Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2016/03/11 12:0 a.m.160 views

狼邦内容管理系统(LBCMS) V8.0 /Webwsfw/bssh/?subsite SQL注入漏洞

0x01 框架介绍 LBCMS是贵州狼邦科技有限公司自主开发的一套CMS,中文软件名称为: 狼邦内容管理系统,版本目前是V8.0,开发语言: ASP.NET 4.0,数据库: SQL2005, 运行环境: Windows2003/NT系统+IIS6.0 ,主要应用于贵州或其它地区的政府、学校、企事业单位、个人网站建设。 官方主页: http://langbang.net/ 0x02 漏洞细节 LBCMS存在一处SQL报错注入漏洞: /Webwsfw/bssh/?subsite=1 SQLMAP: 0x03 修复方案 1、过滤漏洞文件参数 2、使用加速乐等防护产品...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/01/17 12:0 a.m.160 views

拓尔思某系统越权操作大集合及GETSHELL

简要描述: 老版本 和 二次开发的貌似部分不受影响... 安全无止境! 详细说明: / 说明: Copyright ©2004 - 2006 TRS 不受影响 Copyright ©2004 - 2008 TRS 不受影响 以及部分二次开发的不受影响 -------------------------------------- 越权可查看用户信息,几个案例用户加加都有上百万了 / 程序名称:TRS身份服务器单点登录系统 漏洞类型:越权操作 & 任意文件上传GETSHELL 漏洞文件: 越权操作的(多少个点我也没数,反正就那么多):...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.160 views

W-Agora 4.2.1 search.php search_user Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23057/info w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.160 views

Mercury/32 <= 4.01b - LOGIN Buffer Overflow

No description provided by source. $Id: mercurylogin.rb 9583 2010-06-22 19:11:05Z todb $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/06 12:0 a.m.160 views

BEESCMS 3.4 order_save.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/02/25 12:0 a.m.160 views

PostgreSQL 'make check' 本地权限提升漏洞

BUGTRAQ ID: 65721 CVECAN ID: CVE-2014-0067 PostgreSQL是一款高级对象-关系型数据库管理系统,支持扩展的SQL标准子集。 PostgreSQL 9.3.3, 9.2.7, 9.1.12, 9.0.16, 8.4.20之前版本通过"make check"在构造树内运行回归测试时,服务器进程允许同一台机器上的用户作为超级用户登录,另外一个本地用户也可以获取操作系统用户的权限。 0 PostgreSQL PostgreSQL 8.x 厂商补丁: PostgreSQL ----------...

4.6CVSS0.3AI score0.00484EPSS
Exploits1
seebug.org
seebug.org
added 2011/07/22 12:0 a.m.160 views

Joomla Component mod_spo SQL Injection Vulnerability

No description provided by source. Exploit Title: Simple Page Option LFI Google Dork: inurl:modspo Date: 15/07/2011 Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/modspo1.5.16.zip Version: 1.5.x Tested on: Backtrack...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/03/23 12:0 a.m.160 views

Apache 2.2.x子请求处理信息泄露漏洞

BUGTRAQ ID: 38580 CVECAN ID: CVE-2010-0434 Apache HTTP Server是一款流行的Web服务器。 在使用多线程MPM时,Apache HTTP Server的server/protocol.c文件中的apreadrequest函数没有正确地处理子请求,可能允许远程攻击者从其他线程所处理的请求中读取敏感信息。 Apache Group Apache 2.2.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

4.3CVSS8.6AI score0.18443EPSS
Exploits2
seebug.org
seebug.org
added 2009/12/16 12:0 a.m.160 views

Tomcat自带示例hello.jsp存在XSS跨站脚本漏洞

存在漏洞版本: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.23 Tomcat 6.0.0 to 6.0.10 漏洞描述: Tomcat 是一个服务端应用。其存在由于用户的非正常输入导致的危险. 远程的用户可以执行跨站脚本攻击. 远程的用户也可以植入 html 来挂马 webSPELL中自带的/sample/web/hello.jsp示例程序存在跨站脚本攻击漏洞,远程攻击者注入任意web脚本或HTML可以借助test参数执行任意的js代码。...

7AI score
Exploits0
seebug.org
seebug.org
added 2018/03/15 12:0 a.m.159 views

Chromium: Read-only SharedMemory descriptors on Android are writable(CVE-2018-6057)

VULNERABILITY DETAILS The base::SharedMemory class represents a shared memory resource that processes can map into their virtual address space. As shared memory mechanisms differ across operating systems, specialised implementations exist for each OS. In Android's case, the implementation is...

