Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2007/06/18 12:0 a.m.63 views

FuseTalk Index.CFM SQL注入漏洞

FuseTalk是一款WEB应用程序。 FuseTalk不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Index.CFM'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可导致应用程序处理时更改原来的SQL逻辑,攻击者可以获得敏感信息或者操作数据库。 FuseTalk 2.0 目前没有解决方案提供: http://www.fusetalk.com/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/13 12:0 a.m.63 views

Quagga BGPD UPDATE消息远程拒绝服务漏洞

Quagga是一款基于TCP/IP路由软件套件。 Quagga's bgpd存在一个越界内存读取问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 攻击者发送一个特殊构建的,畸形的多协议可到达/不可到达NLRI属性的UPDATE消息,可触发Quagga's bgpd发生assert而放弃,导致拒绝服务攻击。 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu...

7AI score
Exploits0
seebug.org
seebug.org
added 2007/05/11 12:0 a.m.63 views

TaskDriver <= 1.2 Login Bypass/SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w TaskDriver = 1.2 Login Bypass/SQL Injection Exploit Discovered by: Silentz Payload: Login Bypass & Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code login.php: $sql = "SELECT FROM $userstable WHERE username =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/03/19 12:0 a.m.63 views

Katalog Plyt Audio (pl) <= 1.0 Remote SQL Injection Exploit

No description provided by source. ? / Author: Kacper Contact: [email protected] Homepage: http://www.rahim.webd.pl/ Irc: irc.milw0rm.com:6667 devilteam Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM. Katalog Plyt Audio pl = 1.0 Remote SQL Injection Exploit script download:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/01/10 12:0 a.m.63 views

Sina UC 2006 Activex SendChatRoomOpt Exploit

新浪UC是中国非常流行的IM工具之一 http://www.51uc.com 漏洞的起因是Sina UC的多个ActiveX控件的参数缺乏必要的验证,攻击者构造恶意网页,可以远程完全控制安装了Sina UC 的用户的计算机, 多个控件存在栈溢出问题,包括但不限于: 1. clsid:77AE4780-75E0-4CB0-A162-D1BBE3D50384 C:\Program Files\sina\UC\ActiveX\BROWSER2UC.dll Sub SendChatRoomOpt ByVal astrVerion As String , ByVal astrUserID As...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/22 12:0 a.m.63 views

PHPProfiles远程文件包含漏洞

PHPProfiles是一款基于PHP的WEB应用程序。 PHPProfiles不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于多个脚本对用户提交的WEB参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 phpProfiles phpProfiles 3.1.2b phpProfiles phpProfiles 2.1 http://sourceforge.net/project/showfiles.php?groupid=176310...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/14 12:0 a.m.63 views

PHP-Fusion Maincore.PHP SQL注入漏洞

PHP-Fusion是一款基于PHP的内容管理程序。 PHP-Fusion不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Maincore.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 PHP-Fusion PHPFusion 6.1.4 PHP-Fusion PHP-Fusion 6.0.307 PHP-Fusion PHP-Fusion 6.0.204 PHP-Fusion PHP-Fusion 6.0.110 PHP-Fusion PHP-Fusion...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/11/26 12:0 a.m.63 views

MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit

No description provided by source. !/usr/bin/perl """"""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2005/03/04 12:0 a.m.63 views

Apache <= 2.0.52 HTTP GET request Denial of Service Exploit

No description provided by source. !/usr/bin/perl Based on - apache-squ1rt.c exploit. Original credit goes to Chintan Trivedi on the FullDisclosure mailing list: http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html More info - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942...

5CVSS0.4AI score0.55105EPSS
Exploits7
seebug.org
seebug.org
added 2018/07/05 12:0 a.m.62 views

DouPHP-多处物理路径泄露

...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2018/05/17 12:0 a.m.62 views

Adobe Acrobat Reader DC Net.Discovery.queryServices Remote Code Execution Vulnerability(CVE-2018-4996)

Summary A specific Javascript script embedded in a PDF file can lead to a pointer to previously freed object to be reused when opening a PDF document in Adobe Acrobat Reader DC 2018.009.20044. With careful memory manipulation, this can potentially lead to sensitive memory disclosure or arbitrary...

