Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2007/10/13 12:0 a.m.75 views

Joomla Component com_colorlab 1.0 Remote File Inclusion Vulnerability

No description provided by source. -------------------- Joomla comcolorlab Remote File Include -------------------- Found : xoron -------------------- Download: http://download.joomlaportal.ch/content/view/474/ -------------------- Wrong Code: include...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/08 12:0 a.m.75 views

Microsoft Windows Animated Cursor Stack Overflow Exploit

No description provided by source. !/usr/bin/env python $Id: win32-loadaniicon.py 4 2007-06-02 00:47:59Z ramon $ Windows Animated Cursor Stack Overflow Exploit Copyright 2007 Ramon de Carvalho Valle [email protected], RISE Security [email protected] This program is free software; you...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/05/12 12:0 a.m.75 views

PHPMyPortal Articles.Inc.PHP远程文件包含漏洞

PHPMyPortal是一款基于PHP的WEB应用程序。 PHPMyPortal不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'Articles.Inc.PHP'脚本对用户提交的'GLOBALSCHEMINMODULES'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 phpMyPortal phpMyPortal 3.0 RC3 http://phpmyportal.info/menu.php html head meta http-equiv="Content-Type" content="text/html;...

7AI score
Exploits0
seebug.org
seebug.org
added 2007/04/02 12:0 a.m.75 views

Xoops Module myAlbum-P <= 2.0 (cid) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl Script Name: XOOPS Module myAlbum-P = 2.0 cid Remote BLIND SQL Injection Exploit Coded by : ajann Author : ajann Contact : : Dork : myAlbum-P 2.0 original Example S. : http://www.google.com.tr/search?q=+myAlbum-P+2.0+++original&hl=tr&start=0&sa=N...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/03/24 12:0 a.m.75 views

Joomla Component Joomlaboard 1.1.1 (sbp) RFI Vulnerability

No description provided by source. Joomla comjoomlaboard 1.1.x Branch sbp Multiple Remote File Include Vulnerabilities Joomlaboard Component 1.1.x Branch sbp Multiple Remote File Include Vulnerabilities script :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/01/30 12:0 a.m.75 views

Linux-PAM pam_unix.so绕过认证漏洞

可插拔认证模块(PAM)是用于认证用户的机制,使用在多种Linux版本上。 Linux-PAM的modules/pamunix/support.c文件中unixverifypassword函数在验证用户口令时存在漏洞,远程攻击者可能利用此漏洞获取非授权访问。 如果口令文件中的哈希为“!!”或类似的话,用户就可以以任意口令登录。 Linux-PAM Linux-PAM 0.99.7.0 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/19 12:0 a.m.75 views

OpenOffice畸形Word文件整数溢出漏洞

OpenOffice是个整合性的软件,包含了许多文字处理、表格、公式等办公工具。 OpenOffice在处理某些畸形Word文档时存在整数溢出,远程攻击者可能利用此漏洞在用户机器上执行任意指令。 memset会试图向堆中写入大量的0: Breakpoint 2, WW8PLCF::GeneratePLCF this=0xb12a36e8, pSt=0xabae6cc8, nPN=0, ncpN=587202560 at /usr/src/debug/OOD680m5/sw/source/filter/ww8/ww8scan.cxx:2299 2299 nIMax = ncpN;...

7AI score
Exploits0
seebug.org
seebug.org
added 2006/12/08 12:0 a.m.75 views

Xine-Lib RuleMatches远程缓冲区溢出漏洞

xine是一款免费的媒体播放器,支持多种格式。 xine的Real Media输入插件的asmrpmatch函数中存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。 在以下代码段中,rulematches是仅能容纳16个int的静态缓冲区,但asmrpmatch没有对参数执行边界检查: 8--------------------------------------------8 src/input/libreal/real.c:468 for i=0; idesc-streamcount; i++ int j=0; int n; char b64; int...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/08 12:0 a.m.75 views

Microsoft Windows Print Spooler GetPrinterData拒绝服务漏洞

Microsoft Windows 2000是一款流行的操作系统。 Microsoft Windows spoolss GetPrinterData存在设计错误,远程攻击者可以利用漏洞进行拒绝服务攻击。 问题存在于GetPrinterData函数中,由于存在内存分配错误,可导致系统崩溃,造成拒绝服务攻击。 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000...

