Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2017/10/20 12:0 a.m.75 views

Ruby pack_pack Use After Free Vulnerability(CVE-2016-2338)

DESCRIPTION An exploitable User After Free vulnerability exists in the packpack function of Ruby. In packpack function each element of array which should be "pack", based on template string is converted to binary representation in proper way. If element is not compatible with corresponding to him...

7.6CVSS9.4AI score0.04644EPSS
Exploits3
seebug.org
seebug.org
added 2017/09/11 12:0 a.m.75 views

FineCMS_5.0.10_XSS#4

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/04/07 12:0 a.m.75 views

iOS/macOS Remote code execution triggered by malformed GIF in ImageIO framework(CVE-2017-2416)

ImageIO Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved input validation. CVE-2017-2416:...

6.8CVSS9AI score0.01784EPSS
Exploits1
seebug.org
seebug.org
added 2017/03/20 12:0 a.m.75 views

OnePlus 3/3T OxygenOS Unauthorized Boot Mode Changing (CVE-2017-5623)

Summary A physical attacker or one with authorized-ADB access, e.g. PC malware can change the ‘boot mode’ of a locked OnePlus 3/3T device, by rebooting into fastboot and issuing the fastboot oem bootmode rf/wlan/ftm/normal command. The vulnerability may allow the attacker to elevate his privilege...

7.2CVSS6.4AI score0.00374EPSS
Exploits4
seebug.org
seebug.org
added 2016/05/09 12:0 a.m.75 views

Ezoffice jmx-console 弱口令漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/02/17 12:0 a.m.75 views

TurboMail 设计缺陷以及默认配置导致的邮件信息泄露/权限逃脱/SQL注射

简要描述: 三连击,官网中招。 详细说明: TurboMail在安装完毕之后会有多个应用打开端口监听数据,其中有一个叫做TurboStore是用于存储邮件信息的的核心组件。 TurboStore打开的端口是9668 在/conf/server.xml中的配置如下: TRUE 15 30 30 60 admin YWRtaW4zMjE=3D all 9668 FALSE 从上面可以看到TurboStore需要登录,而用户名密码默认分别为admin/admin321,使用telnet登录如下: telnet ... 9668 login admin admin321 quit img...

7AI score
Exploits0
seebug.org
seebug.org
added 2015/11/18 12:0 a.m.75 views

libpng png_set_PLTE()和png_get_PLTE()缓冲区溢出漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/22 12:0 a.m.75 views

用友某系统从弱口令到sql注射到getshell

简要描述: 弱口令、sql注射、getshell 详细说明: 系统地址: http://vip.ufida.com.cn/Frame/Index.aspx 弱口令帐号:adminnc 密码:adminnc 在自助查询处,发现注入(需要登录,注意cookie有时效) GET http://vip.ufida.com.cn/RepositorySearchInfo/DoctInfo.aspx?ReposID=38d4a08e-8b79-4de7-8566-30aecfb1d56f HTTP/1.1 Accept: text/html, application/xhtml+xml, /...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/07/15 12:0 a.m.75 views

清大新洋图书馆书目检索系统通用SQL注入漏洞#2

简要描述: 通用SQL注入漏洞2 清大新洋官网:http://www.infosea.com.cn 详细说明: 图书馆书目检索系统 注入点:/opac/dzjgjsjg.jsp POSTqsrq=&jsrq=&ssxx= 漏洞证明: 通用漏洞,下面给出多个案例进行证明: 案例①:http://...:8089/opac/dzjgjsjg.jsp 案例②:.../opac/dzjgjsjg.jsp 案例③:...:8088/opac/dzjgjsjg.jsp 案例④:...:8088/opac/dzjgjsjg.jsp 案例⑤:...:8089/opac/dzjgjsjg.jsp img...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/05/15 12:0 a.m.75 views

PHPMyWind 5.2 /4g.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/03/24 12:0 a.m.75 views

