Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.78 views

PHP <= 5.3.6 shmop_read() Integer Overflow DoS

No description provided by source. ?php Exploit Title: PHP =5.3.5 Integer Overflow DoS Date: 12-03-11 Author: Jose Carlos Norte - www.rooibo.com Software Link: www.php.net Version: = 5.3.5 Tested on: Ubuntu Linux CVE : CVE-2011-1092 $shmkey = ftokFILE, 't'; $shmid = shmopopen$shmkey, c, 0644, 100...

7.5CVSS0.5AI score0.17881EPSS
Exploits5
seebug.org
seebug.org
added 2012/07/20 12:0 a.m.78 views

Simple Web Server 2.2 rc2 Remote Buffer Overflow Exploit

No description provided by source. !/usr/bin/perl use IO::Socket; Exploit Title: SimpleWebServer 2.2-rc2 - Remote Buffer Overflow Exploit Date: 19/07/2012 Author: mr.pr0n @pr0n Homepage: http://ghostinthelab.wordpress.com/ Software Link: http://www.pmx.it/download/sws-2.2-rc2-i686.exe Version: 2....

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/11/28 12:0 a.m.78 views

TinyMCE / flvPlayer Cross Site Scripting / Disclosure

No description provided by source. I want to warn you about multiple vulnerabilities in TinyMCE and flvPlayer and hundreds of web applications and tens millions of web sites. These are Full path disclosure, Content Spoofing and Cross-Site Scripting vulnerabilities in TinyMCE CS and XSS are in...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/04/09 12:0 a.m.78 views

Linux kernel 2.6.x net/ipv4/tcp_input.c文件释放后使用漏洞

CVE ID: CVE-2010-1188 Linux Kernel是开放源码操作系统Linux所使用的内核 Linux Kernel的net/ipv4/tcpinput.c文件中存在释放后使用漏洞。在对监听套接字设置IPV6RECVPKTINFO时,这个漏洞允许攻击者在套接字仍处于监听状态(TCPLISTEN)期间发送SYN报文导致内核忙碌。...

7.1CVSS0.2AI score0.03307EPSS
Exploits1
seebug.org
seebug.org
added 2009/06/22 12:0 a.m.78 views

多个浏览器HTTPS内容上下文中的HTTP资源安全绕过漏洞

Bugraq ID: 35403 CVE ID:CVE-2009-2065 CVE-2009-2064 CVE-2009-2066 CVE-2009-2067 CNCVE ID:CNCVE-20092065 CNCVE-20092064 CNCVE-20092066 CNCVE-20092067 当页面通过不安全方法对安全内容请求资源进行操作时不正确显示警告,可导致绕过多个WEB浏览器安全限制。 攻击者可以利用这个漏洞进行钓鱼攻击或获得敏感信息。不过要利用此漏洞,攻击者必须截获或控制网络通信,如通过中间人,DNS毒药等攻击。 如下浏览器受此漏洞影响: Microsoft Internet...

6.8CVSS8.6AI score0.04273EPSS
Exploits1
seebug.org
seebug.org
added 2009/05/15 12:0 a.m.78 views

Easy Scripts Answer and Question Script Multiple Vulnerabilities

No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ \ | | \ \ /\ /\ \ \ \ /...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/10/25 12:0 a.m.78 views

perlshop.cgi远程执行任意命令程序

BugCVE: CAN-1999-1374 perlshop.cgi是一个用Perl编写的基于Web的在线购物程序。perlshop.cgi实现上存在输入验证漏洞,远程攻击者可能利用此漏洞在主机上以Web进程的权限执行任意命令。 有问题的代码在这里:open MAIL, |$blatloc - -t $to -s $subject || &errtrap Can t open $blatloc!\n $blatloc定义的是NT下的一个命令行发信程序blat,$to是用户输入的邮件地址,程序中没有过滤“|&”等特殊字符,入侵者可以在邮件地址中插入系统命令。 3.1 临时解决方法:...