7AI score
Exploits0
seebug.org
seebug.org
added 2006/09/16 12:0 a.m.75 views

Mambo com_registration_detailed &lt;= 4.1 Remote File Include

No description provided by source. Mambo comregistrationdetailed = 4.1 Remote File Inclusion Download Source : http://mamboxchange.com/projects/regdetailed/ Dork = allinur:comextendedregistration Found By: k1tk4t - k1tk4td0th4ck4tgmaild0tcom Location: Indonesia file ; registrationdetailed.inc.php...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/07/28 12:0 a.m.75 views

Mambo MGM Component &lt;= 0.95r2 Remote Inclusion Vulnerability

No description provided by source. ---------------------------------------------------- Mambo Gallery Manager v095.r3 Remote File Inclusion Vulnerabilities ---------------------------------------------------- Discovered By A-S-T TEAM WE ARE CrAsHoVeRrIdE & BLACK-CODE & MR-HCR...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/04/10 12:0 a.m.75 views

Clansys v.1.1 (showid) Remote SQL Injection Exploit

No description provided by source. ?php / |---==============================================================---| | /\¯\ /\¯\ | | \ \ \ \ \ \ | | / \ / \ / \ \ \ / / \ \ \ / /\ \ | | /, /\ /\ /\ \ \ \ /\ /\ \ \ \ /\ /\ \ / | | //\ \ \ / \\ \ \\ \ \ \\ \ | | // ////////...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2018/06/22 12:0 a.m.74 views

Insteon Hub PubNub "cc" Channel Message Handler Multiple Global Overflow Code Execution Vulnerabilities(CVE-2017-16338 ~CVE-2017-16347)

Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a buffer overflow on a global section overwriting arbitrary data...

9.6AI score0.01378EPSS
Exploits11
seebug.org
seebug.org
added 2018/05/10 12:0 a.m.74 views

SCADAS "BAS920 & ISC2000" Credentials Exposed(CVE-2017-17974)

Exploit; SCADAS "BAS920 & ISC2000"; Credentials Exposed BA System “Improper Access Control Authorization” Exploit Title: "SCADAS "BAS920 & ISC2000"; Credentials Exposed” CVE: CVE-2017-17974 Date: 29/12/2017 Exploit Author: Fernandez Ezequiel @capitanalfa && Bertin Jose @bertinjoseb Vendor: BA...

5CVSS9.8AI score0.0166EPSS
Exploits2
seebug.org
seebug.org
added 2018/03/23 12:0 a.m.74 views

Windows Kernel 64-bit stack memory disclosure in NtQueryInformationThread(ThreadBasicInformation)(CVE-2018-0895)

We have discovered that the nt!NtQueryInformationThread system call invoked with the 0 information class ThreadBasicInformation discloses portions of uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. The specific layout of the...

5.3AI score0.02866EPSS
Exploits2
seebug.org
seebug.org
added 2017/10/13 12:0 a.m.74 views

Microsoft Windows PDF API Jpeg2000 csiz Remote Code Execution Vulnerability(CVE-2016-3319)

Description An exploitable out of bounds write vulnerability exists in the PDF parsing API in the latest versions of Microsoft Windows. A specially crafted PDF file can cause an out of bounds write resulting in arbitrary code execution. Vulnerability can be triggered via malicious web page or a...

9.3CVSS8.2AI score0.18537EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/13 12:0 a.m.74 views

OpenJPEG JPEG2000 mcc record Code Execution Vulnerability(CVE-2016-8332)

Summary An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful...

6.8CVSS9AI score0.02563EPSS
Exploits2
seebug.org
seebug.org
added 2017/10/11 12:0 a.m.74 views

HDF5 Group libhdf5 H5T_ARRAY Code Execution Vulnerability(CVE-2016-4330)

Description HDF5 is a fileformat that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization of large amounts of scientific data and is used to exchange data structures between applications in industries such as the GIS industry via...

