Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2011/08/12 12:0 a.m.65 views

Adobe Flash Player Integer Overflow

No description provided by source. iDefense Security Advisory 08.09.11 http://labs.idefense.com/intelligence/vulnerabilities/ Aug 09, 2011 I. BACKGROUND Adobe Flash Player is an application for viewing animations and movies using computer programs such as a Web browser; in common usage, Flash let...

10CVSS0.7AI score0.09568EPSS
Exploits1
seebug.org
seebug.org
added 2011/07/04 12:0 a.m.65 views

Discuz! X2远程SQL注入漏洞

Discuz! X2在处理请求数据时存在SQL注入漏洞,远程攻击者可利用此漏洞非授权操作数据库。 漏洞存在于如下代码中: if!defined'INDISCUZ' exit'Access Denied'; define'NOROBOT', TRUE; @list$G'gpaid', $G'gpk', $G'gpt', $G'gpuid', $G'gptableid' = explode'|', base64decode$G'gpaid'; if!empty$G'gpfindpost' && $attach = DB::fetchfirst"SELECT pid, tid FROM...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/08/18 12:0 a.m.65 views

Joomla Component "com_dirfrm" Sql Injection Vulnerability

No description provided by source. Exploit Title : Joomla Component "comdirfrm" Sql Injection Vulnerability Date : 18 - 8 - 2010 Author : Hieuneo Vietnam Version : All Versions Tested on : Win 7 Home Dork google: inurl:"comdirfrm" Exploit:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/08/12 12:0 a.m.65 views

Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service

No description provided by source. Exploit Title: Windows Live Messenger = 14.0.8117 animation remote Denial of Service Date: 11/08/2010 Author: TheLeader Email: gsog2009 a7 hotmail d0t com Software Link: http://explore.live.com/windows-live-messenger Version: 14.0.8117 and prior Tested on: Windo...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/06/18 12:0 a.m.65 views

Samba SMB1报文链接远程内存破坏漏洞

BUGTRAQ ID: 40884 CVE ID: CVE-2010-2063 Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。 Samba中负责处理链接起SMB1报文的代码没有正确地验证客户端所提供的输入字段,恶意客户端可以向Samba服务器发送特制的SMB报文触发堆内存破坏,导致以Samba服务器(smbd)的权限执行任意代码。利用这个漏洞无需认证,且samba的默认配置便受这个漏洞影响。 Samba 3.0.x - 3.3.12 厂商补丁: RedHat ------...

7.5CVSS0.78702EPSS
Exploits5
seebug.org
seebug.org
added 2010/03/21 12:0 a.m.65 views

Linux Kernel SCTP实现远程拒绝服务漏洞

CVECAN ID: CVE-2010-0008 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的流控制传输协议(SCTP)实现的sctprcvootb函数中存在空指针引用错误。远程攻击者可以通过向目标系统发送特制的 SCTP报文来触发这个漏洞,导致拒绝服务的情况。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

7.8CVSS0.2AI score0.0452EPSS
Exploits1
seebug.org
seebug.org
added 2010/01/06 12:0 a.m.65 views

Linux Kernel ext4_fill_flex_info函数拒绝服务漏洞

CVE ID: CVE-2009-4307 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的ext4子系统fs/ext4/super.c文件中的ext4fillflexinfo函数中存在拒绝服务漏洞。如果用户所加载的 ext4文件系统中的超级块带有超大的FLEXBG组大小(也称为sloggroupsperflex值),groupsperflex就会溢出,导致0除数错误,系统可能会崩溃。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

7.1CVSS0.03431EPSS
Exploits2
seebug.org
seebug.org
added 2009/11/19 12:0 a.m.65 views

SeaMonkey 1.1.8 Remote Array Overrun

No description provided by source. From Full Disclosure: http://seclists.org/fulldisclosure/2009/Nov/221 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SeaMonkey 1.1.8 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - - Dis.:...