5CVSS6.5AI score0.01936EPSS
Exploits1
seebug.org
seebug.org
added 2008/10/25 12:0 a.m.78 views

Count.cgi(wwwcount)远程缓冲区溢出漏洞

BugCVE: CVE-1999-0021 BUGTRAQ: 128 Count.cgi wwwcount是一个非常流行的Web站点跟踪统计CGI程序。一般它作为Web页面点击数统计。1997年10月,这个程序被发现了两个远程漏洞。第一个漏洞比较轻微,它能允许远程用户浏览到受限制的.GIF文件,可能泄漏.GIF文件里潜在的敏感数据。 第二个漏洞比较严重,count.cgi程序在处理QUERYSTRING环境变量的时候存在缓冲区溢出漏洞。远程攻击者可以发送一个超长的请求给程序就能进行溢出攻击,以Web用户的权限在系统执行任意命令。 2.3 Muhammad A. Muquit...

7.5CVSS6.6AI score0.2667EPSS
Exploits1
seebug.org
seebug.org
added 2008/08/12 12:0 a.m.78 views

Apache Tomcat UTF-8目录遍历漏洞

BUGTRAQ ID:30633 CVE ID:CVE-2008-2938 CNCVE ID:CNCVE-20082938 Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。。 Apache Tomcat不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB服务程序上下文查看任意本地文件。 此漏洞发生是由于JAVA处理输入存在问题,如果context.xml或server.xml允许'allowLinking'和'URIencoding'为'UTF-8',攻击者可以以WEB权限获得重要的系统文件内容。 Apache Software Foundation Tomca...

4.3CVSS7.6AI score0.99708EPSS
Exploits22
seebug.org
seebug.org
added 2008/03/14 12:0 a.m.78 views

Microsoft Excel多个远程代码执行漏洞(MS08-014)

BUGTRAQ ID: 28095,28166,28170,27305 CVECAN ID: CVE-2008-0112,CVE-2008-0114,CVE-2008-0117,CVE-2008-0081 Excel是微软Office办公软件家族中的电子表格工具。 Excel导入文件时处理数据的方式、处理Style记录数据的方式、处理条件格式值和处理宏的方式存在多个代码执行漏洞,如果用户受骗打开了恶意的Excel文件,就会触发这些漏洞,导致执行任意指令。 Microsoft Excel Viewer 2003 Microsoft Excel 2003 SP2 Microsoft Exce...

9.3CVSS6.8AI score0.57908EPSS
Exploits10
seebug.org
seebug.org
added 2008/01/26 12:0 a.m.78 views

HFS HTTP File Server多个远程安全漏洞

BUGTRAQ ID: 27423 CVECAN ID: CVE-2008-0405,CVE-2008-0406,CVE-2008-0407,CVE-2008-0408,CVE-2008-0409,CVE-2008-0410 HTTP File Server是用于共享文件的开源HTTP服务器。 HFS没有正确地记录某些输入,用户可以在登陆时伪造用户名将任意内容注入到日志文件中。 HFS没有正确地过滤某些输入便将其返回给了用户,这可能导致在受影响服务器的用户浏览器会话中执行任意HTML和脚本代码。...

10CVSS6.4AI score0.03568EPSS
Exploits11
seebug.org
seebug.org
added 2007/11/17 12:0 a.m.78 views

Apple CFNetwork HTTP空指针引用拒绝服务漏洞

BUGTRAQ ID: 22249 CVECAN ID: CVE-2007-0464 Apple Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X的CFNetwork处理畸形回应数据时存在漏洞,远程攻击者可能利用此漏洞导致客户端崩溃。 CFNetwork是一个Core Services框架,可提供解压网络协议所需的函数库。Mac OS X的CFNetwork没有正确地处理某些HTTP响应,CFNetConnectionWillEnqueueRequests函数可能会引用空指针。如果服务器向使用这个API的客户端发送了特制响应的话,就可以触发这个漏洞,导致拒绝服务的情况。...