6.9CVSS9.4AI score0.008EPSS
Exploits2
seebug.org
seebug.org
added 2017/06/27 12:0 a.m.74 views

Windows Kernel ATMFD.DLL out-of-bounds read due to malformed Name INDEX in the CFF table(CVE-2017-8483)

We have encountered a Windows kernel crash in the ATMFD.DLL OpenType driver while processing a corrupted OTF font file, see below: --- DRIVERPAGEFAULTBEYONDENDOFALLOCATION d6 N bytes of memory was allocated and more than N bytes are being referenced. This cannot be protected by try-except. When...

9.3CVSS5.9AI score0.36366EPSS
Exploits5
seebug.org
seebug.org
added 2017/04/25 12:0 a.m.74 views

Microsoft Windows (x86) - 'NDISTAPI' Privilege Escalation (MS11-062)

No description provided by source. / Exploit Title: Windows x86 all versions NDISTAPI privilege escalation MS11-062 Date: 2016-10-24 Exploit Author: Tomislav Paskalev Vulnerable Software: Windows XP SP3 x86 Windows XP Pro SP2 x64 Windows Server 2003 SP2 x86 Windows Server 2003 SP2 x64 Windows...

7.2CVSS6.5AI score0.06983EPSS
Exploits4
seebug.org
seebug.org
added 2017/04/25 12:0 a.m.74 views

BigTree CMS - Bypass CSRF filter and execute code with PHPMailer

DESCRIPTION PHPMailer RCE CVE-2016-10033 An independent research uncovered a critical vulnerability in PHPMailer version Sender According to my analysis, if we can control the value of Sender, we can let sendmail save the context to any given path /var/www/html/shell.php, which means code...

7.5CVSS10.3AI score0.99714EPSS
Exploits58
seebug.org
seebug.org
added 2017/02/15 12:0 a.m.74 views

ntfs-3g - Unsanitized modprobe mention the right Vulnerability( CVE-2017-0358)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 ntfs-3g is installed by default e.g. on Ubuntu and comes with a setuid root program /bin/ntfs-3g. When this program is invoked on a system whose kernel does not support FUSE filesystems detected by getfusefstype, ntfs-3g...

7.4AI score0.02277EPSS
Exploits9
seebug.org
seebug.org
added 2017/01/18 12:0 a.m.74 views

libgd 2.1.1 - Signedness Heap Overflow

Vulnerability details Represents the block index size of 4 bytes is stored in a signed integer. chunkIdxi. size by gdGetIntto resolve the GD2 head during libgd-2.1.1/src/gdgd2. c: ,---- | 53 typedef struct | 54 int offset; | 55 int size; | 56 | 57 tchunkinfo; ---- libgd-2.1.1/src/gdgd2. c: ,---- ...

7.5CVSS7.5AI score0.36974EPSS
Exploits8
seebug.org
seebug.org
added 2016/11/23 12:0 a.m.74 views

ntpd remote pre-auth DoS (CVE-2016-7434)

poc echo "FgoAEAAAAAAAAAA2bm9uY2UsIGxhZGRyPVtdOkhyYWdzPTMyLCBsY"\ | "WRkcj1bXTpXT1AAMiwgbGFkZHI9W106V09QAAA=" | base64 -d | nc -u -v 127.0.0.1 123 Valgrind report $ sudo valgrind ./ntpd/ntpd -n -c /resources/ntp.conf | | ==5389== Memcheck, a memory error detector | | ==5389== Copyright C 2002-201...

5CVSS7.2AI score0.52935EPSS
Exploits7
seebug.org
seebug.org
added 2016/05/11 12:0 a.m.74 views

D-Link DAR-8000/DAR-7000系列上网行为审计网关 任意文件上传

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/11 12:0 a.m.74 views

Mallbuilder /mallbuilder/aboutus.php文件 type 参数SQL注入漏洞

0x01 漏洞概述 相关厂商: 上海远丰信息科技有限公司 官方主页: shop-builder.cn 提交时间: 2015-06-17 公开时间: 2015-09-20 漏洞类型: SQL注射漏洞 谷歌关键字: powered by mallbuilder 在文件product/admin/cpmod.php中,id参数未过滤造成注入。 0x02 漏洞详情 首先来看看全局文件 function magic if!getmagicquotesgpc&&isset$POST foreach$POST as $key=$v if!isarray$v $POST$key=addslashes$v...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/06 12:0 a.m.74 views