9.6AI score0.09178EPSS
Exploits1
seebug.org
seebug.org
added 2017/12/12 12:0 a.m.62 views

Pomelo Admin Console Web存在任意文件写入漏洞

...

1.4AI score
Exploits0
seebug.org
seebug.org
added 2017/11/29 12:0 a.m.62 views

Tinysvcmdns Multi-label DNS Heap Overflow Vulnerability(CVE-2017-12087)

Summary An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this...

9.3AI score0.01943EPSS
Exploits3
seebug.org
seebug.org
added 2017/11/14 12:0 a.m.62 views

Wordpress SQLi — PoC

In order to understand the writing here, you need to read the previous explanation https://medium.com/websec/wordpress-sqli-bbb2afcc8e94. If you got it, then we can jump to the part and solve the question e.g. how to update / insert our sql payload into thumbnailid post meta. PoC start - Login to...

7.9AI score
Exploits0
seebug.org
seebug.org
added 2017/10/17 12:0 a.m.62 views

Apple Image I/O EXR Compression Remote Code Execution Vulnerability(CVE-2016-4630)

SUMMARY An exploitable heap based buffer overflow exists in the handling of EXR images on OS X. A crafted EXR document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved EXR file delivered by other means when opened in any...

6.8CVSS9.7AI score0.03576EPSS
Exploits2
seebug.org
seebug.org
added 2017/09/12 12:0 a.m.62 views

National Instruments LabVIEW RSRC Arbitrary Null Write Code Execution Vulnerability(CVE-2017-2779)

Summary An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW. A specially crafted VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this...

6.8CVSS7.7AI score0.02168EPSS
Exploits2
seebug.org
seebug.org
added 2017/04/17 12:0 a.m.62 views

XNU kernel UaF due to lack of locking in set_dp_control_port (CVE-2016-7644)

setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostprivt hostpriv, ipcportt controlport if hostpriv == HOSTPRIVNULL return KERNINVALIDHOST; if IPVALIDdynamicpagercontrolport ipcportreleasesenddynamicpagercontrolport;...

9.3CVSS7.7AI score0.0676EPSS
Exploits7
seebug.org
seebug.org
added 2017/02/23 12:0 a.m.62 views

macOS HelpViewer XSS leads to arbitrary file execution and arbitrary file read(CVE-2017-2361)

HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open /Applications/Safari.app/Contents/Resources/Safari.help or using "help:" scheme: help:openbook=com.apple.safari.help...

4.3CVSS6.9AI score0.17134EPSS
Exploits2
seebug.org
seebug.org
added 2017/02/06 12:0 a.m.62 views

Jenkins remote code execution vulnerability (CVE-2017-2608)

No description provided by source...

8.6AI score0.06308EPSS
Exploits1
seebug.org
seebug.org
added 2016/12/16 12:0 a.m.62 views

Nagios Core < 4.2.4 - Root Privilege Escalation (CVE-2016-9566)

INTRODUCTION ------------------------- Nagios Core daemon in versions below 4.2.4 was found to perform unsafe operations when handling the log file. This could be exploited by malicious local attackers to escalate their privileges from 'nagios' system user, or from a user belonging to 'nagios'...

7.5CVSS9.2AI score0.22684EPSS
Exploits11
seebug.org
seebug.org
added 2016/08/09 12:0 a.m.62 views

Paviansystems product_detail.php parameters product_id SQL injection vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/02/26 12:0 a.m.62 views

Jenkins 低权限用户 API 服务调用 可致远程命令执行

漏洞演示 将 Jenkins 跑起来后,在低权限用户下构造 XML 文档: hashCode open /Applications/Calculator.app false 0 0 0 start 1 发送 Payload 至接口 http://...:8080/jenkins/createItem?name=knownsec: 成功后服务端会运行 计算器 程序。 漏洞影响 影响版本: 1.650 (1.650版本已修复该问题) 从zoomeye.org上搜索设备指纹“Jenkins” 从搜索的结果来看,约存在20000个潜在受到影响的目标。 相关链接...

