Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2007/06/07 12:0 a.m.58 views

Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit

No description provided by source. / El error, bastante tonto por cierto, se encuentra en la función wpsuggestCategories, en el archivo xmlrpc.php: function wpsuggestCategories$args global $wpdb; $this-escape$args; $blogid = int $args0; $username = $args1; $password = $args2; $category = $args3; ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/05/27 12:0 a.m.58 views

Dart Communications PowerTCP ZIP Compression Remote BoF Exploit

No description provided by source. !-- IE 6 / Dart Communications PowerTCP ZIP Compression Control DartZip.dll 1.8.5.3 remote buffer overflow exploit / xp sp2 it by rgod site: retrogod.altervista.org software site: www.dart.com -- html object classid='clsid:42BA826E-F8D8-4D8D-8C05-14ABCE99D4DD'...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/12/13 12:0 a.m.58 views

Sophos Anti-Virus SIT文档解析栈溢出漏洞

Sophos Anti-Virus是一款适用于多种操作系统的杀毒软件。 Sophos AntiVirus在解析SIT文档时存在栈溢出漏洞,远程攻击者可能利用此漏洞在扫描机器上执行指令。 CPIO文档中的超长非NULL字符结尾的文件名串会导致veex.dll发生栈溢出。 Sophos Anti-Virus http://www.sophos.com/support/knowledgebase/article/21637.html...

7AI score
Exploits0
seebug.org
seebug.org
added 2006/12/06 12:0 a.m.58 views

Mambatstaff MosConfig_Absolute_Path远程文件包含漏洞

Mambatstaff是一款基于Mambo的应用模块程序。 Mambatstaff不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'mambatstaff.php'脚本对用户提交的"mosConfigabsolutepath"参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 Mambo Mambatstaff Component http://mamboxchange.com/projects/mambatstaff/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/11/29 12:0 a.m.58 views

3CTftpSvc TFTP传送模式远程缓冲区溢出漏洞

3CTftpSvc TFTP是一款tftp服务程序。 3CTftpSvc TFTP不正确处理超长传送模式,远程攻击者可以利用漏洞进行缓冲区溢出攻击,可能以进程权限执行任意指令。 当处理超长传送模式超过470字节传递给"GET"或"PUT"命令,可导致发生缓冲区溢出,精心构建提交数据,可能以进程权限执行任意指令。 3CTftpSvc TFTP Server 2.0.1 http://support.3com.com/software/utilitiesforwindows32bit.htm !/usr/bin/python Buffer Overflow Long transporting...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2006/10/27 12:0 a.m.58 views

Microsoft Outlook Web Access 'owalogon.asp' URL重定向漏洞

Microsoft Exchange Server是一款企业级的邮件服务程序。 Microsoft Outlook Web Access在处理URL时存在问题,远程攻击者可以利用这个漏洞重定向任意URL。 通过构建特殊URL,攻击者可以使用户重定向到任意URL,攻击者利用这个漏洞可以诱使用户访问某个页面,并可能记录密码并发送,或者下载任意文件等。 Microsoft Outlook 2003 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/technet/security/ Donnie...

7AI score
Exploits0
seebug.org
seebug.org
added 2006/04/23 12:0 a.m.58 views

Clansys <= v.1.1 (index.php page) PHP Code Insertion Vulnerability

No description provided by source. NukedX Security Advisory Nr 2006-29 ClanSys v1.1 index.php page PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=29...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2021/05/14 12:0 a.m.57 views

蓝海卓越计费管理系统任意文件下载

...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2021/03/22 12:0 a.m.57 views

Apache OFBiz RCE漏洞(CVE-2021-26295)

...

7.5CVSS1.3AI score0.97969EPSS
Exploits9
seebug.org
seebug.org
added 2018/05/31 12:0 a.m.57 views

New multiOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-10706)

Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities batchOverflow, proxyOverflow, transferFlaw, ownerAnyone. Some of them could be used by attackers to generate tokens out of nowhere while others can be used to steal tokens from...

5CVSS1.8AI score0.0096EPSS
Exploits2
seebug.org
seebug.org
added 2018/05/31 12:0 a.m.57 views

New burnOverflow Bug Identified in Multiple ERC20 Smart Contracts (CVE-2018-11239)

Our vulnerability-scanning system at PeckShield has so far discovered several dangerous smart contract vulnerabilities batchOverflow1, proxyOverflow2, transferFlaw3, ownerAnyone4, multiOverflow5. Some of them could be used by attackers to generate tokens out of nowhere while others can be used to...

