Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2013/05/17 12:0 a.m.61 views

Apache Tomcat 信息泄露漏洞(CVE-2013-2071)

BUGTRAQ ID: 59798 CVECAN ID: CVE-2013-2071 Apache Tomcat是一个流行的开源JSP应用服务器程序。 Tomcat 7.0.0 - 7.0.39内,AsyncListener的onComplete在执行某些情况下的请求管理时存在运行时异常,org.apache.catalina.connector.Request会因此不再循环。远程攻击者可利用此漏洞获取敏感信息。 0 Apache Group Tomcat 7.0.0 - 7.0.39 厂商补丁: Apache Group ------------...

2.6CVSS6.2AI score0.06501EPSS
Exploits2
seebug.org
seebug.org
added 2013/04/28 12:0 a.m.61 views

WebKit 'FrameLoader::checkCompleted()'函数释放后重用远程代码执行漏洞

BUGTRAQ ID: 59515 CVECAN ID: CVE-2013-0902 WebKit是一个开源的浏览器引擎,也是苹果Mac OS X 系统引擎框架版本的名称,主要用于Safari,Dashboard,Mail和其他一些Mac OS X 程序。 WebKit 1.11.5、1.10.2在 readystatechange 事件中删除子帧时,函数 'FrameLoader::checkCompleted' WebCore/loader/FrameLoader.cpp存在释放后重用错误,通过特制的网页,上下文独立的攻击者可间接引用已经释放的内存并可能执行任意代码。 0 WebKi...

7.5CVSS6.4AI score0.01081EPSS
Exploits1
seebug.org
seebug.org
added 2013/01/22 12:0 a.m.61 views

php-Charts 'url.php'任意PHP代码执行漏洞

BUGTRAQ ID: 57448 php-Charts是PHP图表和绘图组件,为Web应用呈现动态的、数据驱动的、HTML5图表。 php-Charts 1.0及其他版本没有正确验证 wizard/url.php 内的GET参数值,即用在 "eval" 调用内,可被利用执行任意PHP代码。 0 php-Charts 1.x 厂商补丁: php-Charts ---------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://phpchart.net/...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2013/01/09 12:0 a.m.61 views

ThinkSNS某处任意上传文件漏洞,获取官方站点控制权

简要描述: ThinkSNS某处任意上传文件漏洞,可导致网站沦陷、用户数据泄露,你说是不是高危? 详细说明: ThinkSNS群组上传文档处存在任意上传文件漏洞,可导致四个网站沦陷、用户数据泄露,你说是不是高危? 1.我们打开一个群组上传文档 2.开始抓包,上传一个图片网马比如yy.jpg,然后在包里面改为yy.php 3.于是上传成功 看看文件,额 4.连一连 5.跨一跨 img src="https://images.seebug.org/upload/201301/090...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/11/09 12:0 a.m.61 views

Ecshop 2.7.3 user.php Sql注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/06/27 12:0 a.m.61 views

Symantec PcAnywhere 12.5.0 Login and Password Field Buffer Overflow

No description provided by source. !/usr/bin/python Exploit Title: Symantec PcAnywhere login and password field buffer overflow Date: 2012.06.27 Author: S2 Crew Hungary Software Link: symantec.com Version: 12.5.0 Tested on: Windows XP SP2 CVE: CVE-2011-3478 Code : import socket import time import...

10CVSS0.7AI score0.39308EPSS
Exploits10
seebug.org
seebug.org
added 2012/06/08 12:0 a.m.61 views

Drupal 7.x 核心路径泄露漏洞

BUGTRAQ ID: 53454 Drupal是一款开放源码的内容管理平台。 Drupal 7.14之前版本在实现上存在路径泄露漏洞,通过错误信息中泄露安装路径的index.php的q参数,includes/bootstrap.inc内的requestpath函数可允许远程攻击者获取敏感信息。 0 Drupal 7.x 厂商补丁: Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.drupal.org/ http://localhost/?q=x ------------------------------------...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2011/12/08 12:0 a.m.61 views

Adobe Reader U3D数据处理代码执行漏洞

BUGTRAQ ID: 50922 CVE ID: CVE-2011-2462 Adobe Reader也被称为Acrobat Reader是美国Adobe公司开发的一款优秀的PDF文档阅读软件。Acrobat是1993年推出针对企业、技术人员和创意专业人士的系列产品,使智能文档的传送和协作更为灵活、可靠和安全。 Adobe Acrobat和Reader在处理U3D数据中包含的畸形结构时存在内存破坏漏洞,攻击者可利用此漏洞造成崩溃并完全控制受影响系统 Adobe Reader 9.x Adobe Reader 10.x 临时解决方法:...