6.8CVSS0.2AI score0.28167EPSS
Exploits44
seebug.org
seebug.org
added 2009/11/07 12:0 a.m.65 views

Linux Kernel 'nfs4_proc_lock()'本地拒绝服务漏洞

Bugraq ID: 36936 CVE ID:CVE-2009-3726 Linux是一款开放源代码的操作性系统。 Linux Kernel 'nfs4proclock'函数对Null值检查缺少充分检查,本地攻击者可以利用漏洞对系统进行拒绝服务攻击。 Null指针引用触发发生在nfs4procsetlk函数的起始部分: static int nfs4procsetlkstruct nfs4state state, int cmd, struct filelock request struct nfsclient clp = state-owner-soclient;...

7.8CVSS0.12EPSS
Exploits1
seebug.org
seebug.org
added 2009/11/03 12:0 a.m.65 views

Mozilla Firefox多个内存破坏漏洞

BUGTRAQ ID: 36872,36871,36870,36866,36869,36873,36875 CVE ID: CVE-2009-3377,CVE-2009-3378,CVE-2009-3379,CVE-2009-3380,CVE-2009-3381,CVE-2009-3382,CVE-2009-3383 Firefox是一款流行的开源WEB浏览器。...

10CVSS0.1AI score0.10843EPSS
Exploits1
seebug.org
seebug.org
added 2009/09/22 12:0 a.m.65 views

BPMusic 1.0 blind SQL Injection

No description provided by source. x========================================================================================================================================x | AntiSecuritydotorg |...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/08/18 12:0 a.m.65 views

Linux Kernel binfmt_flat.c空指针引用拒绝服务漏洞

BUGTRAQ ID: 36037 CVECAN ID: CVE-2009-2768 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的flat子系统中fs/binfmtflat.c文件的loadflatsharedlibrary函数存在空指针应用错误。如果本地用户执行了共享的flat二进制程序的话,就可以触发这个错误,导致系统崩溃。 Linux kernel 2.6.x 厂商补丁: Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

7.2CVSS0.2AI score0.00405EPSS
Exploits1
seebug.org
seebug.org
added 2009/05/23 12:0 a.m.65 views

Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php)

No description provided by source. ? printr' IIS 6 WEBDAV Exploit.By [email protected] && Securiteweb.org Usage: php '.$argv0.' source/path/put host path Example: php '.$argv0.' source www.tian6.com /blog/readme.asp Example2: php '.$argv0.' path www.tian6.com /secret/ Example3: php '.$argv0.' put...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/04/01 12:0 a.m.65 views

VirtueMart <= 1.1.2 Multiple Remote Vulnerabilities

No description provided by source. Author: Janek Vind "waraxe" Date: 24. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-71.html Description of vulnerable software: VirtueMart is an Open Source E-Commerce solution to be used together with a Content Management System CMS...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/02/04 12:0 a.m.65 views

Free Download Manager多个远程安全漏洞

CVECAN ID: CVE-2009-0183,CVE-2009-0184 Free Download Manager是一种强大易用而且免费的网络下载管理及加速软件。 Free Download Manager的实现上存在多个远程安全漏洞,远程攻击者可能利用此漏洞控制运行了FDM的用户系统。 Free Download Manager处理torrent文件中的文件名、注释、URL等字串时存在堆或栈缓冲区溢出,攻击者可能通过诱使用户处理恶意的torrent文件触发漏洞控制用户系统。FDM的Remote Control...

10CVSS0.4AI score0.66526EPSS
Exploits24
seebug.org
seebug.org
added 2008/11/04 12:0 a.m.65 views

Oracle WebLogic Apache连接器远程缓冲区溢出漏洞

CVECAN ID: CVE-2008-4008 WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。 WebLogic的Apache连接器实现上存在漏洞,模块做处理请求所带的畸形参数时,未进行长度检查就把字符串拷贝到固定长度的栈缓冲区中,远程攻击者可能利用此漏洞触发栈溢出,导致执行任意指令。 Oracle WebLogic Server Oracle ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

10CVSS6.4AI score0.56268EPSS
Exploits9
seebug.org
seebug.org
added 2008/10/27 12:0 a.m.65 views

