Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2006/09/28 12:0 a.m.65 views

PPA Gallery <= 1.0 (functions.inc.php) Remote File Include Exploit

No description provided by source. ?php / ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+ +:+:+...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/04/28 12:0 a.m.64 views

Apache OFBiz 代码执行漏洞(CVE-2021-30128)

...

10CVSS1.3AI score0.81079EPSS
Exploits2
seebug.org
seebug.org
added 2018/04/28 12:0 a.m.64 views

SQLi, XSS zero-days expose Belkin IoT devices, Android smartphones

LONDON, UK – Research director Scott Tenaglia and lead research engineer Joe Tanen detailed the vulnerabilities during their ‘Breaking BHAD: Abusing Belkin Home Automation devices’ talk at the Black Hat Europe conference in London last Friday. The zero-day flaws specifically relate to Belkin’s...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2018/04/26 12:0 a.m.64 views

New proxyOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10376)

On 4/24/2018, 01:17:50 p.m. UTC, PeckShield again detected an unusual MESH token transaction shown in Figure 1. In this particular transaction, someone transferred a large amount of MESH token — 0x8fff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff 63 f’s to herself...

0.1AI score0.01825EPSS
Exploits2
seebug.org
seebug.org
added 2018/04/16 12:0 a.m.64 views

Moxa EDR-810 Web Server strcmp Multiple Denial of Service Vulnerabilities(CVE-2017-14435 - CVE-2017-14437)

Summary An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to "/MOXALOG.ini, /MOXACFG.ini, o...

5CVSS0.1AI score0.0219EPSS
Exploits4
seebug.org
seebug.org
added 2018/03/13 12:0 a.m.64 views

MikroTik RouterOS < 6.38.4 (x86) - 'Chimay Red' Stack Clash Remote Code Execution

!/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import ropgadget ASTSTACKSIZE = 0x800000 default stack size per thread 8 MB...

Exploits0
seebug.org
seebug.org
added 2018/02/06 12:0 a.m.64 views

Kaspersky Secure Mail Gateway Multiple Vulnerabilities

Advisory Information Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0010 Advisory URL: http://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities Date published: 2018-02-01 Date of last update: 2018-02-01 Vendors contacted:...

8.5AI score
Exploits0
seebug.org
seebug.org
added 2017/12/11 12:0 a.m.64 views

SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit

Summary SonicDICOM is PACS software that combines the capabilities of DICOM Server with web browser based DICOM Viewer. Description The application suffers from a privilege escalation vulnerability. Normal user can elevate his/her privileges by sending a HTTP PATCH request seting the parameter...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2017/10/20 12:0 a.m.64 views

Libarchive mtree parse_device Code Execution Vulnerability(CVE-2016-4301)

SUMMARY An exploitable stack based buffer overflow vulnerability exists in the mtree parsedevice functionality of libarchive. A specially crafted mtree file can cause a buffer overflow resulting in memory corruption/code execution. An attacker can send a malformed file to trigger this...

6.8CVSS8.2AI score0.03716EPSS
Exploits2
seebug.org
seebug.org
added 2017/08/17 12:0 a.m.64 views

Microsoft Internet Explorer Remote Code Execution Vulnerability(CVE-2017-8618)

There is a type confusion issue related to how some arithmetic operations are performed in VBScript. To illustrate, see the following simplified code of VbsVarMod static unsigned char resultlookuptable1818 = ... void VbsVarModVAR v1, VAR v2 VAR arithv1 = v1-PvarGetArithVal; VAR arithv2 =...

7.6CVSS7.9AI score0.58078EPSS
Exploits2
seebug.org
seebug.org
added 2017/06/06 12:0 a.m.64 views

WebKit: UXSS via CachedFrameBase::restore

This is similar to the case https://bugs.chromium.org/p/project-zero/issues/detail?id=1151. But this time, javascript handlers may be fired in FrameLoader::open. void FrameLoader::openCachedFrameBase& cachedFrame ... cleardocument, true, true, cachedFrame.isMainFrame; Click anywhere... function...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2017/02/01 12:0 a.m.64 views

PHP PEAR 1.10.1 - arbitrary File Download Vulnerability (CVE-2017-5630)

Author: mapl0 Vulnerability details In the PEAR Base System The 1. 10. 1 version of the installer, can be in after the redirect does not verify file type and file name, and then allows the remote http server via a specially crafted request to overwrite the hacked server files, such as. htaccess i...