用友GRP-U8 gzQuerydetail 参数KJND SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/01 12:0 a.m.74 views

ThinkPHP v3.1-3.2 Driver.class.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/02/23 12:0 a.m.74 views

jcms系统session重置导致getshell

简要描述: 详细说明: jcms系统session重置导致getshell 在/jcms/jcmsfiles/jcms1/web1/site/module/oss/quecode.jsp String sessionId = request.getParameter"sessionid"; 直接通过sessionid获取值 code1.setSessionNamesessionId; 然后又直接设置session 而在我们的jcms中的setup后台管理制作端中又只判断其中cookieusername是否为空 不为空即就登录 可参考如下:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.74 views

shopnc o2o版 index.php?act=payment&op=notify SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/06/25 12:0 a.m.74 views

某邮件域管理系统通用注入(过万企业邮箱沦陷)

简要描述: 日了Feng狗···跑的好慢 详细说明: intitle:Login to webmail http://hanwang.com.cn/login.php 这个貌似是不存在注入的,但是对应的邮箱域管理的后台登陆有post注入 http://mail.tofine.com:8090/login.php 以及 http://mail.tofine.com:8090/sys/login.php http://mail.kddl.cn:8090/sys/login.php http://mail.cqdc.com:8090/sys/login.php...

7AI score
Exploits0
seebug.org
seebug.org
added 2015/05/12 12:0 a.m.74 views

WordPress example.html 跨站脚本漏洞

知道创宇安全研究团队 Evi1m0 :2015.5.7概要WordPress 被爆 DOM XSS 漏洞,数百万站点受影响,该漏洞存在于 WordPress 流行的 Genericons example.html 页面中,默认主题 Twenty Fifteen 及知名插件 Jetpack 都内置了该页面,经过分析发现原来是 example.html 使用了存在 DOM XSS 漏 洞的 jQuery老版本 。11 年 dmethvin 提交 jQuery 1.6.1 版本的 Ticket 9521 , 其原因是由 $ | jQuery 预期的 CSS 选择器在其他情况下可以用于创建 HT...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2015/04/17 12:0 a.m.74 views

某通用电子政务系统注入

简要描述: 深夜来一发 详细说明: 深圳太极软件有限公司是一套专门的政务服务系统,大量用户在用。这个就不多说了。 注入点: http://www.gzegn.gov.cn:8080/application/gzhd/bgxz/showdepartments.jsp?zzjgdm=009390359&depName=%CA%A1%C3%F1%D5%FE%CC%FC zzjgdm=存在注入,就以贵州省电子政务为例,仅跑出表,其他不做测试。 payload: Place: GET Parameter: zzjgdm Type: boolean-based blind Title: AND...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2015/02/11 12:0 a.m.74 views

mcms最新版SQL注入三枚打包(可出任意数据)

简要描述: mcms最新版SQL注入三枚打包(可出任意数据) 详细说明: 在wooyun上看到掌易科技终于不再忽略漏洞了,我也来凑凑热闹吧。去下了mcms的最新版(v3.1.0.enterprise),来研究研究。 注入一枚:POST /app/message/?m=savemessage post中有本个参数,虽然都经过了xss和sql的过滤,但是过滤的并不完全,我们看看是如何注入的。 看看代码/app/message/index.php function msavemessage global $dbm,$C,$V; $POST=H::sqlxss$POST;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/02/04 12:0 a.m.74 views

用友NC综合办公系统前台再次SQL注入

简要描述: RT 详细说明: 用友NC综合办公系统SQL注入漏洞,可同时影响多个办公系统HR资源管理系统、UFO报表系统等的数据库 注入链接:/epp/detail/publishinfomore.jsp?pkinfotype= 注入参数:pkinfotype 必须先访问/epp/index.jsp后产生cookie才能进行SQL注入 漏洞证明: 测试案例: http://nc.xhlbdc.com 访问首页产生cookie: http://nc.xhlbdc.com/epp/index.jsp...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/07 12:0 a.m.74 views

用友FE协作办公系统FILE协议文件读取漏洞(通杀全版本)

简要描述: 用友FE协作办公系统某处协议处理接口未过滤file://协议,导致任意文件读取漏洞,通杀全版本 详细说明: web.xml有如下配置: ProxyServletUtil fe.witmanage.service.ProxyServletUtil ProxyServletUtil /ProxyServletUtil ProxyServletUtil.java源码如下: / / public void doGetHttpServletRequest request, HttpServletResponse response throws ServletException,...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

Oracle <= 9i / 10g (extproc) - Local/Remote Command Execution Exploit

No description provided by source. -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi [email protected] -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g --...