PHPWind passport_client.php文件UPDATE参数远程SQL注入漏洞

PHPWind的实现上存在变量过滤漏洞,远程攻击者可能利用此漏洞执行SQL注入攻击,非授权操作数据库,完全控制论坛。 PHPWind的passportclient.php文件里变量没有初始化,可以通过构造特定的变量值判断: codeif!$passportifopen || $passporttype != 'client' exit"Passport closedPHPWind"; //可以提交“passportifopen =1&passporttype=client”绕过 ifmd5$action.$userdb.$forward.$passportkey != $verify...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/09/29 12:0 a.m.65 views

Arcadem Pro (articlecat) Remote SQL Injection Vulnerability

No description provided by source. || | | Arcadem Pro articlecat Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : WwW.IQ-ty.CoM | WwW.TrYaG.CC | | email: darkangelg85atYahooDoTcom | | | | | | | | script :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/09/19 12:0 a.m.65 views

Pluck 4.5.3 (update.php) Remote File Corruption Exploit

No description provided by source. ?php / Pluck 4.5.3 update.php remote file corruption exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ Google dorks: "powered by pluck" +admin inurl:file=kop1.php inurl:file=kop2.php ... Exploit condition : registerglobals = on...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/09/14 12:0 a.m.65 views

Linux kernel NFSv4 ACL缓冲区溢出漏洞

BUGTRAQ ID: 31133 CVE ID:CVE-2008-3915 CNCVE ID:CNCVE-20083915 Linux是一款开放源代码的操作系统。 当NFSv4启用时Linux内核中的NFSD存在一个缓冲区溢出,远程攻击者可以利用漏洞对系统进行拒绝服务攻击,可能导致任意代码执行。 问题存在于对NFSv4 ACL解码处理中,initstate函数分配数组时不足够大,构建特殊的NFSv4 acl可触发缓冲区溢出。 Linux kernel 2.6.26 3 Linux kernel 2.6.26 -rc6 Linux kernel 2.6.25 .9 Linux kerne...

9.3CVSS0.2AI score0.04353EPSS
Exploits1
seebug.org
seebug.org
added 2008/09/12 12:0 a.m.65 views

PhpWebGallery 1.3.4 (cat) Blind SQL Injection Vulnerability

No description provided by source. ---------------------------------------------------------------- Script : PhpWebGallery 1.3.4 Type : Vulnerabilities blind sql injection Author : Stack Google Dork : inurl:"picture.php?cat=" "Powered by PhpWebGallery 1.3.4"...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/07/16 12:0 a.m.65 views

Microsoft IE 浏览器数字IP地址区域欺骗漏洞(MS01-051)

CVE CAN ID : CAN-2001-0664 Microsoft Internet Explorer的安全性依赖于不同的安全区域,即局域网和广域网区 域,这些安全区域可以有关于脚本和ActiveX控件执行的不同安全设置,很多个人和企 业用户都是依赖这些区域来定制对ActiveX控件的执行的。一般来说,局域网的安全级 别比较低,而广域网就比较高。 发现Microsoft Internet Explorer存在安全缺陷,如果使用数字形式的IP地址表示方法不包含'.',我们就可能绕过这些区域,欺骗浏览器相信我们是在局域网中,这就可能导致一些本来...

7.5CVSS6.6AI score0.18189EPSS
Exploits1
seebug.org
seebug.org
added 2008/07/16 12:0 a.m.65 views

Allaire ColdFusion 4.0x CFCACHE功能泄露信息漏洞

BUGTRAQ ID: 917 CVECAN ID: CVE-2000-0057 Allaire ColdFusion是一个用来增强Web交互功能的组件。 ColdFusion 4.x包含一个叫做CFCACHE的功能,它通过储存HTML处理CFM页的输出来提高服务器的性能。 当CFCACHE标签处理CFM页面时,它创建一些临时文件,其中一些文件是.tmp文件,其中包含了当前的HTML输出。同时它也创建一个名为cfcache.map的文件,其中包含了到.tmp文件的指针,内容有绝对路径、时间信息和其他URL信息。这些信息如果暴露出来可以造成潜在的危害。...