10CVSS1.9AI score0.86238EPSS
Exploits11
seebug.org
seebug.org
added 2011/09/29 12:0 a.m.61 views

Cisco IOS Smart Install远程代码执行漏洞

BUGTRAQ ID: 49828 CVE ID: CVE-2011-3271 Cisco的网际操作系统(IOS)是一个网际互连优化的复杂操作系统。 Cisco IOS的Smart Install功能在实现上存在漏洞,远程非法攻击者可利用此漏洞在受影响设备上执行任意代码。 此漏洞源于运行Cisco IOS Software的Cisco Catalyst Switches中的Smart Install功能,Smart Install使用TCP端口4786进行通信,要触发此漏洞需要完整的TCP三方握手的连接。 Cisco IOS 15.x Cisco IOS 12.x 厂商补丁: Cisco...

10CVSS6.4AI score0.10757EPSS
Exploits1
seebug.org
seebug.org
added 2011/07/29 12:0 a.m.61 views

Red Hat Linux Kernel VLAN报文处理远程拒绝服务漏洞

Bugtraq ID: 48907 CVE ID:CVE-2011-1576 Red Hat是一款基于linux内核的发行版本。 napireuseskb函数仅用于GRO的报文合并,如果用于VLAN路径可导致内存泄露/破坏。远程攻击者可以利用此漏洞使内核崩溃。 RedHat Enterprise Linux 5 server Red Hat Enterprise Virtualization Hypervisor for RHEL 5 0 Red Hat Enterprise Linux Desktop 5 client OpenVZ Project OpenVZ 028stab091....

5.7CVSS0.1AI score0.00994EPSS
Exploits1
seebug.org
seebug.org
added 2011/06/25 12:0 a.m.61 views

Linux Kernel agp_allocate_memory/agp_create_user_memory本地权限提升漏洞

BUGTRAQ ID: 47535 CVE ID: CVE-2011-1746 Linux Kernel是Linux操作系统的内核。 Linux Kernel在agpallocatememory/agpcreateusermemory的实现上存在本地权限提升漏洞,本地攻击者可利用此漏洞以内核权限执行任意代码,造成完全控制受影响计算机。...

6.9CVSS0.2AI score0.00419EPSS
Exploits2
seebug.org
seebug.org
added 2010/07/10 12:0 a.m.61 views

sphider v1.3.5 Remote File Inclusion Vulnerability

No description provided by source. ====================================================================================+ sphider Remote File inclusion ====================================================================================+| | Li0n-PaL sTiLL Str1k3z y0u!! | |...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/06/23 12:0 a.m.61 views

Adobe Flash Player LocalConnection内存破坏漏洞

BUGTRAQ ID: 40798 CVE ID: CVE-2010-2188 Flash Player是一款非常流行的FLASH播放器。 Flash Player通过ActionScript原始对象号2200所暴露的connect方式存在内存破坏漏洞。如果使用不同字符串多次调用了 LocalConnection函数,就可以触发这个漏洞,导致以运行浏览器用户的权限执行任意代码。 Adobe Flash Player 9.x Adobe Flash Player 10.x Adobe AIR = 1.5.3.9130 厂商补丁: Adobe -----...

9.3CVSS0.7AI score0.06751EPSS
Exploits1
seebug.org
seebug.org
added 2010/02/28 12:0 a.m.61 views

Joomla Component com_yanc SQL Injection Vulnerability

No description provided by source. ============================================================================== » Joomla comyanc Remote Sql Injection Vulnerability ============================================================================== » Script: Joomla » Language: PHP » Founder: Snakespc...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2010/02/20 12:0 a.m.61 views

Firefox showModalDialog()方法跨域脚本执行漏洞

CVE ID: CVE-2009-3988 Firefox是一款流行的开源WEB浏览器。 Firefox的同源策略实现上存在漏洞,远程攻击者可能通过使用showModalDialog JavaScript方法绕过权限限制,获取其他浏览网面的信息。 利用此漏洞需要一定的用户交互发生。 Mozilla Firefox 3.0.x 厂商补丁: Mozilla ------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.mozilla.org/security/announce/2010/mfsa2010-04.html...