1.6AI score0.00926EPSS
Exploits2
seebug.org
seebug.org
added 2018/05/31 12:0 a.m.57 views

New transferFlaw Bug Used For Possible Scam Token Listed In A Top Exchange(CVE-2018-10468)

Our automated scanning system at PeckShield discovered a new vulnerability named transferFlaw CVE-2018–10468. This particular vulnerability affects a publicly traded ERC20 token listed in a top exchange. Different from batchOverflow 1 and proxyOverflow 2 we identified before, this vulnerability...

5CVSS0.1AI score0.01595EPSS
Exploits3
seebug.org
seebug.org
added 2017/12/29 12:0 a.m.57 views

InfraPower PPS-02-S Q213V1 Unauthenticated Remote Root Command Execution

Summary InfraPower Manager PPS-02-S is a FREE built-in GUI of each IP dongle IPD-02-S only to remotely monitor the connected PDUs. Patented IP Dongle provides IP remote access to the PDUs by a true network IP address chain. Only 1xIP dongle allows access to max. 16 PDUs in daisy chain - which is ...

8.5AI score
Exploits0
seebug.org
seebug.org
added 2017/11/29 12:0 a.m.57 views

ZTE ZXDSL Configuration Reset

Vulnerability Summary The following advisory describes a configuration reset vulnerability found in ZTE ZXDSL 831CII version 6.2. ZXDSL 831CII is “an ADSL access device to support multiple line modes. It supports ADSL2/ADSL2+ and is backward compatible to ADSL, even offers auto-negotiation...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2017/11/22 12:0 a.m.57 views

DblTek Multiple Vulnerabilities

Vulnerabilities summary The following advisory describes 2 two vulnerabilities found in DblTek webserver. DBL is “specialized in VoIP products, especially GoIPs. We design, develop, manufacture, and sell our products directly and via distributors to customers. Our GoIP models now cover 1, 4, 8, 1...

7.9AI score
Exploits0
seebug.org
seebug.org
added 2017/10/20 12:0 a.m.57 views

Ruby TclTkIp ip_cancel_eval Type Confusion Vulnerabilities(CVE-2016-2337)

DESCRIPTION Type Confusion exists in canceleval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution. TESTED VERSIONS Ruby 2.3.0 dev Ruby 2.2.2 Tcl/Tk8.6 or later PRODUCT URLs https://www.ruby-lang.org DETAILS...

7.5CVSS9.3AI score0.06204EPSS
Exploits2
seebug.org
seebug.org
added 2017/10/17 12:0 a.m.57 views

Microsoft Windows Kernel Local Information Disclosure Vulnerability(CVE-2017-11817)

This tracker entry is a fork of issue 1325, which this bug was reported as a part of. However, as some essential information and context was provided in issue 1325, the "Reported" date was adjusted there to account for it. The new information did not concern the vulnerability discussed here, so w...

1.9CVSS7.1AI score0.02091EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/17 12:0 a.m.57 views

Apple OS X Scene Kit DAE XML Code Execution Vulnerability(CVE-2016-1850)

SUMMARY An exploitable type confusion vulnerability exists in the handling of DAE images on OS X. A crafted DAE document can trigger a type confusion vulnerability which potentially could be exploited to achieve attacker controlled code execution. Vulnerability can be triggered via a saved DAE fi...

6.8CVSS8.6AI score0.0221EPSS
Exploits1
seebug.org
seebug.org
added 2017/10/10 12:0 a.m.57 views

WebKit: JSC: Incorrect optimization in BytecodeGenerator::emitGetByVal(CVE-2017-7061)

Let's start with JS code. let o = ; for let i in xx: 0 oi; 0; i-- ForInContext& context = mforInContextStacki - 1.get; if context.local != property continue; if !context.isValid break; if context.type == ForInContext::IndexedForInContextType property = staticcastcontext.index; break;...

7.5CVSS8.1AI score0.07955EPSS
Exploits4
seebug.org
seebug.org
added 2017/10/09 12:0 a.m.57 views

safari10跨域漏洞

safari 10的XMLHttpRequest在null域下可以随意发起跨域请求和设置httpheader 我交到苹果的bugreport,并给apple发邮件后,他们自己悄悄把漏洞修了,连个邮件都没给我发,所以我决定公开poc 这是我在漏洞未修复前截的图: 这个漏洞可以造成同源策略绕过,随便跨域,这是我写的获取gmail数据的代码: html var serveraddress = 'http://127.0.0.1:8000/static/csrfWcn6h/' function deleteSelf let test = document.getElementById'test'...

7AI score
Exploits0
seebug.org
seebug.org
added 2017/10/09 12:0 a.m.57 views

Apple Safari uxss(CVE-2017-7089)

CVE-2017-7089 Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. Safari 10 Local SOP bypass html function Pewvar...