7.5CVSS6.4AI score0.05547EPSS
Exploits1
seebug.org
seebug.org
added 2008/05/29 12:0 a.m.65 views

OpenSSL多个拒绝服务漏洞

BUGTRAQ ID: 29405 CVECAN ID: CVE-2008-0891,CVE-2008-1672 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 OpenSSL在处理畸形的连接时存在漏洞,远程攻击者可能利用此漏洞导致服务器程序崩溃。 当用以下命令行运行OpenSSL时: openssl sserver -key pathtokey \ -cert pathtocertificate \ -www openssl ciphers 'ALL:COMPLEMENTOFALL' 如果接收到的Client...

4.3CVSS8.6AI score0.05EPSS
Exploits1
seebug.org
seebug.org
added 2008/03/20 12:0 a.m.65 views

Joomla Component joovideo 1.2.2 (id) SQL Injection Vulnerability

No description provided by source. Mambo Component comjoovideo SQL InjectionPowered by joovideo V1.0 AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MA陌L : [email protected] TODAY MY B陌RTDAY SOO I WROTE 5 BUGS ALL FOR HACKERS 5 EXPLO陌TS HAVE 100.000 MAMBO-JOOMLA WEBPAGES ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/01/23 12:0 a.m.65 views

Web Wiz Rich Text Editor 4.0 Multiple Remote Vulnerabilities

No description provided by source. WwW.BugReport.ir AmnPardaz Security Research Team Title: Web Wiz Rich Text EditorTM Vendor: http://www.webwizguide.com/ Bug: Directory traversal + HTM/HTML file creation on the server Vulnerable Version: 4.0 Exploit: Available Fix Available: No! Fast Solution is...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/12/04 12:0 a.m.65 views

Linux Kernel ISDN_Net.C本地缓冲区溢出漏洞

BUGTRAQ ID: 26605 CVE ID:CVE-2007-6063 CNCVE ID:CNCVE-20076063 Linux是一款开放源代码的操作系统。 Linux包含的'isdnnetsetcfg'函数存在设计错误,本地攻击者可以利用漏洞进行缓冲区溢出攻击,可能提升特权。 在isdnioctl函数中会调用isdnnetsetcfg: isdnioctl drivers/isdn/i4l/isdncommon.c: 1270 isdnioctlstruct inode inode, struct file file, uint cmd, ulong arg...

6.9CVSS0.3AI score0.00369EPSS
Exploits1
seebug.org
seebug.org
added 2007/09/03 12:0 a.m.65 views

BEA WebLogic Server空密码组信息泄露漏洞

BUGTRAQ ID: 25472 BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。 BEA Systems WebLogic在处理SSL连接时存在漏洞,可能导致敏感信息泄露。 在某些情况下,运行在服务器环境以外的SSL客户端可能无法找到创建SSL密码组列表所需的所有密码,这就会导致使用默认的非加密密码;客户端也可能无法支持服务器中任何可用的密码组,这时服务器就会选择使用空密码的密码组,导致SSL通讯没有加密,这样攻击者就可以获取明文传输的信息。 BEA Systems Weblogic Server 9.2...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/08/20 12:0 a.m.65 views

Mercury Mail Transport System AUTH CRAM-MD5远程栈溢出漏洞

BUGTRAQ ID: 25357 Mercury Mail Transport System是一款综合的Internet邮件服务器系统。 Mercury Mail Transport System的SMTP服务器没有正确地处理超长的AUTH CRAM-MD5字符串,远程攻击者可能利用此漏洞控制服务器。 如果用户向服务器提交了恶意的认证请求的话,就可能触发栈溢出,导致完全入侵服务器系统。 Pegasus Mail Mercury Mail Transport System 4.51 Pegasus Mail Mercury Mail Transport System 4.01b...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/04/17 12:0 a.m.65 views

Microsoft Agent URI处理远程代码执行漏洞

Microsoft Windows是一款商业性质的操作系统。 Microsoft Agentagentsvr.exe处理畸形URL存在问题,远程攻击者可以利用漏洞以浏览器进程权限执行任意指令 当agentsvr.exe处理特殊构建的URLs传递给部分方法作为参数时存在设计错误,可导致以应用程序权限执行任意代码。目前没有详细漏洞细节提供。 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional...