5CVSS0.3AI score0.02147EPSS
Exploits1
seebug.org
seebug.org
added 2009/12/31 12:0 a.m.61 views

DieselPay 1.6 Multiple Vulnerabilities

No description provided by source. ======================================================================================== | Title : DieselPay 1.6 Multi Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 |...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/12/27 12:0 a.m.61 views

Info Fisier 1.0 multiple Vulnerabilities

No description provided by source. + Author : kaozc9 + Email : [email protected] + Site : www.paradisextem.co.cc + Team : ParadisexTeam + Dork : Powered by Info Fisier. =========================================XSS================================================== Affected Files:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/10/27 12:0 a.m.61 views

Adobe Acrobat Reader 7-9 U3D BoF

No description provided by source. Copyright c 2009, Felipe Andres Manzano [email protected] All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source...

9.3CVSS8.8AI score0.18445EPSS
Exploits9
seebug.org
seebug.org
added 2009/09/30 12:0 a.m.61 views

WinRAR v3.80 - ZIP Filename Spoofing

No description provided by source. ======================================================= Security Advisory: WinRAR v3.80 - ZIP Filename Spoofing ======================================================= Security Researcher Info: ========================= Discovered by: Christian Navarrete chr1x -...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2009/09/01 12:0 a.m.61 views

Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit

No description provided by source. / 0x82-CVE-2009-2698 Linux kernel 2.6 2.6.19 32bit ipappenddata local ring0 root exploit Tested White Box 42.6.9-5.ELsmp, CentOS 4.42.6.9-42.ELsmp, CentOS 4.52.6.9-55.ELsmp, Fedora Core 42.6.11-1.1369FC4smp, Fedora Core 52.6.15-1.2054FC5, Fedora Core...

7.2CVSS0.1AI score0.07121EPSS
Exploits18
seebug.org
seebug.org
added 2009/06/06 12:0 a.m.61 views

OpenSSL ChangeCipherSpec DTLS报文拒绝服务漏洞

BUGTRAQ ID: 35174 CVECAN ID: CVE-2009-1386 OpenSSL是一种开放源码的SSL实现,用来实现网络通信的高强度加密,现在被广泛地用于各种网络应用程序中。 如果在ClientHello报文之前发送了DTLS ChangeCipherSpec报文,就可能在OpenSSL的ssl/s3pkt.c文件中触发空指针引用,导致拒绝服务的情况。 OpenSSL 0.9.8i 厂商补丁: OpenSSL Project --------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

5CVSS0.8AI score0.80134EPSS
Exploits9
seebug.org
seebug.org
added 2009/05/07 12:0 a.m.61 views

Linux Kernel af_rose实现整数溢出漏洞

BUGTRAQ ID: 34654 CVECAN ID: CVE-2009-1265 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的sys/net/afrose.c文件中的rosesendmsg函数没有正确地验证报文中的len值。假设len为很大的值,如0xfffffff8,则size就可能会被溢出: size = len + AX25BPQHEADERLEN + AX25MAXHEADERLEN + ROSEMINLEN; 导致生成的缓冲区过小: if skb = sockallocsendskbsk, size, msg-msgflag...

5CVSS0.2AI score0.03173EPSS
Exploits2
seebug.org
seebug.org
added 2009/02/13 12:0 a.m.61 views

BlackBerry Application Web Loader ActiveX控件栈溢出漏洞

BUGTRAQ ID: 33663 CVECAN ID: CVE-2009-0305 BlackBerry Application Web Loader是用于通过PC和Internet Explorer向BlackBerry设备加载应用程序的ActiveX控件。 BlackBerry Application Web Loader ActiveX控件(AxLoader.ocx或AxLoader.dll)的load和loadJad方式存在栈溢出漏洞。如果用户受骗访问了恶意网页并向上述方式传送了超长输入的话,就可以触发这个溢出,导致在用户浏览器会话中执行任意代码。 Research In...

9.3CVSS6.4AI score0.12844EPSS
Exploits2
seebug.org
seebug.org
added 2008/12/13 12:0 a.m.61 views

Xpoze Pro (home menù) <= Blind $ql Injection

No description provided by source. ■ Xpoze Pro home menù = Blind $ql Injection --------------------------------------- AuToR: XaDoS SecurityCode Team Contact M&: xados at hotmail dot it B§g: Blind $ql inJection SIte vuln: http://www.xpoze.org/ --------------------------------------- ■ ExPL0iT:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/12/09 12:0 a.m.61 views

Sun Java JDK/JRE安全更新修复多个漏洞

BUGTRAQ ID: 32620,32608 CVECAN ID:...

