Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2009/12/17 12:0 a.m.95 views

PostgreSQL索引函数会话状态修改本地特权提升漏洞

Bugraq ID: 37333 CVE ID:CVE-2009-4136 PostgreSQL是一款对象关系型数据库管理系统,支持扩展的SQL标准子集。 索引函数中处理会话状态更改存在一个错误,本地攻击者可以利用漏洞提升特权。 PostgreSQL PostgreSQL 8.4.1 PostgreSQL PostgreSQL 8.3.8 PostgreSQL PostgreSQL 8.3.6 PostgreSQL PostgreSQL 8.2.14 PostgreSQL PostgreSQL 8.2.6 PostgreSQL PostgreSQL 8.2.4 PostgreSQL...

6.5CVSS6.7AI score0.03644EPSS
Exploits3
seebug.org
seebug.org
added 2009/01/07 12:0 a.m.95 views

Checkpoint VPN-1 PAT信息泄露漏洞

CVECAN ID: CVE-2008-5849 CheckPoint防火墙/VPN解决方案可为组织提供网络架构和信息安全保护。 对于启用了端口地址翻译(PAT)的CheckPoint VPN-1防火墙,如果远程攻击者向防火墙的18264/tcp端口发送设置有很低TTL值的报文的话,就可以触发ICMPTIMXCEEDINTRANS响应,而响应的封装IP报文中包含有内部IP地址,如下所示: 14:56:25.169480 IP tos 0xe0, ttl 255, id 21407, offset 0, flags none, proto: ICMP 1, length: 68...

5CVSS6.4AI score0.01618EPSS
Exploits2
seebug.org
seebug.org
added 2008/07/31 12:0 a.m.95 views

PozScripts Classified Ads Script (cid) SQL Injection Vulnerability

No description provided by source. || | | Classified Ads cid Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | script :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/07 12:0 a.m.95 views

Xoops iContent模块Spaw_Control.Class.PHP远程文件包含漏洞

Xoops iContent模块是一款基于PHP的WEB应用程序。 Xoops iContent模块不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'SpawControl.Class.PHP'脚本对用户提交的WEB参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Xoops iContent Module 1.0 目前没有解决方案提供: http://mirror.in.th/sourceforge.net/x/xo/xoops...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/04/25 12:0 a.m.95 views

OpenSSH S/Key远程信息泄露漏洞

OpenSSH是一款流行的加密安全shell应用实现。 在使用S/KEY的情况下OpenSSH存在信息泄露问题,远程攻击者可以利用漏洞获得系统帐户的敏感信息。 如果"ChallengeResponseAuthentication"设置为"Yes"默认设置,SH允许用户通过使用'ssh userid:skey at hostname'形式的S/KEY登录,一般的SSH行为如: =============================================================================== alucard $ ssh user at...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/03/19 12:0 a.m.95 views

iFrame for Phpnuke (iframe.php) Remote File Inclusion Vulnerability

No description provided by source. iFRAME for PhpNuke iframe.php Remote File Include Vulnerabilities script :http://www.desarrollonuke.org http://up.9q9q.net/up/index.php?f=uTRRQnIjG file : iframe.php Dork : "/nuke/iframe.php" Found by & Contact : Cold z3ro , [email protected] ,...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/01/04 12:0 a.m.95 views

Durian Web Application Server远程缓冲区溢出漏洞

Durian Web Application Server是一款WEB应用服务程序。 Durian Web Application Server不正确处理畸形请求,远程攻击者可以利用漏洞对应用程序进行拒绝服务或缓冲区溢出攻击。 提交超长请求可导致缓冲区溢出,或者提交畸形请求可显示1000个访问冲突对话框而造成拒绝服务攻击。 Durian Web Application Server 3.02 目前没有解决方案提供: http://sourceforge.net/projects/durian/ //Durian Web Application Server 3.02 freeware f...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/11/10 12:0 a.m.95 views

EncapsCMS 0.3.6 (core/core.php) Remote File Include Vulnerability

No description provided by source. Firewall encapscms 0.3.6 - Remote File Include by Firewall BuG FounD by Firewall Application Affect: encapscms 0.3.6 Sorce Code: http://scripts.ringsworld.com/content-management/encapscms-0.3.6.zip Code: includeonce$root."core/Config.php";...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.94 views

dotCMS 5.2.2 任意文件上传漏洞

...