某通用型建站系统SQL注射之四

简要描述: 某通用型建站系统SQL注射之四 详细说明: 某通用型建站系统SQL注射之四。 源码:XYCMS教育培训机构网站源码 v5.1 http://down.chinaz.com/soft/30486.htm 注入点:dirurl.asp?id= 可谷歌搜索:inurl:dirurl.asp?id= 实例证明: http://www.nbjbtsyey.com/dirurl.asp?id=12 http://www.zhusiarts.com/dirurl.asp?id=21 http://www.jd19s.com/dirurl.asp?id=23...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/01/23 12:0 a.m.75 views

phpdisk Z-core网赚版子程序过滤不严,导致可删除文件.

简要描述: phpdisk Z-core网赚版下载子程序sub过滤不严,导致可删除任意文件. 详细说明: 我们先来看子程序中phpdiskdelprocess.php这个文件相关代码。 parsestrpdencode$str,'DECODE'; 这里直接把传进来的值,解析到变量中了。但是被加密了,看似不可利用,其实不然。我们再来看dl.php。这个是最后下载页。 parsestrpdencodebase64decoderawurldecode$str,'DECODE';...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

Dropbear SSH <= 0.34 Remote Root Exploit

No description provided by source. / Linux x86 Dropbear SSH = 0.34 remote root exploit coded by live You'll need a hacked ssh client to try this out. I included a patch to openssh-3.6.p1 somewhere below this comment. The point is: the buffer being exploited is too small25 bytes to hold our...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

PNphpBB2 <= 1.2g - (phpbb_root_path) Remote File Include Vulnerability

No description provided by source. Yeah, another ZeroDay Smile Vendor: http://www.pnphpbb.com/ Vulnerable File: includes/functionsadmin.php Vulnerable Code: //The phpbbrootpath isn't initialize includeonce $phpbbrootpath . 'includes/functions.' . $phpEx ; Method To Use:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

vSpin Classified System 2004 cat.asp catname Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

WMAPM 3.1 Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8995/info wmapm has been reported prone to a local privilege escalation vulnerability. The vulnerability has been conjectured to result from a lack of relative path usage while the vulnerable dock app is invoking a third...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

MS14-009 .NET Deployment Service IE Sandbox Escape

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class Metasploit3...

9.3CVSS7.6AI score0.69801EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

KDE KMail 1.7.1 HTML EMail Remote Email Content Spoofing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13085/info A remote email message content spoofing vulnerability affects KDE KMail. This issue is due to a failure of the application to properly sanitize HTML email messages. An attacker may leverage this issue to spoof...

7.2CVSS0.00387EPSS
Exploits3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

OpenBB 1.0.8 Read.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13624/info OpenBB is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could resul...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

vsftpd 2.3.2 - Denial of Service Vulnerability

No description provided by source. include stdio.h include stdlib.h include string.h include sys/types.h include sys/socket.h include netinet/in.h include netdb.h / This is code of http://cxib.net/stuff/vspoc232.c PoC CVE-2011-0762 vsftpd Remote Denial of Service Affected: 2.3.2 Fix: 2.3.4 Author...

4CVSS7.7AI score0.7332EPSS
Exploits9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

WeBProdZ CMS SQL Injection Vulnerability

No description provided by source. | \ | | | | | |/ / | | | | | // \ \ / / | | | | | | |/ | ' \ | |\ \ /\ V / | | || | || | | | | | | \| / /||,|||/|| || | | | || | | | | |/' || || | | |/ / | ' \ | /| |\ | | | / | | | | | | | \ |/ /./ / /|,|| || || / / $ Exploit Title : WeBProdZ CMS...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

OpenSSL < 0.9.7l / 0.9.8d - SSLv2 Client Crash Exploit

No description provided by source. !/usr/bin/perl Copyrightc Beyond Security Written by Noam Rathaus - based on beSTORM's SSL Server module Exploits vulnerability CVE-2006-4343 - where the SSL client can be crashed by special SSL serverhello response use strict; use IO::Socket; my $sock = new...