7AI score
Exploits0
seebug.org
seebug.org
added 2007/04/03 12:0 a.m.65 views

PHP 5 PHP_Stream_Filter_Create()函数缓冲区溢出漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP phpstreamfiltercreate存在缓冲区溢出,远程攻击者可利用此漏洞以应用程序进程权限执行任意指令。 当一个过滤器通过phpstreamfiltercreate函数建立时,会首先在HASH表中通过名字搜索过滤器,如果不成功会检查是否有通用过滤器支持请求的过滤器,这通过如下代码执行: if SUCCESS == zendhashfindfilterhash, charfiltername, n, void&factory filter = factory-createfilterfiltername, filterparams...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2007/04/03 12:0 a.m.65 views

Xoops Module Virii Info <= 1.10 (index.php) Remote File Include Exploit

No description provided by source. html head meta http-equiv="Content-Type" content="text/html; charset=windows-1254" titleXoops Module Virii Info = 1.10 index.php Remote File Include Exploit/title script language="JavaScript"...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/04/02 12:0 a.m.65 views

Xoops Module Lykos Reviews 1.00 (index.php) SQL Injection Exploit

No description provided by source. html head titleXOOPS Module Lykos Reviews 1.00 index.php BLIND SQL Injection Exploit/title script type="text/javascript" //'=============================================================================================== //'Script Name: XOOPS Module Lykos Reviews...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/03/28 12:0 a.m.65 views

Web Content System 2.7.1 Remote File Inclusion Exploit

No description provided by source. Web Content System //'=============================================================================================== //'Script Name : Web Content System //' //'? //'.... //'.. //'ERROR------------------------------...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/03/26 12:0 a.m.65 views

PHP <= 4.4.4 / 5.2.1 / 5.1.6 readfile() Safe Mode Bypass Vulnerability

No description provided by source. SecurityRisk : DEN Remote Exploit : No Local Exploit : Yes Exploit Given : Yes Credit : The-WolF-kSA Date : 24.3.2007 Affected Software : PHP 5.2.1/ 5.1.6 / 4.4.4 readfile Safe Mode Bypass PHP 5.2.1/ 5.1.6 / 4.4.4 Author: ThE-WoLf-KsA Date: - -Written: 24.3.2007...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/03/24 12:0 a.m.65 views

Active Auction Pro 7.1 (default.asp catid) SQL Injection Vulnerability

No description provided by source. Title : Active Auction Remote SQL Injection Vulnerability Author : CyberGhost Demo Page : http://www.activewebsoftwares.com/demoactiveauction Script Page : http://www.activewebsoftwares.com/productinfo.aspx?productid=1 Vuln. Username :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/03/12 12:0 a.m.65 views

MS Windows DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption

No description provided by source. !/usr/bin/python MS Windows DCE-RPC svcctl ChangeServiceConfig2A 0day Memory Corruption PoC Exploit Bug discovered by Krystian Kloskowski h07 Tested on Windows 2000 SP4 Polish all patches Requires.. - Impacket : http://oss.coresecurity.com/projects/impacket.html...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/03/02 12:0 a.m.65 views

PHP 4 Userland ZVAL Reference Counter Overflow Exploit PoC

No description provided by source. ?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || // // | |/ || '|/ |/ -| ' / -/ |||| /| || / //...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/26 12:0 a.m.65 views

McAfee NeoTrace ActiveX控件远程缓冲区溢出漏洞

McAfee NeoTrace是一款跟踪路由数据包的应用程序。 NeoTraceExplorer.NeoTraceLoader ActiveX存在边界条件问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 攻击者必须构建恶意WEB页,诱使用户访问来触发,目前没有详细漏洞细节提供。 0 McAfee NeoTrace Professional 3.25 McAfee NeoTrace Express 3.25 目前没有解决方案提供: a href="http://www.networkingfiles.com/PingFinger/Neotraceexpress.htm"...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/06 12:0 a.m.65 views