4.3CVSS0.7AI score0.061EPSS
Exploits6
seebug.org
seebug.org
added 2017/09/26 12:0 a.m.57 views

Aerospike Database Server Index Name Code Execution Vulnerability(CVE-2016-9052)

Summary An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function assindexsimatchbyiname resulting in remote code execution. An attacker ca...

7.5CVSS9.9AI score0.077EPSS
Exploits2
seebug.org
seebug.org
added 2017/08/22 12:0 a.m.57 views

SQL Injection(CVE-2017-12650) and CSRF(CVE-2017-12651) Security Vulnerability in Loginizer

As part of a vulnerability research project for our WordPress Security Scanner at WPcans.com, we have been auditing popular WordPress plugins looking for security issues. While auditing the WordPress plugin Loginizer, we discovered a SQL Injection vulnerability and a Cross-Site Request Forgery...

7.5CVSS10.2AI score0.01843EPSS
Exploits1
seebug.org
seebug.org
added 2017/08/17 12:0 a.m.57 views

Microsoft Edge Security Bypass Vulnerability(CVE-2017-8637)

There is an issue in Chakra JIT server that can be potentially exploited to compromise the JIT process from a compromised browser content process. Bugs like this could potentially be used to bypass ACG Arbitrary Code Guard in Microsoft Edge. The issue has been confirmed on a ChakraCore build from...

2.6CVSS6.7AI score0.05014EPSS
Exploits2
seebug.org
seebug.org
added 2017/07/04 12:0 a.m.57 views

Foscam IP Video Camera Command Injection Vulnerability(CVE-2017-2847)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configurati...

6.5CVSS9.6AI score0.04527EPSS
Exploits2
seebug.org
seebug.org
added 2017/06/27 12:0 a.m.57 views

Windows Kernel stack memory disclosure in win32k!NtGdiMakeFontDir(CVE-2017-8477)

We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The attached proof of concept code which is specific to Windows 7 32-bit works by first filling a large portion of the kernel stack with a controlled...

1.9CVSS7.3AI score0.0511EPSS
Exploits2
seebug.org
seebug.org
added 2017/05/27 12:0 a.m.57 views

Apple iOS / MacOS Netagent Kernel Memory Disclosure(CVE-2017-2507)

iOS/MacOS kernel memory disclosure due to lack of bounds checking in netagent socket option handling netagentctlsetopt is the setsockopt handler for netagent control sockets. Options of type NETAGENTOPTIONTYPEREGISTER are handled by netagenthandleregistersetopt. Here's the code: static errnot...

4.3CVSS7.4AI score0.00931EPSS
Exploits1
seebug.org
seebug.org
added 2017/05/22 12:0 a.m.57 views

PlaySMs 1.4 'import.php' Remote Code Execution

Description Code Execution using import.php We know import.php accept file and just read content not stored in server. But when we stored payload in our backdoor.csv and upload to phonebook. Its execute our payload and show on next page in field in NAME,MOBILE,Email,Group COde,Tags accordingly . ...

7.7AI score
Exploits0
seebug.org
seebug.org
added 2017/05/02 12:0 a.m.57 views

Heap Overflow Vulnerability in Citrix NetScaler Gateway (CVE-2017-7219)

After presenting my findings on the Swisscom router at the CybSecConference last year, I started looking for a new product to analyze. I quickly found that it’s possible to download virtual “demo” appliances of Citrix products, so I went on to download a Netscaler VPX, which at the time was at...

9CVSS9.7AI score0.04856EPSS
Exploits2
seebug.org
seebug.org
added 2017/04/15 12:0 a.m.57 views

Mozilla Firefox webkitdirectory local files disclosure (CVE-2017-5414)

I have reported three different bugs to Mozilla in the webkitdirectory feature. Luckily the folder picker was only implement in Mozilla's Nightly browser, which is meant to test out new features before landing in the stable version. Bug 1295914 - webkitdirectory could be used to trick users into...

7.6AI score0.00332EPSS
Exploits1
seebug.org
seebug.org
added 2017/04/02 12:0 a.m.57 views

math.js remote code execution vulnerability

This article explains in short how we found, exploited and reported a remote code execution RCE vulnerability. It is meant to be a guide to finding vulnerabilities, as well as reporting them in a responsible manner. Step one: discovery While playing around with a wrapper of the math.js API...