8.5CVSS0.3AI score0.13782EPSS
Exploits9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

Crossday Discuz! 2.0/3.0 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9584/info It has been reported that Discuz! is prone to an Cross Site Scripting vulnerability. This issue is caused by the application failing to properly sanitize links embedded within user messages. Upon successful...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

D-Link hedwig.cgi Buffer Overflow in Cookie Header

No description provided by source. !/usr/bin/env python Exploit for the DIR-645/DIR-815 hedwig.cgi stack based buffer overflow vulnerability. NimdaKey test 06-12-2014 import sys import time import string import socket from random import Random import urllib, urllib2, httplib class MIPSPayload:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

php 5.3.8 - Multiple Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.3.8 Multiple vulnerabilities Author: Maksymilian Arciemowicz Website: http://cxsecurity.com/ Date: 14.01.2012 CVE: CVE-2011-4153 zendstrndup Original link: http://cxsecurity.com/research/103 --- 1. Multiple NUL...

5CVSS9.6AI score0.122EPSS
Exploits9
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

Yamamah 1.0 - SQL Injection Vulnerability

No description provided by source. Exploit Title: Yamamah 1.0 SQL Injection Vulnerability Date: 12/06/2010 Author: TheMaStEr [email protected] Software Link: http://www.yamamah.org/ Version: 1.00 Tested on: Windows SP3 Dork: intext:Powered By : Yamamah Version 1.00 Code :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

wordpress <= 3.3.1 - Multiple Vulnerabilities

No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version...

7.5CVSS6.4AI score0.09551EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

ProFTPD <= 1.2.10 Remote Users Enumeration Exploit

No description provided by source. / Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis attack at...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

elkagroup (pid) Remote SQL Injection Vulnerability

No description provided by source. elkagroup pid Remote SQL Injection Vulnerability || Author: Hussin X || Home : WwW.IQ-TY.CoMhttp://WwW.IQ-TY.CoM || email: darkangelg85atYahooDoTcom ||| script : http://www.elkapax.com & http://www.elkagroup.com ||| DorK : Powered by :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

OpenSSL ASN1 BIO Memory Corruption Vulnerability

No description provided by source. Incorrect integer conversions in OpenSSL can result in memory corruption. -------------------------------------------------------------------------- CVE-2012-2110 This advisory is intended for system administrators and developers exposing OpenSSL in production...

7.5CVSS0.2AI score0.48298EPSS
Exploits8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

Sun Java System Calendar Server 6.3 Duplicate URI Request Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34150/info Sun Java System Calendar Server is prone to a denial-of-service vulnerability because it fails to handle certain duplicate URI requests. An attacker can exploit this issue to crash the Calendar Server, resultin...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

Radio istek scripti 2.5 - Remote Configuration Disclosure Vulnerability

No description provided by source. turkish radio php script ====================================================== RADIO istek scripti tr Version 2.5 tr Remote config Vulnerability ! Found by? :? kurdish hackers team ! C0ntact : pshela at YaHoo .com ! Groups : Kurd-Team ! site : www.kurdteam.org...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12359/info Multiple input validation vulnerabilities affect MercuryBoard. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in critical functionality. An...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution (0-day)

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.74 views

Apple Quicktime /w IE .qtl Version XAS - Remote Exploit PoC

No description provided by source. !-- Performing XAS Cross Application Scripting attacks automatically read no user interaction is very easy, as I showed before in my shutting down skype proof-of-concept. But, what if you are using a limited web environment, where you can't use iframes or script...

7.1AI score
Exploits0
Total number of security vulnerabilities5000