10CVSS0.1AI score0.84807EPSS
Exploits23
seebug.org
seebug.org
added 2008/11/30 12:0 a.m.61 views

WPA加密标准TKIP密钥破解漏洞

BUGTRAQ ID: 32164 CVECAN ID: CVE-2008-5230 WPA加密即Wi-Fi Protected Access,是无线网络广泛使用的加密标准。 很多对Wi-Fi网络使用WPA和WPA2加密的产品没有安全地实现临时密钥完整性协议(TKIP),如果远程攻击者发送了特制的回放报文的话,就可能较容易的破解从AP发送给客户端的报文,然后执行ARP欺骗或其他攻击。...

6.8CVSS6.5AI score0.01594EPSS
Exploits2
seebug.org
seebug.org
added 2008/09/10 12:0 a.m.61 views

Dnsmasq DCHP租期多个远程拒绝服务漏洞

BUGTRAQ ID: 31017 CVE ID:CVE-2008-3350 CNCVE ID:CNCVE-20083350 Dnsmasq是一款轻量级的DNS服务程序。 Dnsmasq处理租期存在多个安全问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 -当未知客户端尝试刷新DHCP租期时存在问题可导致应用程序崩溃。 -当一个没有租期的主机处理DHCPINFORM时可导致应用程序崩溃。 Gentoo net-dns/dnsmasq 2.43 Dnsmasq Dnsmasq 2.43 升级到最新版本:...

5CVSS6.6AI score0.0169EPSS
Exploits1
seebug.org
seebug.org
added 2008/07/24 12:0 a.m.61 views

BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta)

No description provided by source. / \ / \ | | | | ----====/ /\/ /\ | || |====---- | | | || | | | | | | | | | | | | | ------======\ / /| || || || |======------ / || || / Computer Academic Underground http://www.caughq.org Exploit Code...

5CVSS0.95182EPSS
Exploits20
seebug.org
seebug.org
added 2008/06/29 12:0 a.m.61 views

Linux Kernel 32-bit/64bit仿真本地信息泄漏漏洞

BUGTRAQ ID: 29942 CVE ID:CVE-2008-0598 CNCVE ID:CNCVE-20080598 Linux是一款开放源代码的操作系统。 Linux 32和64位仿真模拟存在缺陷,本地攻击者可以利用漏洞构建特殊的程序,触发泄漏未初始化内存而导致敏感信息泄漏。 目前没有详细漏洞细节提供。 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat...

4.9CVSS0.0037EPSS
Exploits1
seebug.org
seebug.org
added 2008/02/03 12:0 a.m.61 views

Linux Kernel PowerPC chrp/setup.c文件空指针引用漏洞

BUGTRAQ ID: 27555 CVECAN ID: CVE-2007-6694 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel在PowerPC平台上执行里存在漏洞,本地攻击者可能利用此漏洞导致拒绝服务。 当运行在PowerPC时,Linux Kernel的chrp/setup.c文件中的chrpshowcpuinfo函数可能会出现崩溃。如果本地攻击者导致ofgetproperty函数失败的话,就会触发空指针引用,导致拒绝服务的情况。 Linux kernel 2.4.21 - 2.6.18-53 厂商补丁: RedHat ------...

7.8CVSS2.3AI score0.02589EPSS
Exploits1
seebug.org
seebug.org
added 2007/12/14 12:0 a.m.61 views

MySQL Server权限提升及拒绝服务漏洞

BUGTRAQ ID: 26832br / CVECAN ID: CVE-2007-6303,CVE-2007-6304br / br / MySQL是一款使用非常广泛的开放源代码关系数据库系统,拥有各种平台的运行版本。br / br / 在视图已经更改时MySQL没有更新视图的DEFINER值,这允许已认证的远程攻击者通过一系列的CREATE SQL SECURITY DEFINER VIEW和ALTER VIEW语句获得权限提升。 br / br / MySQL的federated引擎在执行某些SHOW TABLE...

