Lucene search
K
SeebugMost viewed

56796 matches found

seebug.org
seebug.org
added 2015/07/20 12:0 a.m.54 views

金蝶销管家逻辑缺陷重置任意用户密码(工作人员账户测试/秒改)

简要描述: 可绕过验证码直接修改用户密码。 详细说明: 0x1:先信息收集一些工作人员的账户用来测试,来证明漏洞的危害性。 13580111111 13752248075 13456231475 13456879564 15578945623 13456231245 13456231245 13648776985 13400002111 13625668852 15018517663 15915533696 13888888888 13456789123 18090700000 13165454756 13654213923 13654213923 13760368754...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/03/26 12:0 a.m.54 views

Hikvision iVMS 4200 /index.php 本地文件包含漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/02/13 12:0 a.m.54 views

ShopEx某处SQL注入(可猜测敏感信息)

简要描述: ShopEx sql注入 详细说明: 分析一下代码: ctl.cart.php: function updateCart$objType='g', $key='' $key = strreplace'@', '-', $key; $nQuantity = $POST'cartNum'$objType$key; switch$objType case 'f': $oCart-member'memberlvid' =$GLOBALS'runtime''memberlv'; $oCart-member'point' = $this-member'point'; break; cas...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/12/16 12:0 a.m.54 views

汇文Libsys图书管理系统全版本权限绕过+Getshell

简要描述: RT 详细说明: 由于一个很低级的代码错误,导致可以登录Libsys任意图书系统后台,并且由于代码未做过滤可直接getshell。 漏洞证明: 该图书管理系统的用户量很大,全国很大一部分院校都在使用此系统。经测试3.5-5.0版本都存在此漏洞,因为存在getshell 和脱裤的风险,因此危害比较大。 官网部分用户列表: 我这里以最新的5.0版简单的作下分析,: 先看看存在漏洞的文件:admin/login.php sessionstart ; if isset $REQUEST'username' $strUser = trim $REQUEST'username' ;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/12/08 12:0 a.m.54 views

Wordpress 3.9.2 /wp-includes/formatting.php 跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/18 12:0 a.m.54 views

Maccms V8 储存型xss(绕过360防护)

简要描述: rt 详细说明: 自带的360防护脚本对于xss过滤太弱, 留言处没有 对html代码进行实体转义,造成xss。 如,提交 "onerror="eval'\141\154\145\162\164\50\61\51'" 后台查看留言即可触发 加载远程js可偷cookie 漏洞证明:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/02 12:0 a.m.54 views

IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140630-0 ======================================================================= title: Multiple severe vulnerabilities product: IBM Algorithmics RICOS vulnerable...

6.8CVSS6.5AI score0.0571EPSS
Exploits8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (5)

No description provided by source. source: http://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot ../ directory traversal exploitation if extended UNICODE character representations are used in substitution for / and . Unauthenticated users may acces...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

AutoLinks 2.1 Pro Al_initialize.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14686/info AutoLinks Pro is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

joomla component mp3 allopass 1.0 - Remote File Inclusion Vulnerability

No description provided by source. commp3allopass joomla component Remote File Include Vulnerability Component : commp3allopass Download file : http://www.joomlaratings.com Dicovered by : NoGe Contact : [email protected]...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

BBS E-Market Professional bf_130 (1.3.0) - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11146/info BBS E-Market Professional is reported to be affected by a remote file include vulnerability that may allow an attacker to include malicious files containing arbitrary code to be executed on a vulnerable system...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Multiple Wordpress Plugin timthumb.php Vulnerabilites

No description provided by source. Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing --- Description --- The following Wordpress plugins reuse a vulnerable version of the timthumb.php librar...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Free Mp3 Player 1.0 - Local Denial of Service Vulnerability

No description provided by source. !/usr/bin/perl Exploit Title: Free Mp3 Player 1.0 Local Denial of Service Date: 19-12-2011 Author: JaMbA Download: http://www.softpedia.com/get/Multimedia/Audio/Audio-Players/Free-Mp3-Player.shtml Version: 1.0 Tested on: Windows 7 my $file= Crash.mp3; my $junk=...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Adobe Flash Player Object Type Confusion

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

9.3CVSS0.2AI score0.85698EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Oracle Sun GlassFish Enterprise Server - Stored XSS Vulnerability

No description provided by source. Sense of Security - Security Advisory - SOS-11-009 Release Date. 19-Jul-2011 Last Update. - Vendor Notification Date. 23-Mar-2011 Product. Oracle Sun GlassFish Enterprise Server Platform. Java EE Affected versions. 2.1.1 v2.1 Patch069.102 Patch12 build b31g-fcs...

5.8CVSS0.03294EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

TikiWiki <= 1.9.8 tiki-graph_formula.php Command Execution Exploit

No description provided by source. !/usr/bin/perl TikiWiki = 1.9.8 Remote Command Execution Exploit Description ----------- TikiWiki contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tiki-graphformula.php' script not properly sanitizing user inpu...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Publish-It 3.6d - Buffer Overflow Vulnerability

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Publish-It Buffer Overflow Vulnerability 1. Advisory Information Title: Publish-It Buffer Overflow Vulnerability Advisory ID: CORE-2014-0001 Advisory URL:...