5CVSS6.4AI score0.14382EPSS
Exploits3
seebug.org
seebug.org
added 2007/03/26 12:0 a.m.78 views

WarFTP 1.65 (USER) Remote Buffer Overlow Exploit (multiple targets)

No description provided by source. include stdio.h include string.h include winsock.h define VULNSERVER "WAR-FTPD 1.65" define VULNCMD "x55x53x45x52x20" define ZERO 'x00' define NOP 'x90' define VULNBUFF 485...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/03/05 12:0 a.m.78 views

Mani Stats Reader <= 1.2 (ipath) Remote File Include Vulnerability

No description provided by source. Mani Admin Plugin Stats Reader V1.2 rfi : dork:"2006 by www.mani-stats-reader.de.vu" "allinurl:.php?ipath= inurl:"css"" vuln:index.php?ipath=evilshit greetz:RST, LinuxPakistan phpfreaks [email protected]...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/06 12:0 a.m.78 views

Intel PROSet/Wireless软件本地信息泄露漏洞

Intel PROSet/Wireless Software是一款无线网络处理软件。 Intel PROSet/Wireless Software不安全设置共享内存信息,本地攻击者可以利用漏洞获得敏感信息。 问题存在于Intel PROSet/Wireless Software 7.x, 8.x, 9.x, 和10.x PROSet application中,恶意用户可以访问共享内存信息获得WLAN预共享WEP密钥和验证信息,目前没有详细漏洞细节提供。 Intel PRO/Wireless 2100 Network Connection Intel PRO/Wireless 2200BG...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/01/30 12:0 a.m.78 views

xeCMS 1.0.0 RC 2 (cookie) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl xeCMS 1.0.0 RC 2 Remote Command Execution Exploit Copyright c 2006 cijfer cijfer@netti!fi All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to 'http://target.com/dir' cijfer$ greets to JagX $Id: cijfer-xecmsxpl.pl...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/05/13 12:0 a.m.77 views

Open Distro for Elasticsearch SSRF漏洞(CVE-2021-31828)

SSRF in Open Distro for Elasticsearch CVE-2021-31828 Rotem Bar Published on May 11, 2021 7 min read After an interesting adventure, it's now possible to announce a new CVE-2021-31828 which effects Open Distro for ElasticSearch ODFE , versions until 1.12.0.2. Open Distro is a plugin for...

5.5CVSS7.8AI score0.00893EPSS
Exploits1
seebug.org
seebug.org
added 2018/07/09 12:0 a.m.77 views

Full Disclosure of Highly-Manipulatable, tradeTrap-Affected ERC20 Tokens in Multiple Top Exchanges(CVE-2018-11446)

Update: 2018-06-12 The BMB BMB contract 0x0e935e976a47342a4aee5e32ecf2e7b59195e82f is NOT affected by tradeTrap. We sincerely apology for mistakenly listing it as a vulnerable ERC20 token. Quoted from our last blog 1, “publicly tradable ERC-20 tokens have considerable high market value. Various...

7.8AI score0.0089EPSS
Exploits1
seebug.org
seebug.org
added 2018/06/14 12:0 a.m.77 views

Code Injection in Moodle

Moodle is a widely-used open-source e-Learning software with more than 127 million users allowing teachers and students to digitally manage course activities and exchange learning material, often deployed by large universities. In this post we will examine the technical intrinsics of a critical...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2016/05/26 12:0 a.m.77 views

shopnc /circle/index.php groupbuy_order参数 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/23 12:0 a.m.77 views

华夏创新智能加速路由器 /acc/vpn/download.php 任意文件下载

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/20 12:0 a.m.77 views

用友某软件存在通用XXE漏洞

简要描述: 详细说明: 1.民生证券 http://.../uapws/ 抓包 POST /uapws/soapFormat.ajax HTTP/1.1 Host: ... User-Agent: Mozilla/5.0 Windows NT 6.1; rv:43.0 Gecko/20100101 Firefox/43.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/05/19 12:0 a.m.77 views