4.3CVSS0.17418EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.75 views

Java Applet JMX Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

10CVSS0.3AI score0.97612EPSS
Exploits38
seebug.org
seebug.org
added 2014/04/16 12:0 a.m.75 views

用友某办公自动化平台漏洞之1-未授权访问导致目录漏洞

简要描述: 文件上传页面没做权限控制,未对用户传递的目录进行过滤,导致../跳转上级目录 详细说明: 无意间看到这个平台 FE协作办公平台 测试版本:5.2.1 版本大于5.2.1未受影响 ,小于5.2.1的版本未测 在网上用百度找了一下 直接访问/system/mediafile/templateOfTaohongmanager.jsp?path=/../../../ 可以通过../跳转目录,导致敏感信息泄露 漏洞证明: 无意间看到这个平台 FE协作办公平台 测试版本:5.2.1 版本大于5.2.1未受影响 ,小于5.2.1的版本未测 在网上用百度找了一下...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/02/19 12:0 a.m.75 views

Symantec Endpoint Protection Manager本地SQL注入漏洞(CVE-2013-5015)

BUGTRAQ ID: 65467 CVECAN ID: CVE-2013-5015 Symantec Endpoint Protection SEP是反病毒和防火墙产品。 Symantec Endpoint Protection Manager 11.0、Symantec Endpoint Protection Center Small Business Edition 12.0、Symantec Endpoint Protection Manager 12.1版本没有有效过滤数据库的本地请求,恶意本地用户可利用此漏洞注入任意SQL数据库查询。 0 Symantec Web Gatew...

6.5CVSS2AI score0.28759EPSS
Exploits18
seebug.org
seebug.org
added 2012/04/18 12:0 a.m.75 views

Squid Proxy 'Host' HTTP标头安全限制绕过漏洞

BUGTRAQ ID: 53024 Squid是一个高效的Web缓存及代理程序,最初是为Unix平台开发的,现在也被移植到Linux和大多数的Unix类系统中,最新的Squid可以运行在Windows平台下。 Squid Proxy在过滤规则的实现上存在安全漏洞,成功攻击可允许攻击者绕过某些安全限制。 0 Squid Web Proxy Cache 3.1.19 厂商补丁: Squid ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.squid-cache.org import...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2012/03/14 12:0 a.m.75 views

Linux kernel 2.6.x Regsets空指针引用本地拒绝访问漏洞

BUGTRAQ ID: 52274 CVE ID: CVE-2012-1097 Linux Kernel是Linux操作系统的内核 Linux Kernel在实现上存在空指针引用导致的本地拒绝服务漏洞,攻击者可利用此漏洞造成内核崩溃、拒绝服务合法用户 0 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.kernel.org/...

7.2CVSS0.3AI score0.00351EPSS
Exploits2
seebug.org
seebug.org
added 2012/02/28 12:0 a.m.75 views

Samba 'AndX'请求堆缓冲区溢出漏洞(CVE-2012-0870)

No description provided by source...

7.9CVSS0.6AI score0.06499EPSS
Exploits1
seebug.org
seebug.org
added 2011/10/09 12:0 a.m.75 views

Linux Kernel el5 Local root Exploit

No description provided by source. Linux 2.6.18-128.el5 Linux 2.6.9-89.EL Ubuntu 8.10 Linux 2.6.27 For i386 & ppc compile with the command; gcc -w -o exploit exploit.c For x8664 kernel and ppc64 Compile as; gcc -w -m64 -o exploit exploit.c Greetz: r0073r 1337day.com ,r4dc0re,side^effects and all...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/04/02 12:0 a.m.75 views

Red Hat Enterprise Linux quagga远程拒绝服务漏洞

CVE ID: CVE-2010-1674,CVE-2010-1675 Quagga是基于TCP/IP的路由软件套件,Quagga bgpd守护程序实现BGP路由协议。 Quagga的bgpd守护程序处理某些路由量度信息的方式存在拒绝服务漏洞,带特制路径限制属性的BGP消息可造成bgpd程序重置其与接收消息的对等端的会话。Quagga bgpd守护程序处理畸形路由扩展社区属性时存在空指针引用漏洞,配置的BGP对等端可通过特制的BGP消息造成目标系统上的bgpd崩溃。 RedHat Enterprise Linux Server Optional 6 RedHat Enterprise...