8AI score
Exploits0
seebug.org
seebug.org
added 2016/12/23 12:0 a.m.57 views

Ubuntu Apport < 2.20.4 Code Execution on Ubuntu Desktop(CVE-2016-9949)

This research was inspired by Chris Evan’s great work on exploiting client-side file format parsing bugs in the gstreamer media library on Ubuntu. We will look for other default file handlers on Ubuntu which may be vulnerable to exploitation. I’m not a binary exploitation guru like Chris so inste...

9.3CVSS8.8AI score0.17726EPSS
Exploits8
seebug.org
seebug.org
added 2016/12/09 12:0 a.m.57 views

Netgear R6400/R7000/R8000 - Command Injection

Author:p0wd3r,dawuknow Chong Yu 404 security lab Data: 2016-12-13 Update on 12/16 : correction of the original text in a error, thanks to @k0pwn it. 2016 12 month 7 days, foreign websites exploit-db on broke one on the NETGEAR R7000 router command injection vulnerability. Time, each passerby hors...

8.4AI score
Exploits0
seebug.org
seebug.org
added 2016/03/19 12:0 a.m.57 views

E-TILLER期刊采编系统/ch/reader/wait_published_articles.aspx等8处 POST注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/19 12:0 a.m.57 views

用友优普U8系统 /Server/CmxGetAppNameByUserName.php等2处 SQL注入漏洞

0x01漏洞简介 用友优普U8系统在以下2处存在SQL注入漏洞: 1/Server/CmxGetAppNameByUserName.php 参数User 2/Server/CmxCS.php 参数pgid 远程攻击者无需登陆,可以利用该漏洞执行SQL指令。 0x02漏洞利用 1sql注入1 sqlmap.py -u "...:8080/Server/CmxCS.php?pgid=CSRemove" --dbms mysql --technique T --cookie "RASAdminUserInfoUserName=1" --data "CSID=1&CSID=1" -p CSID ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/03 12:0 a.m.57 views

Discuz X2.5 /uc_server/control/admin/db.php 路径泄露漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/01 12:0 a.m.57 views

ruvar OA系统 bulletin_template_show.aspx 参数id SQL注入漏洞

0x01 框架概述 璐华RuvarOA机关事业版办公自动化系统是广州市璐华计算机科技有限公司专门针对我国党政机关、大型企事业单位开发,采用组件技术和Web技术相结合,基于Windows平台,构建在大型关系数据库管理系统基础上的,以行政办公为核心,以集成融通业务办公为目标,将网络与无线通讯等信息技术完美结合在一起设计而成的新型办公自动化应用系统。 该系统根据中国国情和行政管理的惯例,旨在从根本上提高办公及行政管理的效率和水平,并借助与计算机与信息科技的成果为领导和决策人员提供全面及时的决策支持服务,是颇具实用性、先进性、经济性的政府机关协同办公系统。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/15 12:0 a.m.57 views

泛微oa /iweboffice/officeserver.php 任意文件上传getshell

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/13 12:0 a.m.57 views

shop7z 商城系统在/Advsearchadmin.asp 处参数kindnum存在SQL注入漏洞

0x01漏洞简介 shop7z商城系统在Advsearchadmin.asp 处的参数kindnum由于过滤不严,存在kindnumSQL注入漏洞。远程攻击者可以利用该漏洞执行任意SQL指令。 0x02漏洞分析 Advsearchadmin.asp代码如下: kindnum=trimrequest"kindnum" pipai=trimrequest"pipai" model=trimrequest"model" productname=trimrequest"productname" price11=trimrequest"price11"...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/25 12:0 a.m.57 views

kindeditor<=4.1.5文件上传漏洞

漏洞描述漏洞存在于kindeditor编辑器里,你能上传.txt和.html文件,支持php/asp/jsp/asp.net漏洞存在于小于等于kindeditor4.1.5编辑器中关键字: allinurl:/examples/uploadbutton.html allinurl:/php/uploadjson.php / .asp /...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/18 12:0 a.m.57 views

施耐德(Schneider) Modicon PLC 数据包重放远程控制(Start/Stop Command)

施耐德Modicon系列PLC支持通过Unity Pro软件控制PLC,包括程序的上传下载、设备的启动关闭等管理员权限操作。该软件与PLC设备的通信无加密与身份认证,可进行数据包重放攻击。抓包分析:远程关闭设备:说明:该攻击通过以下POC实现较为容易,攻击能使得远程PLC直接停止运行,可能会对目标所在工业运行环境造成严重后果。可以通过pocsuite去验证漏洞存在,验证模式不会对设备造成影响,建议不要轻易尝试攻击。切记。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/08/31 12:0 a.m.57 views

Multiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities

受影响的产品: RSA BSAFE Micro Edition Suite MES all 4.1.x versions prior to 4.1.3 RSA BSAFE Micro Edition Suite MES all 4.0.x versions prior to 4.0.8 RSA BSAFE Crypto-C Micro Edition Crypto-C ME 4.1 RSA BSAFE Crypto-C Micro Edition Crypto-C ME all versions prior to 4.0.4 RSA BSAFE Crypto-J all versions...