致远协同OA 3.5 /seeyon/fileUpload.do 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/04/14 12:0 a.m.77 views

安脉学生综合管理系统5处SQL注入漏洞

简要描述: 安脉学生综合管理系统5处SQL注入漏洞 详细说明: 5处利用payload分别如下 /Asset/Device/DeviceLeadInfoView.aspx?LeadID=1 and @@version=1 /Asset/Device/DeviceLeadSearch.aspx?hidsearch=search&outstoreid=1' and @@version=1-- /Asset/Device/DeviceRebuildInfoView.aspx?DeviceRebuildID=1' and @@version=1--...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/04/09 12:0 a.m.77 views

phpems 多处sql注射

简要描述: phpems 多处sql注射 详细说明: 百度搜索: title:PHPEMS无纸化模拟考试系统 ev.cls.php: public function getClientIp if!isset$this-e'ip' if getenv"HTTPCLIENTIP" && strcasecmpgetenv"HTTPCLIENTIP", "unknown" $ip = getenv"HTTPCLIENTIP"; else if getenv"HTTPXFORWARDEDFOR" && strcasecmpgetenv"HTTPXFORWARDEDFOR", "unknown" $...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.77 views

Windows OLE - Remote Code Execution &quot;Sandworm&quot; Exploit (MS14-060)

No description provided by source. !/usr/bin/python Windows OLE RCE Exploit MS14-060 CVE-2014-4114 – Sandworm Author: Mike Czumak Tv3rn1x - @SecuritySift Written: 10/21/2014 Tested Platforms: Windows 7 SP1 w/ exploit script run on Kali Linux You are free to reuse this code in part or in whole wit...

9.3CVSS9.2AI score0.81628EPSS
Exploits22
seebug.org
seebug.org
added 2014/11/12 12:0 a.m.77 views

DouPHP v1.1 /kindeditor/php/file_manager_json.php 备份文件发现漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/14 12:0 a.m.77 views

JEECMS任意命令执行漏洞(涉及大量案例,Administrator权限)

简要描述: JEECMS任意命令执行漏洞(涉及大量案例,Administrator权限) 详细说明: 谷歌搜索:inurl:jeecms/ArtiSearch.do 涉及大量案例 http://www.wwxzfw.gov.cn/jeecms/ArtiSearch.do?count=10&searchKey=a%27+and+1%3D1&chnlId= http://www.cnfamily.com/family/jeecms/ArtiSearch.do?count=10&searchKey=%C1%BD%BB%E1...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

Internet Security Systems ICECap Manager 2.0.23 Default Username and Password

No description provided by source. source: http://www.securityfocus.com/bid/1216/info ICECap Manager is a management console for BlackICE IDS Agents and Sentries. By default, ICECap Manager listens on port 8081, transmits alert messages to another server on port 8082, and has an administrative...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

TP-Link TD-W8951ND - Multiple Vulnerabilities

No description provided by source. ----------- Author: ----------- xistence xistenceat0x90.nl ------------------------- Affected products: ------------------------- Tested on TP-Link TD-W8951ND Firmware 4.0.0 Build 120607 Rel.30923 ------------------------- Affected vendors:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

shop7z 注入漏洞

简要描述: shop7z 注入漏洞 详细说明: Advsearchadmin.asp kindnum=trimrequest"kindnum" pipai=trimrequest"pipai" model=trimrequest"model" productname=trimrequest"productname" price11=trimrequest"price11" price12=trimrequest"price12" price21=trimrequest"price21" price22=trimrequest"price22" if price11="" then...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

Microsoft Internet Explorer SLayoutRun Use-After-Free (MS13-009)

当指定的元素设置white-space属性为pre-line时,IE会通过AllocData2Pos函数分配内存,并通过CTreeDataPos来实例化该内存块。 CTreeDataPos将作为CTreePos,其中保存了CTreePos对应元素(white-space属性为pre-line的元素)的CTreeNode地址,同时将其加入DOM树。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

Java CMM readMabCurveData - Stack Overflow

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' ''' Title : Java CMM readMabCurveData stack overflow Version : Java runtime 6.19 Analysis : http://www.abysssec.com Vendor :...

