4AI score0.0187EPSS
Exploits1
seebug.org
seebug.org
added 2006/09/29 12:0 a.m.226 views

UBB.threads &lt;= 6.5.1.1 (doeditconfig.php) Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? // UBB.threads Multiple input validation error // Discovered By : HACKERS PAL // Copy rights : HACKERS PAL // Website : http://www.soqor.net // Email Address : [email protected] // Tested on Version 6 6.5.1.1 and other...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/18 12:0 a.m.225 views

TRS WCM 文件路径处理不当导致任意文件上传

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/18 12:0 a.m.225 views

NindonCMS /plug/comment/commentList.asp sql注入漏洞

漏洞描述:NindonCMS系统对访问者提交的数据参数过滤不严,导致攻击者可以随时提交构造好的SQL语句查询数据库获取敏感信息。同时,系统默认后台地址也相当容易暴露。漏洞详情:由于NindonCMS系统是基于开源ASPCMS开发,所以如果开发人员在开发过程中不注意,则会导致很多现在已经补上的ASPCMS漏洞在二次开发的CMS系统上重现。这个漏洞源于ASPCMS系统,但是既然是做二次开发,就应该尽力去弥补安全上的不足。其原理很明确:NindonCMS在处理浏览器提交的数据时使用filterPara函数过滤,这个函数接着调用了PreventSqlin和Checkxss两个函数进行字符过滤,P...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/05/24 12:0 a.m.225 views

Coremail邮件系统漏洞无脚本攻击劫持指定用户账号

简要描述: 几个小的问题的组合导致可劫持指定用户账号 详细说明: 测试对象: 使用Coremail邮件系统的某大学邮件系统 测试地址: http://mail..edu.cn 问题描述: 这个问题由几个小问题的组合所导致。 第一个问题: Coremail邮件系统在用户登录成功后,会给用户分配一个32位大小写字母混搭的sid用于用户身份验证。只要用户没有logout,这个sid都不会被销毁且会作为参数出现在用户主界面的URL里,如下图所示。我们一旦获取了sid,就意味着我们可以盗用用户身份去登录用户邮箱。 第二个问题:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/14 12:0 a.m.225 views

用友协作办公平台getshell(特奇葩且通杀)

简要描述: 用友协作办公平台getshell特奇葩且通杀 详细说明: 重复: WooYun: 用友某办公平台通用漏洞getshell漫游内网第一弹 1 漏洞文件 /common/uploadFile.jsp 查看源文件,如图 重点关注这里 "?action=save&savePath=/imageshttps://images.seebug.org/upload/&fileName=14051439450001.jpg" 看见了什么?没错!保存文件的路径 文件名全在这里,是不是觉得特奇葩.. 2 漏洞测试 随便上传一个文件,同时 F12...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/07/15 12:0 a.m.224 views

NETGEAR GS110TPV3未认证命令注入漏洞(CVE-2021-33514)

Summary: Affected Model: NETGEAR GS110TPV3 Smart Managed Pro Switch Firmware Version: V7.0.5.2 from 2021-01-11 NETGEAR GS110TPV3 Smart Managed Pro Switch is vulnerable to a pre-auth shell injection due to incorrect input handling in setup.cgi query parameters. This allows an attacker in the same...

10CVSS0.4AI score0.08798EPSS
Exploits2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.224 views

Jax PHP Scripts 1.0/1.34/2.14/3.31 jax_guestbook.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/07/23 12:0 a.m.224 views

EMC Retrospect客户端retroclient.exe远程内存破坏漏洞

BUGTRAQ ID: 30306 EMC Retrospect是Windows平台下的备份和恢复软件。 Retrospect的retroclient.exe进程默认监听于TCP 497端口。如果向该端口连续发送长度为2064字节内容为0x00的报文的话,在30秒到5分钟后状态框会显示:Client networking not available, or service not running。继续发送报文会导致retroclient.exe进程终止,完全损失备份服务。 EMC Retrospect for Windows Client 7.5.116 EMC ---...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2021/07/12 12:0 a.m.223 views

NETGEAR WAC104身份验证绕过漏洞(CVE-2021-35973)

Summary: Affected Model: NETGEAR WAC104 Dual Band 802.11ac Wireless Access Point Firmware Version: V1.0.4.13 from 2020-09-14 NETGEAR WAC104 Access Point has multiple vulnerabilities which - chained together - allow an attacker in LAN to both change device admin's password, and gain root shell on...

10CVSS10AI score0.03064EPSS
Exploits2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.223 views

MamboLaiThai ExtCalThai 0.9.1 admin_events.php CONFIG_EXT[LANGUAGES_DIR] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/20487/info ExtCalThai is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.223 views

Apache <= 2.0.52 HTTP GET request Denial of Service Exploit

No description provided by source. !/usr/bin/perl Based on - apache-squ1rt.c exploit. Original credit goes to Chintan Trivedi on the FullDisclosure mailing list: http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html More info - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942...