8.5AI score0.01483EPSS
Exploits1
seebug.org
seebug.org
added 2017/09/06 12:0 a.m.159 views

Apache Struts2 S2-052 (CVE-2017-9805)

In this post I'll describe how I customized a standard lgtm query to find a remote code execution vulnerability in Apache Struts. A more general announcement about this vulnerability can be found here. It has been assigned CVE-2017-9805, a security bulletin can be found here on the Struts website...

6.8CVSS9AI score0.99461EPSS
Exploits23
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.159 views

joomla component joom12pic 1.0 - Remote File Inclusion Vulnerability

No description provided by source. Joom!12Pic Component RFI Bug in : /administrator/components/comjoom12pic/admin.joom12pic.php?mosConfiglivesite= Variable : $mosConfiglivesite Dork: comjoom12pic Example:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/10/26 12:0 a.m.159 views

jetty 6.x - 7.x xss information disclosure injection

No description provided by source. Jetty 6.x and 7.x Multiple Vulnerabilities Name Multiple Vulnerabilities in Jetty Systems Affected Jetty 7.0.0 and earlier versions Severity Medium Impact CVSSv2 Medium 5/10, vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Vendor http://www.mortbay.org/jetty/ Advisory...

5CVSS7.7AI score0.17413EPSS
Exploits8
seebug.org
seebug.org
added 2007/04/15 12:0 a.m.159 views

PHPBB Mutant Mutant_Functions.PHP远程文件包含漏洞

PHPBB Mutant是一款基于PHP的WEB应用程序。 PHPBB Mutant不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'MutantFunctions.PHP'脚本对用户提交的WEB参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Mutant Mutant 0.9.2 Mutant Mutant 0.9.1 目前没有解决方案提供: http://sourceforge.net/projects/phpbb22-mutant/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/04/16 12:0 a.m.158 views

eyouCMS RCE漏洞

...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2017/12/01 12:0 a.m.158 views

macOS High Sierra - Root Privilege Escalation (CVE-2017-13872)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mac OS X Root Privilege Escalation', 'Description' = %q This module exploits a serious flaw in MacOSX High Sierra. Any user can login with user...

9.3CVSS7.9AI score0.36886EPSS
Exploits6
seebug.org
seebug.org
added 2017/05/26 12:0 a.m.158 views

Code Injection through DLL Sideloading in 64bit Oracle Java(CVE-2017-3511)

This blog post is about a DLL sideloading vulnerability in the 64bit Windows version of Oracle Java. It allows any local user to inject code in Java processes of other users. At the time of writing it has been verified with the latest stable 64bit Java version 1.8.0101 on both a fully patched...

3.7CVSS8AI score0.00759EPSS
Exploits2
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.158 views

Wordpress 4.5.1 Remote Command Execute

来源 http://ricterz.me/,格式稍作整理 ImageMagick ImageMagick 昨天曝出 CVE-2016-3714,Java、PHP 的库也受其影响可参考 https://www.seebug.org/vuldb/ssvid-91446 。其中 PHP 的库 Imagick 应用广泛,波及也大。Wordpress 也就是受此漏洞影响出现了 RCE。 这个漏洞很蠢,ImageMagick 在 MagickCore/constitute.c 的 ReadImage 函数中解析图片,如果图片地址是https://开头的,即调用 InvokeDelegate。...

10CVSS8.6AI score0.97485EPSS
Exploits11
seebug.org
seebug.org
added 2012/04/10 12:0 a.m.158 views

OpenCart 1.x 任意文件上传执行漏洞

OpenCart是基于PHP开发的开源在线购物车系统 admin/controller/catalog/download.php脚本没有正确校验上传文件,通过上传附加".jpg"文件扩展的PHP文件,可成功绕过验证,并以WEB权限执行 0 OpenCart 1.x 厂商解决方案 目前没有详细解决方案提供: http://www.opencart.com/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/11/26 12:0 a.m.158 views

PHP-Fusion messages.php模块SQL注入漏洞

BUGTRAQ ID: 32388 PHP-Fusion是一款基于PHP的内容管理系统。 当sendmessage设置为Send的时候,PHP-Fusion的messages.php文件中没有正确地验证对subject参数的输入便在SQL查询中使用,这允许远程攻击者通过提交恶意请求执行SQL注入攻击。 PHP-Fusion 7.00.1 PHP-Fusion ---------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://sourceforge.net/projects/php-fusion/ ?php...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.157 views