5CVSS0.5AI score0.13426EPSS
Exploits1
seebug.org
seebug.org
added 2011/03/03 12:0 a.m.75 views

Linux Kernel &quot;ib_uverbs_poll_cq()&quot;整数溢出漏洞

BUGTRAQ ID: 46073 CVE ID: CVE-2010-4649 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的"ibuverbspollcq"在实现上存在整数溢出漏洞,攻击者可利用此漏洞以提升的权限执行任意代码,使受影响内核崩溃,拒绝服务合法用户。 如果用户空间计入较大的cmd.ne,ibuverbspollcq代码会出现整数溢出。对kmalloc的调用将分配较小的缓冲区,导致内存破坏。如果没有使用完resp,也会造成信息泄露。虽然目前仅存在使用此函数的RDMA设备,无权限用户空间也将调用此函数。 Debian Linux...

6.9CVSS0.4AI score0.00355EPSS
Exploits2
seebug.org
seebug.org
added 2010/06/03 12:0 a.m.75 views

OpenSSL Cryptographic Message Syntax &quot;OriginatorInfo&quot; Vulnerability

No description provided by source. OpenSSL Security Advisory 01-Jun-2010 Two security flaws have been fixed in OpenSSL 0.9.8o and OpenSSL 1.0.0a. Invalid ASN1 module definition for CMS. ======================================= CMS structures containing OriginatorInfo are mishandled this can write ...

7.5CVSS8.8AI score0.07834EPSS
Exploits3
seebug.org
seebug.org
added 2010/02/09 12:0 a.m.75 views

JDownloader JDExternInterface.java远程代码执行漏洞

BUGTRAQ ID: 38143 JDownloader是专为Rapidshare等站点设计的网盘下载工具。 JDownloader在下载过程中所传输的密钥可能为明文或JavaScript代码,之后在Mozilla Rhino Javascript实现中执行。以下是相关代码: (plugins/JDExternInterface.jar/JDExternInterface.java): String jk = Encoding.urlDecoderequest.getParameters.get"jk", false; ... Context cx = Context.enter;...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2009/12/20 12:0 a.m.75 views

PHP posix_mkfifo()函数绕过open_basedir安全限制漏洞

BUGTRAQ ID: 36554 CVECAN ID: CVE-2009-3558 PHP是广泛使用的通用目的脚本语言,特别适合于Web开发,可嵌入到HTML中。 PHP的posixmkfifo函数中的错误可能允许绕过openbasedir限制。以下是ext/posix/posix.c文件中的有漏洞代码段: PHPFUNCTIONposixmkfifo char path; int pathlen; long mode; int result; if zendparseparametersZENDNUMARGS TSRMLSCC, "sl", &path, &pathlen, &mod...

6.8CVSS5.1AI score0.02081EPSS
Exploits2
seebug.org
seebug.org
added 2009/09/11 12:0 a.m.75 views

Microsoft Windows TCP/IP在处理特制报文中远程拒绝服务漏洞(MS09-048)

BUGTRAQ ID: 36269 CVECAN ID: CVE-2009-1926 Microsoft Windows是微软发布的非常流行的操作系统。 由于处理TCP接收窗口大小很小或为0的特制报文中的错误,导致Microsoft Windows的TCP/IP处理中存在拒绝服务漏洞。如果应用关闭了仍要发送数据的TCP连接且攻击者设置了很小的或为0的TCP接收窗口大小,受影响的服务器就无法彻底关闭TCP连接。攻击者可以通过向系统发送大量特制报文来利用这个漏洞,导致受影响的系统停止响应新的请求。即使在攻击者停止发送恶意报文之后系统仍保持无响应。 Microsoft Windows Vist...