9CVSS8.6AI score0.82697EPSS
Exploits23
seebug.org
seebug.org
added 2016/01/12 12:0 a.m.62 views

phpok v4.3.18 index.php 信息泄漏漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/07 12:0 a.m.62 views

PycURL远程代码执行漏洞

简要描述: 利用pycurl上传文件时,如果文件内容是unicode类型,那么会产生Use After Free漏洞 详细说明: 文件名: pycurl\src\easy.c 如果setopt给定的FORMBUFFERPTR的内容是Unicode,如 curl.setoptpycurl.HTTPPOST, 'field2', pycurl.FORMBUFFER, 'uploaded.file', pycurl.FORMBUFFERPTR, u'test', 那么会进入如下流程: 代码1571行会先把unicode转换成str,ostr和olen,分别是str的字符串指针和长度...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/06 12:0 a.m.62 views

泛微e-office E-mobile/Data/downfile.php url参数 任意文件下载

漏洞信息: 泛微e-office是泛微公司面向中小型组织推出的OA产品,简单易用高效,部署快、投资少。提供免费试用体验。至今已为超过一万家客户提供方便高效的办公体验。 泛微e-office存在任意文件上传漏洞导致敏感信息泄漏。 漏洞分析: 漏洞存在于E-mobile/Data/downfile.php $fileurl = $REQUEST'url'; $sessionstr = $REQUEST'sessionkey'; $strexplode = explode ",", $sessionstr ; $sessionkey = $strexplode0; $curruserid =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.62 views

Linux Local Root =&gt; 2.6.39 (32-bit &amp; 64-bit) - Mempodipper #2

No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per usual, this time I've put it in a rather...

6.9CVSS7.9AI score0.10904EPSS
Exploits11
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.62 views

Linux PolicyKit Race Condition Privilege Escalation

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit4 Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE include Msf::Post::File include...

6.9CVSS6.7AI score0.05246EPSS
Exploits17
seebug.org
seebug.org
added 2014/09/02 12:0 a.m.62 views

万户OA某页面通用性SQL注入(又影响N个政府网和医疗机构)

简要描述: 其实我一直琢磨,之前发的那个,为什么有一部分不能注入,后来找了找,发现不能注入的都是oracle数据库,很好奇。。。然后……就发现了这个通用注入。。例子中,涉及淮北市卫生局,内蒙古海勃湾区市政府、怀远县政府等多家政府单位和医疗机构。在注入时貌似有些限制,凌晨1:45了,就不继续测试了,该睡觉了。。 详细说明: 万户OA协同管理系统,存在POST注入 问题链接:defaultroot/mobile/index.jsp 该登陆框,username处没有做过滤,导致了POST注入 详细看图吧。。。 漏洞证明:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/21 12:0 a.m.62 views

frcms 重装系统

简要描述: 重装了 之后 可以轻松getshell。 详细说明: 在install/index.php中 header"Content-Type: text/html; charset=$lang"; foreachArray'GET','POST','COOKIE' as $request foreach$$request as $k = $v $$k = runmagicquotes$v; function runmagicquotes&$svar if!getmagicquotesgpc if isarray$svar foreach$svar as $k = $v $svar$k...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/24 12:0 a.m.62 views

Microsoft XP SP3 MQAC.sys - Arbitrary Write Privilege Escalation

No description provided by source. Title: Microsoft XP SP3 MQAC.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-003 Publication Date: 2014.07.18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-003.txt 1. Vulnerability Details Affected Vendor: Microsof...