1AI score
Exploits0
seebug.org
seebug.org
added 2021/03/30 12:0 a.m.94 views

Apache Druid远程代码执行漏洞(CVE-2021-26919)

...

6.5CVSS1AI score0.22588EPSS
Exploits1
seebug.org
seebug.org
added 2021/03/29 12:0 a.m.94 views

AfterLogic 多个安全漏洞(CVE-2021-26292 CVE-2021-26293 CVE-2021-26294)

CVE-2021-26292 - Public Full Path Disclosure on AfterLogic Aurora & WebMail Pro WebDAV EndPoint The severity of the issue: Medium Complexity: Easy Affected Products: AfterLogic Aurora, AfterLogic WebMail PRO Authentication: Not required Attacks: Full Path Disclosure Resources : -...

6.8CVSS8.3AI score0.17345EPSS
Exploits3
seebug.org
seebug.org
added 2017/05/08 12:0 a.m.94 views

Joomla! Core XSS Vulnerability(CVE-2017-7986)

Joomla! is one of the world's most popular content management system CMS solutions. It enables users to build custom Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of November 2016,...

4.3CVSS7AI score0.01333EPSS
Exploits2
seebug.org
seebug.org
added 2017/04/06 12:0 a.m.94 views

Serv-U FTP/MFT Server Unauthenticated Privilege Escalation

Details source: https://www.trustwave.com/Resources/SpiderLabs-Blog/Exploiting-Privilege-Escalation-in-Serv-U-by-SolarWinds/?page=1&year=0&month=0 I was recently working on an external network penetration test where I identified a new vulnerability in a file sharing web application called Serv-U ...

8.1AI score
Exploits0
seebug.org
seebug.org
added 2017/04/02 12:0 a.m.94 views

ASUS B1M projector remote commands execution Vulnerability

We recently obtained a ASUS B1M projector0 and have been exploring its capabilities when we discovered trivial to exploit vulnerabilities. The ASUS B1M features a small Wi-Fi adapter for a direct wireless connection to a notebook PC, or Android and iOS devices. The projector comes with an embedde...

7.6AI score
Exploits0
seebug.org
seebug.org
added 2015/05/29 12:0 a.m.94 views

SkillBase TalentBase /invoker/JMXInvokerServlet 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.94 views

Windows TrackPopupMenu Win32k NULL Pointer Dereference

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/reflectivedllinjection' require 'rex' class Metasploit3 Msf::Exploit::Local Rank =...

7.2CVSS8.3AI score0.87042EPSS
Exploits22
seebug.org
seebug.org
added 2014/10/08 12:0 a.m.94 views

青果软件某系统存在通信敏感信息泄露漏洞

简要描述: 青果软件某系统存在敏感信息泄露 详细说明: 青果软件邮件系统 https://mail.kingosoft.com/ 存在OpenSSL心脏出血漏洞,导致敏感信息泄漏 漏洞证明: Connecting... Sending Client Hello... Waiting for Server Hello... ... received message: type = 22, ver = 0302, length = 66 ... received message: type = 22, ver = 0302, length = 770 ... received message...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.94 views

radnics gold 5.0 - Multiple Vulnerabilities

No description provided by source. -----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.94 views

Adobe ColdFusion APSB13-03 Remote Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'digest/sha1'...

10CVSS0.93797EPSS
Exploits12
seebug.org
seebug.org
added 2012/03/29 12:0 a.m.94 views

nginx 'ngx_cpystrn()'信息泄露漏洞(CVE-2012-1180)

BUGTRAQ ID: 52578 CVE ID: CVE-2012-1180 nginx是一款使用非常广泛的高性能web服务器。 nginx在处理上游服务器的畸形HTTP响应的实现上存在信息泄露漏洞,攻击者可利用此漏洞获取敏感信息。 0 nginx 1.0.9 nginx 1.0.8 nginx 1.0.10 厂商补丁: Igor Sysoev ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://nginx.net/...

5CVSS0.10417EPSS
Exploits1
seebug.org
seebug.org
added 2011/07/10 12:0 a.m.94 views

phpMyAdmin3 (pma3) Remote Code Execution Exploit

No description provided by source. !/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: [email protected] type="text/javascript" / !CDATA / functiontryvar...