7.5CVSS7.8AI score0.02644EPSS
Exploits2
seebug.org
seebug.org
added 2015/05/25 12:0 a.m.57 views

JEECMS一处通用越权第四弹(可删除订单取消订单)

简要描述: 111 详细说明: ID1和ID2各自去买一个自己喜欢的东西,就是没有TT,真可惜啊-。- 我们修改一下ID,然后把自己吓一跳吧,。。 我们这些做测试的简直可以上星光大道了,引用刘谦那句话,接下来就是见证奇迹的时候了 白帽子都是魔术师-。- test7取消订单,然后会增加一个删除按钮,然后删除抓包改ID,发包,删除成功 漏洞证明: ID1和ID2各自去买一个自己喜欢的东西,就是没有TT,真可惜啊-。- 我们修改一下ID,然后把自己吓一跳吧,。。 我们这些做测试的简直可以上星光大道了,引用刘谦那句话,接下来就是见证奇迹的时候了 白帽子都是魔术师-。-...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/02/10 12:0 a.m.57 views

phpems设置缺陷直接添加管理员导致getshell

简要描述: phpems 默认uckey是1234567890 导致可以用uc的加密函数加密恶意代码带到sql语句中。 详细说明: if!defined'INUC' errorreporting0; setmagicquotesruntime0; defined'MAGICQUOTESGPC' || define'MAGICQUOTESGPC', getmagicquotesgpc; requireonce 'config.inc.php'; $DCACHE = $get = $post = array; $code = @$GET'code'; //code=加密代码...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.57 views

Enalean Tuleap 7.2 - XXE File Disclosure

No description provided by source. Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity...

4CVSS6.5AI score0.03324EPSS
Exploits6
seebug.org
seebug.org
added 2014/10/30 12:0 a.m.57 views

pageadmin ViewState缺陷导致sql注入

简要描述: 此处省略50万条网站信息 1、.............. 2、.............. .............. 50.、http://www.pageadmin.net 影响页面甚多,还望厂商以及各站长能逐一检查 听说咱们出新功能了 乌云新增刷乌云币功能 连接http://zone.wooyun.org/content/16138 特地来试试好不好使 另外所用到的工具同样在“测试代码”中提供下载地址 详细说明: 具体分析: 1、查找一个动态页面 例如: /e/aspx/dataselect.aspx 参数:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/09/18 12:0 a.m.57 views

KesionCMS X1 /KS_Data/KesionCMSX1.mdb 数据库发现漏洞

默认的数据库文件在KSData目录下的 KesionCMSX1.mdb,攻击者可以直接下载。漏洞利用过程访问地址http://127.0.0.1/KSData/KesionCMSX1.mdb !/usr/bin/env python coding=utf-8 test: import urllib2 from comm import cmdline from comm import generic pocinfo = 'VulId' : '1503', webvul的ID号 'Name' : 'KesionCMS X1 /KSData/KesionCMSX1.mdb 数据库发现漏洞...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/09/16 12:0 a.m.57 views

shop7 价格处注入

简要描述: price.asp 文件注入 详细说明: price.asp文件 96行 if kind"" then sql="select pkid,model,productname,smallpicpath,price1,price"&session"customkind"&",kindname,pipai,addtime from viewproduct where kind like '"&kind&"%' and updown='1' order by pkid desc" else sql="select...

7.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.57 views

Linux Kernel < 2.6.31-rc7 - AF_IRDA 29-Byte Stack Disclosure Exploit

No description provided by source. / cve-2009-3002.c Linux Kernel 2.6.31-rc7 AFIRDA getsockname 29-Byte Stack Disclosure Jon Oberheide [email protected] http://jon.oberheide.org Information: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3002 The Linux kernel before 2.6.31-rc7 does not...

4.9CVSS7.3AI score0.01029EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.57 views

Wordpress HTML5 AV Manager Plugin 0.2.7 - Arbitrary File Upload

No description provided by source. Description : Wordpress Plugins - HTML5 AV Manager for WordPress Shell Upload Vulnerability Version : 0.2.7 Link : http://wordpress.org/extend/plugins/html5avmanager/ Plugins : http://downloads.wordpress.org/plugin/html5avmanager.0.2.7.zip Date : 26-05-2012 Goog...

7.1AI score
Exploits0
Total number of security vulnerabilities5000