7.8CVSS6.9AI score0.35042EPSS
Exploits1
seebug.org
seebug.org
added 2009/08/25 12:0 a.m.75 views

ITechBids 8.0 (itechd.php productid) Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV1 print " \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " VIVA ISLAME VIVA ISLAME \n"; print " \n"; print " ITechBids v8.0 Blind SQL Injection Exploit \n"; print " \n"; print " itechd.php productid...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/06/05 12:0 a.m.75 views

Apache Tomcat Java AJP连接器无效头拒绝服务漏洞

BUGTRAQ ID: 35193 CVECAN ID: CVE-2009-0033 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 如果Tomcat通过Java AJP连接器接收到了带有无效头的请求,就会关闭AJP连接器而不是返回错误。在这个连接器是modjk负载均衡worker成员的情况下,这个成员就会进入出错状态,在大约一分钟的时间内无法使用。 Apache Group Tomcat 6.0.x Apache Group Tomcat 5.5.x Apache Group Tomcat 4.1.x 厂商补丁: Apache Group -----------...

5CVSS5.1AI score0.10053EPSS
Exploits1
seebug.org
seebug.org
added 2009/04/21 12:0 a.m.75 views

CUPS '_cupsImageReadTIFF()'整数溢出漏洞

BUGTRAQ ID: 34571 CVE ID:CVE-2009-0163 CNCVE ID:CNCVE-20090163 Common Unix Printing SystemCUPS是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 CUPS处理TIFF图像存在整数溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。...

6.8CVSS1.1AI score0.04246EPSS
Exploits2
seebug.org
seebug.org
added 2009/02/23 12:0 a.m.75 views

Linux Kernel sock.c SO_BSDCOMPAT选项信息泄露漏洞

BUGTRAQ ID: 33846 CVECAN ID: CVE-2009-0676 Linux Kernel是开放源码操作系统Linux所使用的内核。 在Linux Kernel的net/core/sock.c文件的sockgetsockopt函数中,如果设置了SOBSDCOMPA选项的话optval v.val就会被错误的初始化并直接返回给用户域,导致信息泄露。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

2.1CVSS0.1AI score0.00701EPSS
Exploits1
seebug.org
seebug.org
added 2008/09/28 12:0 a.m.75 views

帝国ECMS V5 /e/member/list/index.php注入漏洞

帝国ECMS /e/member/list/index.php文件: if$sear $keyboard=RepPostVar2$GET'keyboard'; if$keyboard $add.=$where.$userusername." like '%$keyboard%'"; $search.="&sear=1&keyboard=$keyboard"; 判断sear参数是否存在,然后直接去keyboard的参数,然后再判断keyboard值是否为空,如果不为 空就直接把keyboard带入查询产生注射漏洞. 帝国ECMS V5 暂无...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/09/01 12:0 a.m.75 views

VMware ISAPI扩展远程拒绝服务漏洞

BUGTRAQ ID:30935 CVE ID:CVE-2008-3697 CNCVE ID:CNCVE-20083697 ISAPI是IIS功能扩展,Vmware在服务器产品中使用ISAPI扩展。 VMware使用的其中之一ISAPI处理恶意请求存在问题,远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 发送畸形的请求,IIS可关闭,IIS 6.0可以自动重新启动,但是IIS 5.0在当启动类型设置为手动时不能自动启动。 VMWare Server 1.0.7 build 108231 VMWare Server 1.0.7 目前供应商已经提供升级程序,可联系供应商获得补丁信息:...