7.5CVSS6.6AI score0.12879EPSS
Exploits16
seebug.org
seebug.org
added 2010/09/06 12:0 a.m.95 views

phpwind pw_ajax.php和class_other.php页面远程代码执行漏洞

phpwind较高版本论坛中存在一个严重的漏洞,成功利用该漏洞可以远程执行任意php代码 pwajax.php中的 elseif $action == 'pcdelimg' InitGParray'fieldname','pctype'; InitGParray'tid','id',2; if !$tid || !$id || !$fieldname || !$pctype echo 'fail'; $id = int$id; if $pctype == 'topic' $tablename = GetTopcitable$id; elseif $pctype == 'postcate'...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/10/27 12:0 a.m.94 views

libspf2 DNS TXT记录处理堆溢出漏洞

BUGTRAQ ID: 31881 CVECAN ID: CVE-2008-2469 libspf2是用于实现Sender Policy Framework的库,允许邮件系统检查SPF记录并确认邮件已经过域名授权。 libspf2库的Spfdnsresolv.c文件中的SPFdnsresolvlookup函数存在堆溢出漏洞,如果用户解析了带有特制长度字段的超长DNS TXT记录的话,就可能触发这个溢出,导致执行任意代码。 DNS...

10CVSS6.8AI score0.2225EPSS
Exploits2
seebug.org
seebug.org
added 2008/08/21 12:0 a.m.94 views

Banner Management Script (tr.php id) Remote SQL Injection Vulnerability

No description provided by source. || | | Banner Management Script tr.php id Remote SQL Injection Vulnerability | | |---------------------S.W.A.T.----------------------| | | Author: S.W.A.T. | | Home : www.svvat.ir | | email: svvateamatYahooDoTcom | | | | | | | script :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/05/18 12:0 a.m.94 views

PHP 5 Substr_Count整数溢出漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP 5包含的substrcompare函数存在整数溢出,远程攻击者可以利用漏洞获得PHP变量的敏感信息。 substrcompare函数对输入参数进行2次过滤检查: if offset 0 offset = s1len + offset; offset = offset 0 ? 0 : offset; if offset + len s1len phperrordocrefNULL TSRMLSCC, EWARNING, "The start position cannot exceed ..."; RETURNFALSE;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/04/18 12:0 a.m.94 views

Anthologia 0.5.2 (index.php ads_file) Remote File Inclusion Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- ANTHOLOGIA 0.5.2 -=-=-=-=-=-=-=-=-=-=-=-=-=I=R=A=N=-=-=-=-=-=-=-=-=-=-=-=-=-=- Author : Dj7xpl / Dj7xplatYahoodotcom Type : Remote File Inclusion Vuln Download:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/15 12:0 a.m.94 views

phplive support request.php文件存在SQL注入漏洞以及暴绝对路径漏洞

暂无 php live =3.2.2 无 http://xxx.com/livechat/request.php?l=login&x=1%20and%20select%20count%20from%20mysql.user0/ 表: chatadmin login password ---------------------------------------------------------- 绝对路径 http://xxx.co...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/08 12:0 a.m.94 views

MiMMS媒体流处理远程栈溢出漏洞

MiMMS是一款使用MMS协议下载并保存流媒体的程序。 MiMMS在处理畸形的数据时,远程攻击者可能利用此漏洞在用用户机器上执行任意指令。 MiMMS的getheader和getmediapacket函数在从服务器读取数据时存在栈溢出漏洞。如果用户受骗连接到了恶意的服务器的话,就会触发这个漏洞,导致执行任意代码。 xine xine-lib 1.1.0 xine xine-lib 1.0.1 xine xine-lib 1.0 MiMMS MiMMS 0.0.9 厂商补丁: Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200607-07)以及相应补丁:...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2006/10/25 12:0 a.m.94 views

SourceForge database.php远程文件包含漏洞

SourceForge是用于协助开源软件开发的在线Web应用。 SourceForge在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 SourceForge的 include/database.php 脚本没有对sysdbtype变量数据做充分的检查过滤,远程攻击者可能利用此漏洞使服务器包含远程服务器上的PHP代码执行。 sourceforge SourceForge 1.0.4 我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/08/21 12:0 a.m.94 views

Apache < 1.3.37 2.0.59 2.2.3 (mod_rewrite) Remote Overflow PoC

No description provided by source. !/bin/sh Exploit for Apache modrewrite off-by-one. Vulnerability discovered by Mark Dowd. CVE-2006-3747 by jack jack\x40gulcas\x2Eorg 2006-08-20 Thx to xuso for help me with the shellcode. I suppose that you've the "RewriteRule kung/. $1" rule if not you must...