Mambo Peoplebook Component 1.0 Remote File Include Vulnerability

No description provided by source. --------------------------------------------------------------------------- Peoplebook Mambo Component = v1.0 Remote File Include Vulnerabilities --------------------------------------------------------------------------- Author : Matdhule Date : August, 14th 20...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/11/21 12:0 a.m.65 views

Alt-N MDaemon本地不安全默认目录权限漏洞

Alt-N MDaemon是一款基于Windows的邮件服务程序。 MDaemon在安装文件时没能设置正确的访问权限,本地攻击者可能利用此漏洞提升权限。 MDaemon默认下以不安全权限安装到了系统根目录的MDaemon文件夹中,允许Users组的成员创建文件和目录。本地攻击者可以通过将恶意的RASAPI32.DLL或MPRAPI.DLL库放置在MDaemon\APP目录中导致以系统权限执行任意代码。 Alt-N MDaemon 9.53 Alt-N MDaemon 9.51 Alt-N MDaemon 9.06 Alt-N MDaemon 9.0.5 临时解决方法:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/11/03 12:0 a.m.65 views

Fetchmail POP3客户端缓冲区溢出漏洞

BUGTRAQ ID: 14349 CVECAN ID: CVE-2005-2335 fetchmail是免费的软件包,可以从远程POP2、POP3、IMAP、ETRN或ODMR服务器检索邮件并将其转发给本地SMTP、LMTP服务器或消息传送代理。 fetchmail的POP3客户端在处理服务器回应时存在缓冲区溢出漏洞,恶意服务器可能利用此漏洞在客户端上执行任意指令。...

5CVSS0.1AI score0.05882EPSS
Exploits1
seebug.org
seebug.org
added 2006/10/25 12:0 a.m.65 views

Mambo/Joomla plugin.class.php脚本远程文件包含漏洞

Mambo(也被称为Joomla)是一款开放源代码的WEB内容管理系统。 Mambo在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上以Web进程权限执行任意命令。 在Mambo的comcomprofiler文件夹的plugin.class.php脚本中: -----------------------plugin.class.php---------------------- ?php / Plugin handler @package Joomla @author various, JoomlaJoe and Beat / requireonce...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/09/28 12:0 a.m.65 views

PPA Gallery <= 1.0 (functions.inc.php) Remote File Include Exploit

No description provided by source. ?php / ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/04/12 12:0 a.m.65 views

PHP121 Instant Messenger <= 1.4 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "PHP121 Instant Messenger = 1.4 $SESSIONsessusername remote cmmnds xctn \r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "- works with magicquotesgpc = Off\r\n\r\n"...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/03/25 12:0 a.m.65 views

WebAlbum <= 2.02pl COOKIE[skin2] Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "WebAlbum = 2.02pl $COOKIEskin2 remote cmmnds xctn \r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "- this works with magicquotesgpc=Off\r\n"; echo "dork: WEBalbum...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/04/28 12:0 a.m.64 views

Apache OFBiz 代码执行漏洞(CVE-2021-30128)

...

10CVSS1.3AI score0.81079EPSS
Exploits2
seebug.org
seebug.org
added 2018/07/05 12:0 a.m.64 views

DouPHP-多处物理路径泄露

...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2018/06/26 12:0 a.m.64 views

Electro Industries GaugeTech Nexus series Products Information Disclosure

Electro Industries GaugeTech Nexus series Products Information Disclosure Web Solutions in ZoomEye : https://www.zoomeye.org/searchResult?q=%22%3Ctitle%3ETotal%20Web%20Solutions%3C%2Ftitle%3E%22%20%2B%22Server%3A%20EIG%20Embedded%20Web%20Server%22 The default does not require authenticated...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2018/06/22 12:0 a.m.64 views

Insteon Hub MPFS Upload Firmware Update Vulnerability(CVE-2018-3832)

Summary An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To...

0.1AI score0.01656EPSS
Exploits1
Total number of security vulnerabilities5000