Unreal Tournament Remote Buffer Overflow Exploit (SEH)

No description provided by source. Unreal Tournament Remote Buffer Overflow Exploit SEH Windows Discovered by: Luigi Auriemma http://aluigi.altervista.org/adv/unsecure-adv.txt Coded By: Fulcrum 08/02/2011 Patch: http://www.unrealadmin.org/forums/showthread.php?t=15616 Vulnerable: all ut99 servers...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.157 views

BSD/OS 2.1/3.0,Larry Wall Perl 5.0 03,RedHat 4.0/4.1,SGI Freeware 1.0/2.0 suidperl Overflow(1)

No description provided by source. source: http://www.securityfocus.com/bid/708/info Several buffer overflows were found in the Perl helper application 'suidperl' or 'sperl'. When this program is installed setuid root the overflows may lead to a local root compromise. !/usr/bin/perl yes, this...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/12/05 12:0 a.m.157 views

VMware虚拟硬件内存破坏漏洞

BUGTRAQ ID: 32597 CVECAN ID: CVE-2008-4917 VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 如果guest操作系统向虚拟的硬件发送了恶意请求的话,就可能触发内存破坏,导致虚拟硬件写入非受控的物理内存区域。成功利用这个漏洞的攻击者可以完全控制HOST系统或导致拒绝服务。 VMWare Workstation 6.0.x VMWare Workstation 5.x VMWare ACE 2.0.x VMWare ACE 1.x VMWare Player 2.0.x VMWare Play...

7.2CVSS6.6AI score0.00462EPSS
Exploits1
seebug.org
seebug.org
added 2006/12/06 12:0 a.m.157 views

Coppermine Photo Gallery Theme.PHP远程文件包含漏洞

Coppermine Photo Gallery是一款基于PHP的图片管理程序。 Coppermine Photo Gallery不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'theme.php'脚本对用户提交的"THEMEDIR"参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Coppermine Photo Gallery 1.2.2 b-Nuke http://coppermine-gallery.net/index.php...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/06/17 12:0 a.m.156 views

Windows Print Spooler权限提升漏洞(CVE-2021-1675)

...

9.3CVSS2.1AI score0.86132EPSS
Exploits63
seebug.org
seebug.org
added 2016/04/26 12:0 a.m.156 views

Struts2 方法调用远程代码执行漏洞(S2-032)

内容来源:绿盟科技博客 0x00 漏洞简述 2016年4月21日Struts2官方发布两个CVE,其中CVE-2016-3081官方评级为高。主要原因为在用户开启动态方法调用的情况下,会被攻击者实现远程代码执行攻击。从我自己搜索的情况来看,国内开启这个功能的网站不在少数,所以这个“Possible Remote Code Execution”漏洞的被打的可能性还是很高的。 0x01 漏洞原理 直接进行版本比对,我们可以看到针对这个问题,只对DefaultActionMapper.java这个文件进行了修改,修改内容如下:...

9.3CVSS8.8AI score0.9373EPSS
Exploits12
seebug.org
seebug.org
added 2014/09/18 12:0 a.m.156 views

Resin Application Server 4.0.36 代码泄露漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.156 views

yappa-ng <= 2.3.1 (admin_modules) Remote File Include Vulnerability

No description provided by source. ============================================================================================== yappa-ng = v2.3.1 adminmodules Remote File Inclusion Exploit =============================================================================================== Critical...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.156 views

Energizer DUO Trojan Code Execution

No description provided by source. $Id: energizerduopayload.rb 10389 2010-09-20 04:38:13Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/03/28 12:0 a.m.156 views

ASPCMS 2.2.9 /admin_aspcms/_content/_Tag/AspCms_TagFun.asp SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/02/26 12:0 a.m.156 views

MDPro My_eGallery模块pid参数SQL注入漏洞

BUGTRAQ ID: 33871 CVECAN ID: CVE-2009-0728 MDPro是一款开放源码的内容管理系统。 MDPro的index.php文件没有正确地过滤对pid参数的输入参数,如果module设置为MyeGallery且do设置为showpic,远程攻击者就可以通过提交恶意请求执行SQL注入攻击。 MAXdev MyeGallery 3.1.1g 厂商补丁: MAXdev ------ 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