9.3CVSS0.3AI score0.40359EPSS
Exploits11
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Powered by iNetScripts: Shell Upload Vulnerability

No description provided by source. ==================================================== Powered by iNetScripts: Shell Upload Vulnerability ==================================================== Contact :Sec-q8 [email protected] Published: 2010-04-25 Home : http://Sec-Senter.com/vb ========= Exploi...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

FreePBX <= 2.8.0 Recordings Interface Allows Remote Code Execution

No description provided by source. Trustwave's SpiderLabs Security Advisory TWSL2010-005: FreePBX recordings interface allows remote code execution https://www.trustwave.com/spiderlabs/advisories/TWSL2010-005.txt Published: 2010-09-23 Version: 1.0 Vendor: FreePBX http://www.freepbx.org/ Product:...

6.5CVSS6.5AI score0.09566EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Sun Java Runtime and Development Kit <= 6 Update 10 - Calendar Deserialization Exploit

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

10CVSS0.5AI score0.84807EPSS
Exploits19
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Webcam Corp Webcam Watchdog 4.0.1 sresult.exe Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10837/info Reportedly Webcam Corp Webcam Watchdog is affected by a remote cross-site scripting vulnerability in the sresult.exe binary. This issue is due to a failure of the application to properly sanitize user-supplied...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Cacti graph_view.php Remote Command Execution

No description provided by source. $Id: cactigraphimageexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms...

6.6AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Adobe Flash Player ActionScript Launch Command Execution Vulnerability

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

9.3CVSS0.2AI score0.79426EPSS
Exploits11
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow (FreeBSD)

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC Buffer Overflow FreeBSD', 'Description' = %q This module...

7.1AI score0.91303EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

CuteNews 0.88 comments.php Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers. Under some circumstances, it is possible for remote attackers to influence the include path for several...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

E-Mail Security Virtual Appliance (ESVA) Remote Execution

No description provided by source. Exploit Title: E-Mail Security Virtual Appliance ESVA Remote Execution. Date: 10 Aug 2012 Exploit Author: iJoo Vendor Homepage: http://www.esvacommunity.com/ Software Link: http://sourceforge.net/projects/esva-project/ Version: 2.0.6 ESVA E-Mail Security Virtual...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Novell iPrint Client Browser Plugin - call-back-url Stack Overflow

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ Title : Novell iPrint Client Browser Plugin call-back-url stack overflow Version : iPrint Client plugin v5.42 XP SP3 Analysis :...

9.3CVSS0.2AI score0.35987EPSS
Exploits18
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

MS Internet Explorer 5/6 Unauthorized Document Object Model Access Vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

HP Data Protector 6.20 - Multiple Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple vulnerabilities in HP Data Protector 1. Advisory Information Title: Multiple vulnerabilities in HP Data Protector Advisory ID:...

10CVSS6.5AI score0.88948EPSS
Exploits20
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Pc4Uploader 9.0 - Remote Blind SQL Injection Vulnerability

No description provided by source. || || | || o,7 || . o7 || q||| ow, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait PEACE =Vuln: pc4arb - pc4 Uploader = 9.0 Blind SQL injection =INFO: http://pc4arb.com/product-13.html =BUY: http://pc4arb.com/deal-13.html =DORK: intext:Powered by...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Solaris/SPARC 2.5.1/2.6/7/8 Derived 'login' Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3681/info The 'login' program is used in UNIX systems to authenticate users with a username and password. The utility is typically invoked at the console, by 'telnetd', 'rlogind', and if configured to do so, SSH. Versions...

10CVSS6.5AI score0.88836EPSS
Exploits27
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Joomla Component NeoRecruit <= 1.4 (id) SQL Injection Vulnerability

No description provided by source. Title : Joomla Component NeoRecruit = 1.4 id Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.neojoomla.com/ $$ : 54,90 € Dork : inurl:index.php?option=comNeoRecruit DorkEx :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Wordpress Spider Catalog Plugin 1.4.6 - Multiple Vulnerabilities

No description provided by source. waraxe-2013-SA105 - Multiple Vulnerabilities in Spider Catalog Wordpress Plugin =================================================================================== Author: Janek Vind waraxe Date: 22. May 2013 Location: Estonia, Tartu Web:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Linux Local Root => 2.6.39 (32-bit & 64-bit) - Mempodipper

No description provided by source. /Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 Exploit Title: Mempodipper - Linux Local Root for =2.6.39, 32-bit and 64-bit Date: Jan 21, 2012 Author: zx2c4 Tested on: Gentoo,...