5CVSS7.3AI score0.12513EPSS
Exploits5
seebug.org
seebug.org
added 2016/04/25 12:0 a.m.64 views

XYCMS广告设计中心网站系统 v3.0 view_detail.asp参数id SQL注入漏洞

0x01漏洞简介 XYCMS广告设计中心网站系统采用asp+access架构,其在/viewdetail.asp处对参数id过滤不严格,导致出现SQL注入漏洞。远程攻击者可以利用该漏洞执行SQL指令。 0x02漏洞详情 该系统默认存在一个管理员数据表adminuser,该表包含管理员名称字段admin和密码 md5加密字段password,远程攻击者可以结合union方式获取敏感信息,登陆后台,上传shell。 0x03修复方案 过滤。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/23 12:0 a.m.64 views

cmstop 远程代码执行漏洞(大众版)

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/25 12:0 a.m.64 views

易企CMS install/install.php 代码执行

看代码\install\install.php 作用就是安装该cms,然后把install.php改为install.php.bak。由于apache解析问题,改文件还是会解析成php,然后就可以暴力getshell。 数据库连接文件会写到\include\config.inc.php 由于是双引号可直接shell,无限制。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/13 12:0 a.m.64 views

docker 1.0.0 docker.socket world accessible

CVE-2014-3499 docker.socket world accessible 漏洞类型 设计错误 本地权限提升 漏洞分析 Docker 1.0.0使用全局可读可写的管理套接字,这种设计会允许本地用户利用写套接字,获得特殊的权限。 具体分析 docker.socket 在docker 1.0.0版本时,并没有限制读写socket的权限,导致本地用户任何socket读写都能够完成。 本地用户使用构造的恶意请求写入到socket中会导致root权限执行任意代码。 具体过程 在init/systemd中,...

7.2CVSS8.6AI score0.00393EPSS
Exploits1
seebug.org
seebug.org
added 2016/01/06 12:0 a.m.64 views

泛微e-office E-mobile/Data/downfile.php url参数 任意文件下载

漏洞信息: 泛微e-office是泛微公司面向中小型组织推出的OA产品,简单易用高效,部署快、投资少。提供免费试用体验。至今已为超过一万家客户提供方便高效的办公体验。 泛微e-office存在任意文件上传漏洞导致敏感信息泄漏。 漏洞分析: 漏洞存在于E-mobile/Data/downfile.php $fileurl = $REQUEST'url'; $sessionstr = $REQUEST'sessionkey'; $strexplode = explode ",", $sessionstr ; $sessionkey = $strexplode0; $curruserid =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/23 12:0 a.m.64 views

泛微Eoffice数据库配置文件 mysql_config.ini 下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/15 12:0 a.m.64 views

大汉网站群访问统计系统 /vc/vc/style/opr_copycode.jsp SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/12/14 12:0 a.m.64 views

Windows 权限提升漏洞 CVE-2015-6132

No description provided by source...

7.2CVSS6.5AI score0.84701EPSS
Exploits5
seebug.org
seebug.org
added 2015/12/01 12:0 a.m.64 views

育软电子政务平台SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.64 views

北京希尔自动化OA管理系统/数据库系统 /bnuoa/info/infoShowAction.do 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/20 12:0 a.m.64 views

phpcms v9用户登录处存在sql注入漏洞

password字段如果存在特殊字符,在传入到程序时仍然会被转义,而且在phpsso的login中使用的是username做数据库查询,而不是password。针对第一个问题我们可以使用二次url编码的方法来搞定,在解码之后程序还是用了parsestr对字符串进行了拆解,而这个函数还附带了解url编码的功能。所以,我们只需要在传password内容时传递%2527就可以让单引号出现在phpsso的变量中了。第二个问题也用到parsestr的功能,parsestr在解析“username=123&password=456”这样的字符串,会把它解析为:Array username=123,...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/05/14 12:0 a.m.64 views

用友内部论坛数据备份信息泄露一万多员工已经内部交流信息泄露

简要描述: 看到这有个正在维护的系统,写着"系统正在升级中...将于2011年10月27日正常访问,敬请谅解!" 于是果断扫了目录,果然有数据备份、 涉及一万多的内部人员数据、大量的用友邮箱、还有部分的内部交流信息、 能再上首页吗? 详细说明: 涉及的IP:http://219.141.185.30/wk.htm 备份数据下载地址:http://219.141.185.30/webroot.rar 果断的解压、 数据挺多的,看了下下面这两个比较有意思、 搜了下,涉及用友邮箱一共1500多、 账户总数是一万七千多、 下面这个比较有意思、...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/04/09 12:0 a.m.64 views