7.5CVSS6.5AI score0.0095EPSS
Exploits2
seebug.org
seebug.org
added 2008/01/08 12:0 a.m.156 views

Jetty双斜线URI处理信息泄露漏洞

BUGTRAQ ID: 27117 Jetty是一款流行的Java Web服务器。 Jetty处理用户请求时存在漏洞,远程攻击者可能利用此漏洞绕过访问验证获取敏感信息。 如果未经认证的远程攻击者向Jetty服务器提交了包含有两个斜线字符(/)的特制URI请求的话,就可以查看隐藏的或保密的文件和目录。 Jetty Jetty 6.1.6 Jetty Jetty 6.1.5 Jetty ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://docs.codehaus.org/display/JETTY/Downloading+and+Installin...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/03/21 12:0 a.m.156 views

Asterisk SIP Invite消息远程拒绝服务漏洞

Asterisk是一个开放源代码的软件VoIP PBX系统。 Asterisk处理INVITE消息存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 发送畸形的INVITE消息可导致应用程序崩溃,匿名INVITE的SDP包含2个连接头,第一个必须是合法,而第二个头数据使用非法数据,这里的IP地址必须非法,呼叫者不需要合法用户或者dialplan中的用户。asterisk设置为不允许匿名调用,合法用户和密码必须知道。 Asterisk Asterisk 1.4.1 Asterisk Asterisk 1.2.16 Asterisk Asterisk 1.2.15 Asterisk...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/12/18 12:0 a.m.155 views

Command injection vulnerability in Net::FTP(CVE-2017-17405)

There is a command injection vulnerability in Net::FTP bundled with Ruby. This vulnerability has been assigned the CVE identifier CVE-2017-17405. Details Net::FTPget, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernelopen to open a local file. If the localfile argument...

9.4AI score0.73927EPSS
Exploits5
seebug.org
seebug.org
added 2017/11/20 12:0 a.m.155 views

AppCMS 一处SSRF漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/10/27 12:0 a.m.155 views

WordPress Plugin KBoard /wp-content/plugins/kboard/board.php parameters keyword XSS vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/10 12:0 a.m.155 views

Linux 内核通过 BPF 系统调用提权漏洞

漏洞概要 4 月 27 日有安全研究人员在 bugs.chromium.org 站点提交了本地提权高 危漏洞。 Linux 内核版本大于等于 4.4 时,当内核编译了 CONFIGBPFSYSCALL 并 且 sysctl 中的 kernel.unprivilegedbpfdisabled 没有明确设置为 1 时,无特 权的代码可以使用 bpf 系统调用加载 eBPF socket 过滤程序,从而达到系统提 权的⺫的,而前面的两个条件在最新的 Linux 发行版 Ubuntu 16.04 桌面版和 服务器版本均满足,经过测试 Kali Rolling 发行版 内核 4.4.0...

7AI score
Exploits0
seebug.org
seebug.org
added 2016/04/19 12:0 a.m.155 views

用友某系统多处注入漏洞打包

简要描述: wooyun搜了一下,没有人提,来一发。 详细说明: 首先,该接口是无需权限访问的。 已http://.../bugs/wooyun-2010-0178322为例: ...:8080/uapws/service/nc.itf.bd.crm.ICurrtypeExportToCrmService?wsdl ...:8080/uapws/service/nc.itf.bd.crm.IInvbasdocExportToCrmService?wsdl ...:8080/uapws/service/nc.itf.bd.crm.IMeasdocExportToCrmService?wsd...

7AI score
Exploits0
seebug.org
seebug.org
added 2015/07/02 12:0 a.m.155 views

Linux glibc 缓冲区溢出 (幽灵(Ghost))

近日国外安全研究人员披露一个在 Linux Glibc 库上发现的严重的安全问题,它可以让攻击者在本地或者远程获取操作系统的控制权限,编号为CVE-2015-0235,命名为幽灵(GHOST)漏洞。什么是GHOST?为什么命名为GHOST?漏洞最早起源于:The first vulnerable version of the GNU C Library is glibc-2.2, released on November 10, 2000.“During a code audit performed internally at Qualys, we discovered a buffer...

10CVSS7.5AI score0.94859EPSS
Exploits29
seebug.org
seebug.org
added 2014/07/10 12:0 a.m.155 views

maccms 8 /index.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.155 views

Debian 2.1,Linux kernel 2.0.x,RedHat 5.2 Packet Length with Options Vulnerability

No description provided by source. / source: http://www.securityfocus.com/bid/870/info Debian 2.1,Linux kernel 2.0.34/2.0.35/2.0.36/2.0.37/2.0.38,RedHat 5.2 i386 Packet Length with Options Vulnerability A vulnerability in the Linux kernel's TCP/IP allows local users to crash, hang or corrupt the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.155 views

PHP CGI Argument Injection

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit...