5CVSS0.2AI score0.55105EPSS
Exploits7
seebug.org
seebug.org
added 2016/04/26 12:0 a.m.222 views

feifeicms myaction.class.php 本地文件包含漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/05/28 12:0 a.m.222 views

某图书管管理系统存在SQL注射漏洞又一处

简要描述: 某图书管管理系统存在SQL注射漏洞又一处 详细说明: 北京清大新洋科技有限公司的图书馆集成管理系统 注入点: /opac/qtjsjg.jsp 参数:jsk 案例: http://www.kflib.cn:8089/opac/qtjsjg.jsp http://211.84.229.10:8089/opac/qtjsjg.jsp http://218.241.174.148:8070/opac/qtjsjg.jsp http://211.86.195.15:8086/opac/qtjsjg.jsp http://61.187.55.41:8090/opac/qtjsjg.js...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.222 views

Edgewall Software Trac 0.9 Ticket Query Module SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15676/info Trac is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/12/11 12:0 a.m.222 views

ISC BIND 9 DNS64 REQUIRE断言失败拒绝服务漏洞

BUGTRAQ ID: 56817 CVECAN ID: CVE-2012-5688 BIND是一个应用非常广泛的DNS协议的实现。 ISC BIND 9.8.0及更高版本支持 DNS64 IPv6转换机制,如果启用了dns64配置状态,BIND 9域名服务器在解析特制的请求时,会触发REQUIRE断言失败,造成服务器崩溃。此漏洞可被远程利用,9.8.0之前版本、不启用DNS64时不受此漏洞的影响。 0 ISC BIND 9.9.0-9.9.2 ISC BIND 9.8.0-9.8.4 临时解决方法: 对于启用了DNS64的BIND...

7.8CVSS8.3AI score0.10896EPSS
Exploits1
seebug.org
seebug.org
added 2016/04/18 12:0 a.m.221 views

metinfo 5.3.1 任意文件创建漏洞(后台)

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.221 views

deV!L`z Clanportal Witze Addon 0.9 - SQL Injection Vulnerability

No description provided by source. ======================================================================================== | Title : deV!Lz Clanportal Witze Addon Versions 0.9 SQL Injection Vulnerability | Author : Easy Laster | Download : http://dzcp-zone.de/downloads/?action=show&id=97 | Scrip...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/12/11 12:0 a.m.221 views

Microsoft Windows search-ms协议解析远程代码执行漏洞(MS08-075)

BUGTRAQ ID: 32652 CVECAN ID: CVE-2008-4269 Microsoft Windows是微软发布的非常流行的操作系统。 Windows资源管理器在解析search-ms协议时没有正确地处理参数,如果用户访问了恶意站点并通过特殊方式调用了search-ms协议处理器的话,就可能导致执行任意代码。 Microsoft Windows Vista SP1 Microsoft Windows Vista Microsoft Windows Server 2008 临时解决方法: 在Windows资源管理器中禁用search-ms协议处理程序。 使用交互方法 1...

8.5CVSS6.9AI score0.20516EPSS
Exploits5
seebug.org
seebug.org
added 2016/06/04 12:0 a.m.220 views

海康威视(hikvision) /config/user.xml 信息泄漏

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/12 12:0 a.m.220 views

用友TurboCRM管理系统swfupload.php任意文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/05/19 12:0 a.m.220 views

Coremail XT-3.0 /coremail/XT3/main/intervalCheck.jsp 跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.220 views

SQLiteManager 1.2.4 - Remote PHP Code Injection Vulnerability

No description provided by source. Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit Author: RealGame Vendor Homepage:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2018/07/11 12:0 a.m.219 views

VLC media player 2.2.8 Arbitrary Code Execution PoC(CVE-2018-11529)

Exploit Title: VLC media player 2.2.8 Arbitrary Code Execution PoC Date: 6-6-2018 Exploit Author: Eugene Ng Vendor Homepage: https://www.videolan.org/vlc/index.html Software Link: http://download.videolan.org/pub/videolan/vlc/2.2.8/win64/vlc-2.2.8-win64.exe Version: 2.2.8 Tested on: Windows 10 x6...

0.9AI score0.40612EPSS
Exploits10
seebug.org
seebug.org
added 2017/02/03 12:0 a.m.219 views

Netgear router password disclosure Vulnerability(CVE-2017-5521)

0x01 vulnerability overview NETGEAR is a United States well-known router manufacturers, its products are used worldwide extensively. Recently, foreign security researcher Simon Kenin find NETGEAR router more series there is a password leak Vulnerability, CVE-2017-5521-in. When the router Password...

4.3CVSS8.2AI score0.89294EPSS
Exploits7
seebug.org
seebug.org
added 2016/05/16 12:0 a.m.219 views

贝欧燃气SCADA监控系统 /WitWaterNet/IndexService.asmx/Login SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.219 views

IlohaMail Webmail Stored XSS

No description provided by source. !/usr/bin/python ''' Exploit Title: IlohaMail Webmail Stored XSS. Date: 18/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://sourceforge.net/projects/ilohamail/ Software Link:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/06/17 12:0 a.m.219 views

Discuz CSRF删除群组分类

简要描述: 详细说明: admingroup.php elseif$operation == 'deletetype' //没有验证fromhash导致可以csrf删除 $fid = $GET'fid'; $ajax = $GET'ajax'; $confirmed = $GET'confirmed'; $finished = $GET'finished'; $total = intval$GET'total'; $pp = intval$GET'pp'; $currow = intval$GET'currow'; if$ajax obendclean; requireonce...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/02/25 12:0 a.m.220 views

PostgreSQL远程拒绝服务漏洞

BUGTRAQ ID: 65728 CVECAN ID: CVE-2014-0066 PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20之前版本的chkpass扩展没有检查对crypt的调用结果,经过身份验证的数据库用户可触发此漏洞造成PostgreSQL崩溃。 0 PostgreSQL PostgreSQL 8.x 厂商补丁: PostgreSQL ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

4CVSS0.04682EPSS
Exploits2
seebug.org
seebug.org
added 2009/12/30 12:0 a.m.219 views

Jax Calendar 1.34 Remote Admin Access Exploit

No description provided by source. Exploit Title: Jax Calendar 1.34 Remote Admin Access Exploit Date: December 30th, 2009 Author: Sora Software Link: http://www.jtr.de/scripting/php Version: 1.34 Tested on: Windows Vista and Linux Backtrack 3 ---------------------------- Jax Calendar 1.34 Remote...

7.1AI score
Exploits0
Total number of security vulnerabilities5000