某网店系统存在越权漏洞(任意用户信息修改)

简要描述: 某网店系统存在越权漏洞任意用户信息修改 详细说明: 账号 A id=375 账号 B id=376 越权修改账号a的信息 成功修改 demo演示站点呢 一样可以修改收货地址 账号A id=362 账号B id=363 img src="https://images.seebug.org/upload/201504/07000058fd624e353d682fc05a6b2efead0a6338.jpg" alt="2.jpg" width="600" onerror=...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/01/04 12:0 a.m.64 views

大汉网络JCMS任意文件下载

简要描述: 大汉网络文件遍历 详细说明: 漏洞Url: /jcms/m5e/module/voting/down.jsp?filename=a.txt&pathfile=/etc/passwd 下载文件: root:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.64 views

Drupal Core &lt;= 7.32 - SQL Injection (PHP)

No description provided by source. ?php ----------------------------------------------------------------------------- Exploit Title: Drupal core 7.x - SQL Injection Date: Oct 16 2014 Exploit Author: Dustin Dörr Software Link: http://www.drupal.com/ Version: Drupal core 7.x versions prior to 7.32...

7.5CVSS7.2AI score0.99974EPSS
Exploits20
seebug.org
seebug.org
added 2014/08/21 12:0 a.m.64 views

frcms 重装系统

简要描述: 重装了 之后 可以轻松getshell。 详细说明: 在install/index.php中 header"Content-Type: text/html; charset=$lang"; foreachArray'GET','POST','COOKIE' as $request foreach$$request as $k = $v $$k = runmagicquotes$v; function runmagicquotes&$svar if!getmagicquotesgpc if isarray$svar foreach$svar as $k = $v $svar$k...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/24 12:0 a.m.64 views

Microsoft XP SP3 - BthPan.sys Arbitrary Write Privilege Escalation

No description provided by source. """ Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-002 Publication Date: 2014-07-18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt 1. Vulnerability Details Affected Vendor:...

7.2CVSS6.5AI score0.23046EPSS
Exploits21
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

Kayako eSupport <= 2.3.1 (subd) Remote File Inclusion Vulnerability

No description provided by source. Script: Kayako eSupport = 2.3.1 Vendor: Kayako www.kayako.com Discovered: beford xbefordx gmail com Comments: It seems like the vendor silently fixed the issue in the current version more like since v2.3.5 withouth warning users of previous versions, noobs...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow

No description provided by source. $Id: adobecooltypesing.rb 10394 2010-09-20 08:06:27Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

9.3CVSS0.6AI score0.82485EPSS
Exploits13
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

Coppermine Photo Gallery <= 1.4.22 Remote Exploit

No description provided by source. !/usr/bin/perl Coppermine Photo Gallery = 1.4.22 Remote Exploit Need registerglobals = on and magicquotesgpc = off Based on vulnerabilities discussed at http://www.milw0rm.org/exploits/8713 Coded by girex use LWP::UserAgent; ifnot defined $ARGV0 banner; print -...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:...

10CVSS8.3AI score0.73713EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability

No description provided by source. from: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes...

7.2CVSS0.5AI score0.09454EPSS
Exploits35
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

OpenSSL SSLv2 - Null Pointer Dereference Client Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20246/info OpenSSL is prone to a denial-of-service vulnerability. A malicious server could cause a vulnerable client application to crash, effectively denying service. !/usr/bin/perl Copyrightc Beyond Security Written by...

4.3CVSS8.9AI score0.17418EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

Ultimate eShop Error Based SQL Injection Vulnerability

No description provided by source. Exploit Title: Ultimate eShop Error Based SQL Injection Vulnerability Google Dork: inurl:index.cgi?aktion=shopview Date: 19/04/2011 Author: Romka Software Link: http://www.ultimate-eshop.de/ Tested on: Windows XP SP3 Exploit:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability

No description provided by source. ?php // Credit: Mateusz Kocielski, Marek Kroemeke and Filip Palian // Affected Versions: 5.3.3-5.3.6 echo + CVE-2011-1938; echo + there we go...\n; define'EVILSPACEADDR', \xff\xff\xee\xb3; define'EVILSPACESIZE', 102410248; $SHELLCODE =...