7.6CVSS9.5AI score0.96436EPSS
Exploits20
seebug.org
seebug.org
added 2021/03/19 12:0 a.m.93 views

MyBB SQL注入漏洞(CVE-2021-27946)

...

6.5CVSS0.9AI score0.04201EPSS
Exploits5
seebug.org
seebug.org
added 2018/01/29 12:0 a.m.93 views

chrome:Persistent UXSS via SchemaRegistry(CVE-2016-1676)

Chrome version: 50.0.2661.75 and still present on current HEAD, 52.0.2713.0 The SchemaRegistry stores extension API schemas in a single v8::Context that lives until the RenderThread =process? is destroyed. Due to vulnerabilities in binding.js, these objects can be intercepted by malicious web...

6.8CVSS8.4AI score0.01534EPSS
Exploits1
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.93 views

MacOS so_pcb type confusion in necp_get_socket_attributes(CVE-2017-13855)

When getsockopt edited; original report said "setsockopt" is called on any socket with level SOLSOCKET and optname SONECPATTRIBUTES, necpgetsocketattributes is invoked. necpgetsocketattributes unconditionally calls sotoinpcbso: errnot necpgetsocketattributesstruct socket so, struct sockopt sopt i...

6.6AI score0.04778EPSS
Exploits3
seebug.org
seebug.org
added 2017/12/04 12:0 a.m.93 views

Linux: mincore() discloses uninitialized kernel heap pages(CVE-2017-16994)

I found the following bug with an AFL-based fuzzer: When walkpagerange is used on a VMHUGETLB VMA, callbacks from the mmwalk structure are only invoked for present pages. However, domincore assumes that it will always get callbacks for all pages in the range passed to walkpagerange, and when this...

2.1CVSS0.9AI score0.02084EPSS
Exploits5
seebug.org
seebug.org
added 2017/09/12 12:0 a.m.93 views

Microsoft Edge Content Security Bypass Vulnerability

Summary An exploitable information leak vulnerability exists in the Content Security Policy enforcement functionality of Microsoft Edge 40.15063.0.0. A specially crafted web page can cause a content security policy bypass resulting in an information leak. An attacker can create a malicious webpag...

5CVSS6.8AI score0.02472EPSS
Exploits1
seebug.org
seebug.org
added 2017/04/06 12:0 a.m.93 views

PHP Server Side Request Forgery Security Bypass Vulnerability(CVE-2017-7272)

For historical reasons, fsockopen accepts the port and hostname separately: fsockopen'127.0.0.1', 80 However, with the introdcution of stream transports in PHP 4.3, it became possible to include the port in the hostname specifier: fsockopen'127.0.0.1:80' Or more formally:...

5.8CVSS7.8AI score0.03514EPSS
Exploits2
seebug.org
seebug.org
added 2016/01/25 12:0 a.m.93 views

远古流媒体系统 POST注入漏洞

username=%27%20and%201%3Dconvert%28int%2C%20CHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%2bdbname%28%29%2bCHAR%28116%29%20%2b%20CHAR%28121%29%20%2b%20CHAR%28113%29%29-- URL:http://xxx.com/VIEWGOOD/ADI/portal/UserDataSync.aspx POST:UserGUID=1' and...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/09 12:0 a.m.93 views

YonYou NC在/nc/servlet/nc.ui.iufo.login.LoginUI存在SQL盲注漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/23 12:0 a.m.93 views

Apache Tomcat examples directory session vulnerabilities

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/08/04 12:0 a.m.93 views

汇文Libsys图书管理系统sql注入

简要描述: 嗯,就是一个注入而已 详细说明: 注入地址: shelf/curriculum.php 参数: type 测试: 1.1.http://202.201.163.2:8080/shelf/curriculum.php?type=name&q=%E8%88%9E%E8%B9%88%E5%AD%A6&submit=%E6%A3%80%E7%B4%A2...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/04/14 12:0 a.m.93 views