6.9CVSS0.1AI score0.10904EPSS
Exploits11
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

galleria Mambo Module <= 1.0b Remote File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class TestPOCPOCBase: vulID = '63674' ssvid version = '1.0' author = '皮皮' vulDate = '2006-07-03' createDate = '2015-12-24...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

PHPnuke 8.2 - Remote Upload File Exploit

Title : PHPnuke 8.2 Remote Upload File Exploit Author : Net.Edit0r Location : Iran Dork : "POWERED BY PHPNUKE.IR" Category : Remote Email : [email protected] [email protected] Special Thanks To :NetQurd For help in finding bugs Email :[email protected] InformatioN 1.Save code html format ...

7.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

zenphoto 0.9/1.0 index.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17779/info Zenphoto is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Luca Deri ntop 1.2 a7-9/1.3.1 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1576/info ntop is a network usage monitoring tool for unix systems. It can be invoked at the console or as a server daemon, presenting statistics information via http with the -w parameter. In this mode, it is vulnerable ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

MayGion IP Cameras Firmware 09.27 - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ MayGion IP Cameras multiple vulnerabilities 1. Advisory Information Title: MayGion IP Cameras multiple vulnerabilities Advisory ID: CORE-2013-0322 Advisory URL:...

7.5CVSS7.8AI score0.11543EPSS
Exploits8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Fake Hit Generator <= 2.2 Shell Upload Vulnerability

No description provided by source. Exploit Title: Fake Hit Generator Shell Upload Vulnerability Date: 25.12.2009 Author: DigitALL Greetz: Zombie KroNickq HackSpy and All 1923turk.biz Members Version: 2.1 Dork: Upload unique IP List: and The Ultimate Fake Hit Generator - BOOST YOUR ALEXA RANK...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Webkit (Apple Safari < 4.1.2/5.0.2 & Google Chrome < 5.0.375.125) - Memory Corruption

No description provided by source. TITLE: WEBKIT APPLE SAFARI 4.1.2/5.0.2 & GOOGLE CHROME 5.0.375.125 MEMORY CORRUPTION VULNERABILITY TESTED OS: WINDOWS XP SP3 SEVERITY: HIGH CVE-NUMBER: CVE-2010-1813 DISCOVERED DATE: 2010-06-29 FIXED DATE: GOOGLE CHROME 2010-07-26 & APPLE SAFARI 2010-09-08 FIXED...

6.8CVSS8.7AI score0.09691EPSS
Exploits4
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Microsoft Windows Tracing Registry Key ACL Privilege Escalation Vulnerability

No description provided by source. Source: http://www.securityfocus.com/bid/42269/info Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the comple...

6.8CVSS6.5AI score0.0192EPSS
Exploits7
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28518/info Jax LinkLists is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of a...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Joomla Component com_gigcal (gigcal_gigs_id) 1.0 - SQL Injection

No description provided by source. Joomla Component comgigcalgigcalgigsid SQL-injection Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1. Vulnerability : SQL injection Google Dork : inurl:comgigcal -------------------------------------------------- !...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Wordpress Top Quark Architecture 2.10 - Arbitrary File Upload Vulnerability

No description provided by source. Exploit Title: Wordpress Top Quark Architecture Version 2.10 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/ Date: 11/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://topquark.com/ Software...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

linux 3.4+ - Local Root (CONFIG_X86_X32=y)

No description provided by source. / ============================== recvmmsg.c - linux 3.4+ local root CONFIGX86X32=y CVE-2014-0038 / x32 ABI with recvmmsg by rebel @ irc.smashthestack.org ----------------------------------- takes about 13 minutes to run because timeout-tvsec is decremented once...

6.9CVSS6.5AI score0.34649EPSS
Exploits16
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Java Applet JAX-WS Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...

10CVSS0.3AI score0.91013EPSS
Exploits18
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Linux Kernel 2.6.x - IPV6 Local Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15156/info Linux Kernel is reported prone to a local denial-of-service vulnerability. This issue arises from an infinite loop when binding IPv6 UDP ports. / Linux kernel IPv6 UDP port selection infinite loop local denial ...

2.1CVSS5AI score0.00789EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.54 views

Yealink VoIP Phone SIP-T38G - Remote Command Execution

No description provided by source. Title: Yealink VoIP Phone SIP-T38G Remote Command Execution Author: Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team Vendor Homepage: http://www.yealink.com/Companyprofile.aspx Version: VoIP Phone SIP-T38G CVE: CVE-2013-5758 Description: Using cgiServer.exx we are ab...

10CVSS0.6AI score0.11892EPSS
Exploits15
seebug.org
seebug.org
added 2014/04/18 12:0 a.m.54 views

Qemu virtio-net &quot;virtio_net_handle_mac()&quot;整数溢出漏洞

CVE ID:CVE-2014-0150 QEMU是一款面向完整PC系统的开源仿真器。 QEMU "virtionethandlemac"函数hw/net/virtio-net.c存在整数溢出错误,允许本地攻击者利用漏洞使系统崩溃,造成拒绝服务攻击。 0 Qemu 1.x Qemu 0.x 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://thread.gmane.org/gmane.comp.emulators.qemu/266713...

4.9CVSS7.2AI score0.00711EPSS
Exploits1
Total number of security vulnerabilities5000