5CVSS0.1AI score0.0296EPSS
Exploits3
seebug.org
seebug.org
added 2007/11/23 12:0 a.m.61 views

VigileCMS <= 1.8 Stealth Remote Command Execution Exploit

No description provided by source. !/usr/bin/python -- coding: iso-8859-15 -- ''' | || | | | | | ' / -||| ' / | '/ / / \ \ / ||||||| ./,|| ,,/\ || ------------------------------------------------------------------------------------------------ This is a Public Exploit. 22/10/2007...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/09/29 12:0 a.m.61 views

mxBB Module mx_glance 2.3.3 Remote File Include Vulnerability

No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + mxBB Module mxglance 2.3.3 Remote File Include Vulnerability + + + + Discovered by bd0rk || SOH-Crew + + + + www.soh-crew.it.tt + + + + The german Coding and IT-Security Ressource + + +...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/25 12:0 a.m.61 views

Apache Mod_Mem_Cache远程信息泄露漏洞

Apache是一款开放源代码的HTTP服务程序。 Apache包含的modmemcache模块存在信息泄露问题,远程攻击者可以利用漏洞获得对敏感数据的访问。 在使用modmemcache缓存部分小文件时,在部分条件下,会应答部分错误的HTTP头部数据,包括多个头字段,错误的ETag值,攻击者可以利用这些信息对系统进行进一步攻击。 Apache Software Foundation Apache 2.2.4 可参考如下安全公告: http://people.apache.org/covener/2.2.x-modmemcache-poolmgmt.diff...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/13 12:0 a.m.61 views

Link Request Contact Form任意文件上传漏洞

Link Request Contact Form允许用户请求向其他站点添加自己站点的链接横幅。 Link Request Contact Form在处理文件上传时存在漏洞,远程攻击者可能利用此漏洞上传恶意脚本执行代码。 Link Request Contact Form的output.php脚本没有验证所上传文件的扩展名,因此攻击者可以上传有.php扩展名的文件然后在服务器上执行任意PHP代码。成功攻击要求在HTTP头中传送允许的MIME媒体类型。 American Financing Link Request Contact Form 3.4 American Financing...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/04/27 12:0 a.m.61 views

Asterisk SIP T.38 SDP解析远程栈溢出漏洞

Asterisk是一款PBX系统的软件,运行在Linux系统上,支持使用SIP、IAX、H323协议进行IP通话。 Asterisk的SIP/SDP处理器中存在多个远程栈溢出漏洞,远程攻击者可能利用此漏洞控制服务器。 如果所发送SIP报文中的SDP数据包含有超长的T38参数的话,就可以触发这个溢出,导致执行任意代码。这个漏洞是由chansip.c文件中的processsdp函数调用sscanf所导致的: else if sscanfa, "T38FaxRateManagement:%s", s == 1 found = 1; if optiondebug 2 astlogLOGDEBUG...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/04/10 12:0 a.m.61 views

Ipswitch WS_FTP 5.05 Server Manager Local Site Buffer Overflow Exploit

No description provided by source. / Ipswitch WSFTP 5.05 Server Manager Local Site Buffer Overflow ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/01/18 12:0 a.m.61 views

FileZilla Options和QueueCTRL模块多个未明缓冲区溢出漏洞

FileZilla是一款免费的FTP 客户端软件。 FileZilla包含的Transfer队列和使用注册表存储设置存在缓冲区溢出,远程攻击者可以利用漏洞进行拒绝服务或任意代码执行攻击。 目前没有详细漏洞细节提供。 FileZilla 2.2.30 FileZilla 2.2.29 FileZilla 2.2.28 FileZilla 2.2.28 FileZilla 2.2.27 FileZilla 2.2.26 FileZilla 2.2.25 FileZilla 2.2.24 FileZilla 2.2.23 FileZilla 2.2.22 FileZilla 2.2.22...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/01/13 12:0 a.m.61 views

Cisco Unified Contact Center/IP Contact Center JTapi网关拒绝服务漏洞

Cisco Unified Contact Center(之前为Cisco IP Contact Center IPCC)是Cisco Unified Communications系统中的组件,可在多个通讯通道中提供智能路由和呼叫处理。 所有版本的Cisco Unified Contact Center和Cisco IP Contact...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/01/05 12:0 a.m.61 views