7.5CVSS0.7AI score0.22724EPSS
Exploits13
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

Final Draft 8 Multiple Stack Buffer Overflows

No description provided by source. Name : Final Draft 8 Multiple Stack Buffer Overflows Vendor Website : http://www.finaldraft.com/index.php Date Released : 29/11/2011 Affected Software : Final Draft 8.02 Researcher : Nick Freeman [email protected] Description...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

Croogo 1.2.1 - Multiple CSRF Vulnerabilities

No description provided by source. ----------------------------------------------------------------------------------------------- Title: Croogo 1.2.1 Multiple CSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmaildotcom Date: 07. February 2010...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

siemens tecnomatix factorylink 8.0.1.1473 - Multiple Vulnerabilities

No description provided by source. Sources: http://aluigi.org/adv/factorylink1-adv.txt http://aluigi.org/adv/factorylink2-adv.txt http://aluigi.org/adv/factorylink3-adv.txt http://aluigi.org/adv/factorylink4-adv.txt http://aluigi.org/adv/factorylink5-adv.txt...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

Joomla Component joomlaradio 5.0 - Remote File Inclusion Vulnerability

No description provided by source. Joomla Radio v5 Component RFI Bug in : administrator/components/comjoomlaradiov5/admin.joomlaradiov5.php Variable : $mosConfiglivesite Download : http://www.joomlaos.de/option,comremository/Itemid,41/func,fileinfo/id,2661.html Dork: inurl:comjoomlaradiov5 Exampl...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

DFD Cart 1.1 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. DFD Cart 1.1 Multiple Remote File Inclusion Vulnerabilities Vulnerability Type: Remote File Inclusion Vulnerable file: /dfdcart/app.lib/product.control/core.php/product.control.config.php Exploit URL:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

Mambo/Joomla Com_comprofiler 1.0 Plugin.class.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19725/info The Mambo and Joomla comcomprofiler component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

D-Link IP Cameras Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link IP Cameras Multiple Vulnerabilities 1. Advisory Information Title: D-Link IP Cameras Multiple Vulnerabilities Advisory ID: CORE-2013-0303 Advisory URL:...

6.5CVSS0.7AI score0.40353EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability

No description provided by source. PHP - gd library - imageRotatefunction Information Leak Vulnerability Discovered by: Hamid Ebadi, Further research and exploit: Mohammad R. Roohian CSIRT Team Members Amirkabir University APA Laboratory Introduction PHP is a popular web programming language whic...

5CVSS0.3AI score0.08845EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

AWStats (6.0-6.2) configdir Remote Command Execution Exploit (c code)

No description provided by source. / AwStats exploit by Thunder, [email protected] This exploit makes use of the remote command execution bug discovered in AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script. The script does not sanitise correctly the user input for the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

Py-Membres 3.1 Index.PHP Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5849/info A vulnerability has been reported for Py-Membres 3.1 that allows remote attackers to obtain administrative privileges on vulnerable installations. Reportedly, Py-Membres does not fully check some URI parameters...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)

No description provided by source. Source: http://securityreason.com/securityalert/8146 libzip 0.9.3 zipnamelocate NULL Pointer Dereference incl PHP 5.3.5 Author: Maksymilian Arciemowicz http://securityreason.com/ http://cxib.net/ Date: - Dis.: 03.01.2011 - Pub.: 18.03.2011 CVE: CVE-2011-0421 CER...

4.3CVSS0.3AI score0.13514EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

phpBB <= 2.0.20 (Admin/Restore DB/default_lang) Remote Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PhpBB = v2.0.20 \Admin/Restore Database/defaultlang remote commands execution\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo - you need an admin sid, works regardless of...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.64 views

Oracle Document Capture 10.1.3.5 Insecure Method / Buffer Overflow

No description provided by source. Source: http://packetstormsecurity.org/files/view/97871/DSECRG-11-006.txt ActiveX components contain insecure methods. Digital Security Research Group DSecRG Advisory DSECRG-11-006 internal DSECRG-09-066 Application: Oracle Document Capture Versions Affected:...

9.4CVSS6.5AI score0.16177EPSS
Exploits5
Total number of security vulnerabilities5000