7.5CVSS0.149EPSS
Exploits9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

Catalog Builder - Ecommerce Software - Blind SQL Injection

No description provided by source. +------------------------------------------------------------------------------------------+ |------- Catalog Builder - Ecommerce Software - Blind SQL Injection Vulnerability -------|...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

Java CMM Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

10CVSS0.5AI score0.85882EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

4images 1.7.9 - Multiple Vulnerabilities

No description provided by source. ================================ Vulnerability ID: HTB22950 Reference: http://www.htbridge.ch/advisory/sqlinjectionin4images.html Product: 4images Vendor: http://www.4homepages.de/ http://www.4homepages.de/ Vulnerable Version: 1.7.9 Vendor Notification: 07 April...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

AfterLogic WebMail Lite PHP 7.0.1 - CSRF Vulnerability

No description provided by source. 1. 2. 3. + Exploit Title : AfterLogic WebMail Lite PHP CSRF 4. + Author : Pablo '7days' Riberio 5. + Team: So Good Security 6. + Other 0days : http://pastebin.com/u/7days 7. + Version : = 7.0.1 8. + Tested on : windows/internet explorer 9. + Details: Reset admin...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

TotalCalendar <= 2.30 (inc) Remote File Include Vulnerability

No description provided by source. Title: TotalCalendar =2.30 - Remote File Include Vulnerability ----------------------------------------------------------------- Vendor: SweetPHP URL: http://sweetphp.com ----------------------------------------------------------------- Credits: Discovered by:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.77 views

WMAPM 3.1 Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8995/info wmapm has been reported prone to a local privilege escalation vulnerability. The vulnerability has been conjectured to result from a lack of relative path usage while the vulnerable dock app is invoking a third...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/06/11 12:0 a.m.77 views

青果教务管理系统管理功能越权

简要描述: 通过浏览器调试模式将管理端已关闭的功能重新开启 详细说明: 系统仅通过样式表禁用系统功能,并未从业务层禁止。 通过开发者模式可以在本地实现修改。 漏洞证明: 1.启动F12开发者模式,定位到被禁用的功能。 2.修改style color样式(如果没有新添加该属性)为任意颜色。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/06/10 12:0 a.m.77 views

SiteServer 3.6.4 /siteserver/cms/console_logSite.aspx SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/04/25 12:0 a.m.77 views

大汉通版cms上传设计缺陷

简要描述: RT 详细说明: WooYun: 大汉jiep信息交换平台某处越权及sql注入 根据wefgod牛的测试站点进行测试得到的。 http://www.dx.gansu.gov.cn/cms/common/filechoose/filedialog.jsp?webappcode=A61&filetype=1&webapppath=freeform&uploadpath=../../../ 具体%00截图没有绕过上传jsp等脚本文件。 但是如果cms在iis下面可以触发iis解析漏洞,所以还是存在威胁的。 漏洞证明: Content-Disposition: form-data;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/02/12 12:0 a.m.77 views

Microsoft Windows Kernel 'Win32k.sys'本地权限提升漏洞(CVE-2013-3881)(MS13-081)

BUGTRAQ ID: 62830 CVECAN ID: CVE-2013-3881 Windows是一款由美国微软公司开发的窗口化操作系统。 Windows内核模式驱动程序处理内存对象时存在本地权限提升漏洞,成功利用后可在内核模式中运行任意代码。 0 Microsoft Windows XP Microsoft Windows Windows Server 2012 Microsoft Windows Windows RT Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 200...