Apple QuickTime RTSP URI远程缓冲区溢出漏洞

Apple QuickTime是一款流行的媒体播放程序。 Apple QuickTime处理RTSP URI存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于rtsp:// URL处理器上,通过提供特殊的字符串rtsp://随机+ 冒号 + 299 字节填充和负载,使用HTML, Javascript或者QTL文件诱使用户解析,可导致基于堆栈的缓冲区溢出,可导致任意指令执行。 Apple QuickTime Player 7.1.3 目前没有解决方案提供: http://www.apple.com/quicktime/ !/usr/bin/ruby...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2006/10/16 12:0 a.m.61 views

Simplog <= 0.9.3.1 comments.php Remote SQL Injection Exploit

No description provided by source. !/usr/bin/php ?php / Simplog 0.9.3.1 Remote SQL Injection Vulnerability Note: Requires at least one blog entry to be made prior to injection Usage: php script.php host path user id Usage Example: php script.php domain.com /simplog/ 1 Googledork: intext:Powered b...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/05/14 12:0 a.m.60 views

Foxit Reader 远程代码执行漏洞(CVE-2021-31473)

...

6.8CVSS1.4AI score0.05589EPSS
Exploits1
seebug.org
seebug.org
added 2018/06/04 12:0 a.m.60 views

DuomiCMS前台SQL注入

...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2018/01/10 12:0 a.m.60 views

CPP-Ethereum JSON-RPC admin_nodeInfo improper authorization Vulnerability(CVE-2017-12113)

Summary An exploitable improper authorization vulnerability exists in adminnodeInfo API of cpp-ethereum's JSON-RPC commit 4e1015743b95821849d001618a7ce82c7c073768. A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to...

8.1AI score0.01485EPSS
Exploits2
seebug.org
seebug.org
added 2017/10/26 12:0 a.m.60 views

Network Time Protocol Forced Interleaved Time Spoofing Vulnerability(CVE-2016-1548)

SUMMARY It is possible to change the time of an ntpd client or deny service to an ntpd client by forcing it to change from basic client/server mode to interleaved symmetric mode. An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer-dst...

6.4CVSS7.3AI score0.03844EPSS
Exploits3
seebug.org
seebug.org
added 2017/08/28 12:0 a.m.60 views

Wordpress SQLi

Source 1:https://medium. com/websec/wordpress-sqli-bbb2afcc8e94 Wordpress SQLi There won't be an intro, let us jump to the problem. This is the wordpress database abstraction the prepare method code: public function prepare $query, $args if isnull $query return; // This is not meant to be foolpro...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2017/05/08 12:0 a.m.60 views

Joomla! Core XSS Vulnerability(CVE-2017-7985)

Joomla! is one of the world's most popular content management system CMS solutions. It enables users to build custom Web sites and powerful online applications. More than 3 percent of Web sites are running Joomla!, and it accounts for more than 9 percent of CMS market share. As of November 2016,...

4.3CVSS6.8AI score0.01333EPSS
Exploits2
seebug.org
seebug.org
added 2017/04/04 12:0 a.m.60 views

Elevation of privilege vulnerability in Qualcomm crypto engine driver(CVE-2017-0576)

No description provided by source. include include include include include include include include include include / PoC By Scott Bauer Bug found by derrek / static const char dev = "/dev/qce"; define QCEDEVMAXKEYSIZE 64 define QCEDEVMAXIVSIZE 32 define QCEDEVMAXBUFFERS 16 struct bufinfo union...

7.6CVSS7.2AI score0.0153EPSS
Exploits1
seebug.org
seebug.org
added 2017/03/30 12:0 a.m.60 views

Mozilla Firefox table use-after-free(CVE-2017-5404)

Mozilla bug tracker link: https://bugzilla.mozilla.org/showbug.cgi?id=1340138 There is a use-after-free security vulnerability in Firefox. The vulnerability was confirmed on the nightly ASan build. PoC and ASan log can be found below. Notes for reproducing: - PoC uses domFuzzLite3 extension...

9.3AI score0.17484EPSS
Exploits3
seebug.org
seebug.org
added 2017/03/16 12:0 a.m.60 views

RoundCube Webmail mail <1.0.5 body stored XSS(CVE-2015-1433)

RoundCube Webmail is a foreign use of a wide an open source php e-mail system, the meaning is still quite large. roundcube webmail official website: , download the latest version. /program/lib/Roundcube/rcubewashtml.php this file is actually a rich text filter class class rcubewashtml it. roundcu...

4.3CVSS8.5AI score0.03279EPSS
Exploits2
Total number of security vulnerabilities5000