7.2CVSS6.5AI score0.23046EPSS
Exploits21
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

Windows Afd.sys - Privilege Escalation Exploit (MS11-080)

No description provided by source. MS11-080 - CVE-2011-2005 Afd.sys Privilege Escalation Exploit Author: [email protected] - Matteo Memelli Spaghetti & Pwnsauce yuck! 0xbaadf00d Elwood@mac&cheese.com Thx to dookielifesaver2000ca, dijital1 and ronin for helping out! To my Master Shifu muts: So...

7.2CVSS7.6AI score0.31761EPSS
Exploits12
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

Namad (IMenAfzar) 2.0.0.0 - Remote File Disclosure Vulnerability

No description provided by source. Securitylab.ir Application Info: Name: Namad Version: 2.0.0.0 Website: http://imenafzar.com Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Remote File Download...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

shop7z 注入漏洞2

简要描述: shop7z 注入漏洞2 详细说明: News.asp 漏洞证明: 测试 192.168.236.131/news.asp?lid=1' http://www.shop7z.com/Demo/news.asp?lid=1%27...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

SAP Netweaver Message Server Multiple Vulnerabilities

No description provided by source. 1. Advisory Information Title: SAP Netweaver Message Server Multiple Vulnerabilities Advisory ID: CORE-2012-1128 Advisory URL: http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities Date published: 2013-02-13 Date of last update:...

8.7AI score0.22612EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

mygamingladder MGL Combo System <= 7.5 game.php SQL injection Exploit

No description provided by source. ----------------------------Information------------------------------------------------ +Name : mygamingladder MGL Combo System = 7.5 game.php SQL injection Exploit +Autor : Easy Laster +Date : 10.10.2010 +Script : mygamingladder MGL Combo System = 7.5 +Price :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

ApPHP MicroBlog 1.0.1 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/python import random import hashlib import urllib from base64 import b64encode as b64 import sys import re Exploit Title: Python exploit for ApPHP MicroBlog 1.0.1 Free Version - RCE Exploit Author: LOTFREE Version: ApPHP MicroBlog 1.0.1 Free Version...

6.6AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

QT-cute QuickTalk Guestbook 1.6 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/29013/info QT-cute QuickTalk Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

Pandora FMS <= 3.1 - Blind SQL Injection

No description provided by source. + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applicatio...

7.5CVSS0.3AI score0.05339EPSS
Exploits8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

Linux Kernel /dev/ptmx Key Stroke Timing Local Disclosure

No description provided by source. !/bin/bash ptmx-su-pwdlen.sh -- This PoC determine the password length of a local user who runs su -. Done thanks to the ptmx keystroke timing attack CVE-2013-0160. See http://vladz.devzero.fr/013ptmx-timing.php for more information. Tested on Debian 6.0.5 kerne...

2.1CVSS6.7AI score0.00732EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

Parallels H-Sphere 3.0/3.1 'login.php' Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/31256/info H-Sphere is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

Metinfo 3.0 - Multiple Vulnerabilities

No description provided by source. Exploit Title: metinfo3.0 Mullti Vulnerability Date : 10-11-2010 Author : anT!-Tr0J4n Version : 3.0 DorK : Powered by MetInfo 3.0 Home : www.Dev-PoinT.com : http://milw0rm.ws Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tcom Vendor� : http://www.metinfo.cn/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

Microsoft Office 2000/2002 Property Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18911/info Microsoft Office is prone to a code-execution vulnerability. This is due to a failure to handle exceptional conditions. Successfully exploiting this issue allows attackers to corrupt process memory and to execu...

9.3CVSS6.5AI score0.38839EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

glibc LD_AUDIT arbitrary DSO load Privilege Escalation

No description provided by source. !/bin/sh I Can't Read and I Won't Race You Either by zx2c4 This is an exploit for CVE-2010-3856. A while back, Tavis showed us three ways to exploit flaws in glibc's dynamic linker involving LDAUDIT. 1 2 The first way involved opening a file descriptor and using...