7.2CVSS6.9AI score0.14835EPSS
Exploits7
seebug.org
seebug.org
added 2014/01/03 12:0 a.m.77 views

OpenSSL DTLS中间人攻击多个安全措施绕过漏洞

BUGTRAQ ID: 64618 CVECAN ID: CVE-2013-6450 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 OpenSSL 0.9.8y, 1.0.0-1.0.1e的DTLS中继实现中,摘要及加密上下文的数据结构没有被正确维护,可使中间人攻击者通过干涉数据包传输(相关ssl/d1both.c、ssl/t1enc.c),使用不同的上下文,获取敏感信息。 0 OpenSSL Project OpenSSL 1.0.0 厂商补丁: OpenSSL Project ---------------...

5.8CVSS7.7AI score0.14542EPSS
Exploits1
seebug.org
seebug.org
added 2013/09/06 12:0 a.m.77 views

欧朋浏览器官方网易微博被劫持(社工)

简要描述: 大数据HACK 详细说明: 本来想用大数据的能力搞到欧朋论坛的admin,但是admin没搞到,反而弄到了欧朋的网易微博,从而可以发布欺骗或者危害的信息 怎么开始的? 首先我是查看了http://bbs.oupeng.com/home.php?mod=space&username=admin的信息,发现她的名字有点特别,于是,我就利用大数据的能力,获得了Csineneo用户的密码信息等 [email protected] loveyou...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/06/11 12:0 a.m.77 views

F5 BIG-IP remote root authentication bypass Vulnerability(CVE-2012-1493)

No description provided by source. Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: F5 BigIP 11.x F5 BigIP 10.x F5 BigIP 9.x Date: 2012-February-16 Security risk: High Vulnerability: F5 BIG-IP remote root authentication bypass...

7.8CVSS8.1AI score0.63078EPSS
Exploits15
seebug.org
seebug.org
added 2012/02/28 12:0 a.m.77 views

Samba 'AndX'请求堆缓冲区溢出漏洞(CVE-2012-0870)

No description provided by source...

7.9CVSS0.6AI score0.06499EPSS
Exploits1
seebug.org
seebug.org
added 2011/10/27 12:0 a.m.77 views

IBM WebSphere ILOG Rule Team Server未明跨站脚本漏洞

Bugtraq ID: 50368 IBM WebSphere ILOG是一款业务规则管理系统。IBM WebSphere ILOG Rule Team Server是一个基于Web的规则管理和授权环境,它允许业务用户查看、创建和修改规则。 IBM WebSphere ILOG Rule Team Server content/error.jsp存在一个未明跨站脚本漏洞,允许攻击者构建恶意链接,诱使用户解析,可获得敏感信息或劫持用户会话。 IBM WebSphere ILOG Rule Team Server 7.1.1 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2011/08/22 12:0 a.m.77 views

Smarty3远程代码执行漏洞

Smarty是PHP下广泛使用的前端模板框架。但由于Smarty3引入了新的特性,导致在某些情况下,可以利用特性组合直接远程执行任意代码。 由于Smarty3中引入了两个特性: 1、如果display,fetch等方法的模板路径参数接受到的模板文件名是以“string:”或者“eval:”开头的,smarty3就会将此后的字符串值作为模板文件内容,重新编译并执行之。参考连接:http://www.smarty.net/docs/en/template.resources.tpltemplates.from.string...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/07/07 12:0 a.m.77 views

phpMyAdmin 3.x 多个安全漏洞

CVE ID: CVE-2011-2505,CVE-2011-2506,CVE-2011-2507,CVE-2011-2508 phpMyAdmin是用PHP编写的工具,用于通过WEB管理MySQL。 phpMyAdmin在实现上存在多个漏洞,可被恶意用户利用泄露敏感信息并控制受影响系统。 1)libraries/auth/swekey/swekey.auth.lib.php中的"Swekeylogin"函数中存在错误,可被利用覆盖会话变量并注入和执行任意PHP代码;...

7.5CVSS6.6AI score0.12879EPSS
Exploits18
Total number of security vulnerabilities5000