7.5CVSS0.5AI score0.99998EPSS
Exploits42
seebug.org
seebug.org
added 2014/02/25 12:0 a.m.155 views

Apple多个产品SSL/TLS处理验证绕过漏洞

CVE ID:CVE-2014-1266 Apple iOS是一款运行在苹果iPhone和iPod touch设备上的最新的操作系统。Apple TV是苹果可以让PC和iPod中的相片,视频和音乐无线传输到电视之中高清晰度播出。Apple Mac OS X是一款苹果公司开发的操作系统。 Apple多个产品数据安全组件中安全传送特征中的SSLVerifySignedServerKeyExchange函数libsecurityssl/lib/sslKeyExchange.c存在安全漏洞,由于没有正确检查TLS Server Key...

5.8CVSS6.4AI score0.05715EPSS
Exploits6
seebug.org
seebug.org
added 2013/12/13 12:0 a.m.155 views

Zimbra邮件系统文件包含漏洞

CVE ID:CVE-2013-7091 Zimbra是一家提供专业的电子邮件软件开发供应商其产品在全球大型企业有广泛应用。 Zimbra文件包含漏洞存在于/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz中,利用该漏洞攻击者可以查看本地配置文件localconfig.xml的信息,包括LDAP协议授权的根目录,可以通过窃取的LDAP信任请求/service/admin/soap API,创建具有管理员权限的用户,从而获得管理控制权。 0 Zimbra 2013 厂商补丁: Zimbra...

5CVSS9.2AI score0.86196EPSS
Exploits7
seebug.org
seebug.org
added 2012/06/04 12:0 a.m.155 views

IBM WebSphere Application 7.0.0.23 Snoop Servlet信息泄露漏洞

Bugtraq ID: 53755 CVE ID:CVE-2012-2170 IBM WebSphere Application Server WAS是由IBM遵照开放标准,例如Java EE, XML 还有Web Services,开发并发行的一种应用服务器。与其兼容的Web服务器包括:Apache HTTP Server,Netscape Enterprise Server,Microsoft Internet Information Services IIS以及IBM HTTP Server。 WAS 6.1、7.0、8.0在启用了默认Application Snoop...

4.3CVSS9AI score0.02394EPSS
Exploits1
seebug.org
seebug.org
added 2009/12/02 12:0 a.m.155 views

Kide Shoutbox v0.4.6 XSS &amp; AXFR

No description provided by source. andresg888 Web: : www.ilegalintrusion.nethttp://www.ilegalintrusion.net & www.bl4ck-p0rtal.orghttp://www.bl4ck-p0rtal.org Exploit : Go to the shoutbox and type: font color="red"red text/font or marqueehi/marquee or 3xplo!t :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/04/15 12:0 a.m.155 views

Coppermine Photo Gallery upload.php文件SQL注入漏洞

BUGTRAQ ID: 28766 Coppermine是用PHP编写的多用途集成web图形库脚本。 Coppermine的upload.php文件处理用户请求数据时存在输入验证漏洞,远程攻击者可能利用此漏洞执行SQL注入攻击。 在执行URI/URL上传时Coppermine的upload.php文件没有正确地过滤远程HTTP服务器的MIME媒体类型输入,这允许远程攻击者通过操控SQL查询请求执行SQL注入攻击。 Coppermine Photo Gallery 1.4.16 临时解决方法: 在upload.php文件中找到以下行: else // We will try to get...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2016/05/24 12:0 a.m.154 views

V2视频会议系统命令执行漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/22 12:0 a.m.154 views

中国移动和路由 Telnet 漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.154 views

DotNetNuke DNNspot Store 3.0.0 Arbitary File Upload

No description provided by source. Exploit Title: DotNetNuke DNNspot Store UploadifyHandler.ashx = 3.0.0 Arbitary File Upload Date: 23/01/2014 Author: Glafkos Charalambous Version: 3.0.0 Vendor: DNNspot Vendor URL: https://www.dnnspot.com Google Dork: inurl:/DesktopModules/DNNspot-Store/ root@kal...

7.1AI score
Exploits0
Total number of security vulnerabilities5000