5CVSS6.7AI score0.03041EPSS
Exploits1
seebug.org
seebug.org
added 2008/08/26 12:0 a.m.75 views

趋势科技OfficeScan Web管理绕过认证漏洞

BUGTRAQ ID: 30792 CVECAN ID: CVE-2008-2433 OfficeScan是一种针对整个网段的分布式杀毒软件。 OfficeScan的web管理控制台使用了不充分的熵用于创建识别已认证管理员的随机会话令牌。当真正的管理员登录时,会话令牌的熵仅来自于系统时间,细粒度为1秒。攻击者可以相对容易的暴力猜测到认证令牌,扮演成当前登录的管理员,然后通过操控配置完全控制系统。 Trend Micro OfficeScan 8.0 Trend Micro OfficeScan 7.3 Trend Micro OfficeScan 7.0 Trend Micro...

7.5CVSS6.4AI score0.10929EPSS
Exploits1
seebug.org
seebug.org
added 2008/06/12 12:0 a.m.75 views

SNMPv3 HMAC validation error Remote Authentication Bypass Exploit

No description provided by source. snmpv3exp.sh exploit the vulnerability described in CVE-2008-0960, the HMAC check problem on multiple vendor Copyright c 2008 @ Mediaservice.net Srl. All rights reserved Wrote by Maurizio Agazzini inodeatmediaservice.net http://lab.mediaservice.net/...

10CVSS0.4AI score0.6879EPSS
Exploits7
seebug.org
seebug.org
added 2007/11/29 12:0 a.m.75 views

Sentinel Protection Server/Keys Server远程目录遍历漏洞

BUGTRAQ ID: 26583 Sentinel Protection Server和Sentinel Keys Server都是SafeNet公司推出的网络加密解决方案。 Sentinel Protection Server和Sentinel Keys Server的Web Server实现上存在输入验证漏洞,远程攻击者可能利用此漏洞执行目录遍历攻击。 Sentinel Protection Server和Sentinel Keys Server分别在6002和7002端口上运行Web...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/10/13 12:0 a.m.75 views

Joomla Component com_colorlab 1.0 Remote File Inclusion Vulnerability

No description provided by source. -------------------- Joomla comcolorlab Remote File Include -------------------- Found : xoron -------------------- Download: http://download.joomlaportal.ch/content/view/474/ -------------------- Wrong Code: include...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/15 12:0 a.m.75 views

Mbedthis AppWeb HTTP TRACE信息泄露漏洞

Mbedthis AppWeb是一款WEB应用服务程序。 Mbedthis AppWeb处理HTTP TRACE请求存在问题,远程攻击者可以利用漏洞获得敏感信息。 目前没有详细漏洞细节提供。 Mbedthis AppWeb 2.2.1 升级到Mbedthis AppWeb 2.2.2版本: http://www.mbedthis.com/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/08 12:0 a.m.75 views

Microsoft Windows Animated Cursor Stack Overflow Exploit

No description provided by source. !/usr/bin/env python $Id: win32-loadaniicon.py 4 2007-06-02 00:47:59Z ramon $ Windows Animated Cursor Stack Overflow Exploit Copyright 2007 Ramon de Carvalho Valle [email protected], RISE Security [email protected] This program is free software; you...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/05/12 12:0 a.m.75 views

PHPMyPortal Articles.Inc.PHP远程文件包含漏洞

PHPMyPortal是一款基于PHP的WEB应用程序。 PHPMyPortal不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Articles.Inc.PHP'脚本对用户提交的'GLOBALSCHEMINMODULES'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 phpMyPortal phpMyPortal 3.0 RC3 http://phpmyportal.info/menu.php html head meta http-equiv="Content-Type" content="text/html;...

7AI score
Exploits0
seebug.org
seebug.org
added 2007/04/02 12:0 a.m.75 views

Xoops Module myAlbum-P <= 2.0 (cid) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl Script Name: XOOPS Module myAlbum-P = 2.0 cid Remote BLIND SQL Injection Exploit Coded by : ajann Author : ajann Contact : : Dork : myAlbum-P 2.0 original Example S. : http://www.google.com.tr/search?q=+myAlbum-P+2.0+++original&hl=tr&start=0&sa=N...

7.1AI score
Exploits0
Total number of security vulnerabilities5000