安脉学生综合管理系统5处SQL注入漏洞

简要描述: 安脉学生综合管理系统5处SQL注入漏洞 详细说明: 5处利用payload分别如下 /OA/document/DocCheckView.aspx?id=1 and @@version=1 /OA/news/viewAffiche.aspx?id=1 and @@version=1 /Asset/Device/AdminPhoto.aspx?Action=Modify&HouseID=1' and @@version=1-- /Asset/Device/DeviceCancelInfoView.aspx?DeviceCancelID=1' and @@version=1--...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/08 12:0 a.m.93 views

srun3000计费系统 注入漏洞

简要描述: RT 详细说明: 挖得人还是挺多的啊。 SQL:SELECT count FROM user WHERE userloginname='1'' AND userrealname='Smith' error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Smith'' at line 1...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.93 views

F5 BIG-IP Remote Root Authentication Bypass Vulnerability

No description provided by source. Matta Consulting - Matta Advisory https://www.trustmatta.com F5 BIG-IP remote root authentication bypass Vulnerability Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: 11.x 10.x 9.x Date:...

7.8CVSS8.1AI score0.63078EPSS
Exploits15
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.93 views

PunBB <= 1.2.16 - Blind Password Recovery Exploit

No description provided by source. ?php / Original : http://sektioneins.de/advisories/SE-2008-01.txt Thanks to Stefan Esser, here's the exploit. Team : EpiBite firefox, petit-poney, thot Nous tenons a remercier nos mamans et papas respectifs. Let's get a fu coffee ! / // conf define'URL',...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.93 views

NiTrO Web Gallery <= 1.4.3 (section) Remote SQL Injection Vulnerability

Viva IslaM Viva IslaM Remote SQL Injection Vulnerability NiTrO Web Gallery V1.3 - V1.4- V1.41 - 1.42 - V1.43 albums.php section AuTh0r : Mr.SQL H0ME : WwW.PaL-HaCkEr.CoM Email : [email protected] !! SYRIAN HaCkErS !! Script : NiTrO Web Gallery Versions : V1.3 - V1.4- V1.41 - V1.42 - V1.43 Site :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.93 views

Linux Kernel < 3.8.9 - x86_64 perf_swevent_init Local Root Exploit

No description provided by source. / CVE-2013-2094 exploit x8664 Linux 3.8.9 by sorbo [email protected] June 2013 Based on sd's exploit. Supports more targets. / define GNUSOURCE include string.h include stdio.h include unistd.h include stdlib.h include stdint.h include sys/syscall.h include...

7.2CVSS8AI score0.47709EPSS
Exploits15
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.93 views

Java AtomicReferenceArray Type Violation Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

10CVSS0.2AI score0.98237EPSS
Exploits13
seebug.org
seebug.org
added 2014/04/03 12:0 a.m.93 views

phpmps后台任意文件上传

简要描述: 后台没做好过滤,导致任意文件上传 详细说明: 小伙伴说phpmps后台不好拿到shell,就看了下,发现居然存在任意上传 后台\admin\flash.php case 'insert': ifempty$REQUEST'url'show'链接不能为空'; ifempty$FILES'file''name' //仅仅检测是否有上传 show'没有上传图片'; else $name = date'Ymd'; for$i = 0;$i...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/02/25 12:0 a.m.93 views

Python &quot;sock_recvfrom_into()&quot; 缓冲区溢出漏洞

CVECAN ID: CVE-2014-1912 Python是一种面向对象、直译式计算机程序设计语言。 Python 2.7版本的"sockrecvfrominto"函数Modules/socketmodule.c存在边界错误,利用后可造成缓冲区溢出,执行任意代码。 0 Python python 2.7.x 厂商补丁: Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://bugs.python.org/issue20246 !/usr/bin/env python ''' Exploit Title: python...

7.5CVSS7.7AI score0.28319EPSS
Exploits7
seebug.org
seebug.org
added 2013/05/30 12:0 a.m.93 views

Apache Tomcat DIGEST Authentication重放攻击漏洞(CVE-2013-2051)

BUGTRAQ ID: 60187 CVECAN ID: CVE-2013-2051 Apache Tomcat是一个流行的开源JSP应用服务器程序。 Apache Tomcat 7.0.0 - 7.0.30、6.0.0 - 6.0.36、5.5.0 - 5.5.36的DIGEST验证存在重放攻击漏洞,此漏洞源于CVE-2012-5887的不完整修复,可导致绕过某些安全限制,执行未授权操作。 0 Apache Group Tomcat 7.0.0 - 7.0.30 Apache Group Tomcat 6.0.0 - 6.0.36 Apache Group Tomcat 5.5.0 -...

5CVSS7.7AI score0.12098EPSS
Exploits2
Total number of security vulnerabilities5000