7.2CVSS0.1AI score0.09454EPSS
Exploits24
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

ImageVue 2.0 - Remote Admin Login Exploit

No description provided by source. Author: Sora Software Link: http://www.imagevuex.com/ Version: 2.0 Tested on: Windows and Linux --------------------------------- / ImageVue 2.0 Remote Admin Login Exploit Created by Sora Contact: vhr95zw at hotmail.com / + Google Dork: inurl:/admin/ ImageVue +...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability

No description provided by source. Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10, Ubuntu 11.04 CVE : CVE-2011-2777 -- Safeguard...

4.4CVSS0.00612EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.62 views

Squirrelcart <= 2.2.0 (cart_content.php) Remote Inclusion Vulnerability

No description provided by source. Title : Squirrelcart = 2.2.0 Remote File Inclusion URL : http://www.ldev.com/ google Dork : inurl:/squirrelcart/ Author : OLiBekaS greetz : Skulmatic, weleh, brokencode, bigmaster and all papmahackerlink crew Exploit :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/04/16 12:0 a.m.62 views

LibreOffice OpenSSL TLS心跳信息泄漏漏洞

CVE ID:CVE-2014-0160 LibreOffice是一套可与其他主要办公室软体相容的套件,可在各种平台上执行。 LibreOffice所绑定的OpenSSL存在安全漏洞,OpenSSL处理TLS”心跳“扩展存在一个边界错误,允许攻击者利用漏洞获取64k大小的已链接客户端或服务器的内存内容。内存信息可包括私钥,用户名密码等。 0 LibreOffice 4.x LibreOffice 4.2.3版本已修复该漏洞,建议用户下载使用: http://www.libreoffice.org/...

5CVSS8.2AI score0.99999EPSS
Exploits87
seebug.org
seebug.org
added 2014/03/16 12:0 a.m.62 views

Maccms V8 注入两枚

简要描述: 过滤不严。无需单引号。同一文件。 详细说明: 在inc/user/alipay/alipayapi.php中 $outtradeno = $POST'WIDouttradeno';//可控 //商户网站订单系统中唯一订单号,必填 //订单名称 $subject = $POST'WIDsubject'; //必填 //付款金额 $price = $POST'WIDprice'; //必填 //商品数量 $quantity = "1"; //必填,建议默认为1,不改变值,把一次交易看成是一次下订单而非购买一件商品 //物流费用 $logisticsfee = "0.00";...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/03/11 12:0 a.m.62 views

FreeType 'src/cff/cf2ft.c'远程拒绝服务漏洞

BUGTRAQ ID: 66292 CVE ID:CVE-2014-2241 FreeType是一个流行的字体函数库。 FreeType 'src/cff/cf2ft.c'中的cf2initLocalRegionBuffer, cf2initGlobalRegionBuffer函数存在一个断言失败错误,允许攻击者利用漏洞构建恶意字体,诱使应用解析,可使应用程序崩溃。 0 FreeType 2.5.3 厂商补丁: FreeType ----- 用户可参考厂商的GIT库以获得补丁修复此漏洞:...

6.8CVSS0.5AI score0.01571EPSS
Exploits2
seebug.org
seebug.org
added 2014/02/20 12:0 a.m.62 views

程氏舞曲CMS最新版某处SQL注射漏洞(官方演示站)

简要描述: 今天刚看到这个网站,于是就射了一吧! 详细说明: 在歌曲搜索的地方,敲了一个单引号,于是就出现了如下的错误,其中单引号要转码为%27 http://demo.chshcms.com/index.php/dance/so/key/%27 然后构造了一下http://demo.chshcms.com/index.php/dance/so/key/wooyun' or '%'=' 转码后为http://demo.chshcms.com/index.php/dance/so/key/wooyun%27%20or%20%27%25%27%3D%27 所有的歌曲都查询出来了!...

7.1AI score
Exploits0
Total number of security vulnerabilities5000