Lucene search
K
SeebugRecent

56796 matches found

seebug.org
seebug.org
added 2015/10/10 12:0 a.m.13 views

齐普生协同办公OA系统存在SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/10 12:0 a.m.25 views

Siemens Scalance X-200 Series Switches 随机数生成器漏洞

... Siemens Scalance X-200 Series是德国西门子(Siemens)公司的系列管理型工业以太网交换机设备。 ... Siemens Scalance X-200 Series交换机5.0.0之前的版本中存在随机数生成器漏洞。远程未授权的攻击者可利用该漏洞劫持网络会话,也可能存在其他形式的攻击。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/10 12:0 a.m.455 views

用友致远A8协同管理软件 status.jsp 敏感信息泄漏

致远A8-m协同管理软件,是一套可以帮助大型组织、集团型企业、政府单位以及涉外组织,解决上述问题的协同办公管理软件。 漏洞分析: 致远A8-m协同管理软件对敏感文件的访问控制不当导致大量敏感信息泄漏。 漏洞利用: http://x.x.x.x/seeyon/management/status.jsp 该地址为性能监控后台,存在未授权访问...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.22 views

emlog系统 某处任意删除系统文件

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.21 views

泛微OA系统敏感文件未授权访问

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.25 views

天融信负载均衡 /change_lan.php 文件包含漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.64 views

北京希尔自动化OA管理系统/数据库系统 /bnuoa/info/infoShowAction.do 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.30 views

PHPCMS v9.5.* vote模块 命令执行

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.27 views

双杨OA系统存在GBK宽字符SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.1440 views

蓝科cms(lankecms)V1.9 eShowNews.asp SQL注入漏洞

简介已经说明了注入位置了。然后谷歌一下。搜索了有关案例: http://www.ampixel.com/eshownews.asp?id=61 http://ampixel.com/eshownews.asp?id=62 http://www.up-real.com/eshownews.asp?id=106 http://www.trendtronic.com.cn/eshownews.asp?id=65 http://www.jeffhouse.net/eshownews.asp?id=103 http://www.sdrunzhou.com/showcases.asp?id=60...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.2023 views

新云cms(yxcms)建站系统V1.2.7 shownews.asp SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.25 views

CmsTop媒体版某模板存在三处SQL盲注漏洞(非全部网站用户)

简要描述: 不是全部网站都安装了这几个模板,这个模板用户量一般 详细说明: 漏洞文件是/apps/rss/controller/fullsite.php中 public function getsectiondata $sectionid = $GET'sectionid'; //多个以','隔开 $outtyle = $GET'outtyle'; //输出类型 $sectionlist = $this-rss-lssection$sectionid; $data = array; foreach$sectionlist as $section if $section'data' &&...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.241 views

金龙卡金融化一卡通校园卡查询系统任意文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.37 views

phpwind v8.7 /goto.php 跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.12 views

yxcms 1.3.1版本 存储型XSS漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.25 views

emlog 自动备份并发送到邮箱插件泄露整站数据库备份漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.14 views

TodayMail emailcore.class.inc.php SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/09 12:0 a.m.67 views

MetInfo5.3 /include/interface/uidata.php信息泄露

MetInfo5.3中文件:/include/interface/uidata.php存在信息泄露问题。由于该模板后台存在找回管理员密码的功能 ,通过该页面可以获取后台设置的邮件密码。之后通过登录邮件系统即可重置密码。 requireonce '../common.inc.php'; requireonce ROOTPATH.'include/export.func.php'; // dump$M'config'; $data'config'=$M'config';//这个$M'config'是从数据库查出来的配置数据。 echo jsonencode$data; //直接给打印出了。。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.26 views

FE协作办公平台 /servlet/UploadSkinServlet任意文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.17 views

Cisco ASA Unicast Reverse Path Forwarding (uRPF) Bypass Vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.13 views

用友优普U8系统 cmxpagedquery.php sql注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.32 views

Siemens SIMATIC S7-1500 CPU设备安全漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.49 views

猫扑OA 2014 后台登陆验证存在SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.23 views

WinRAR SFX Remote Code Execution

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.296 views

DedeCMS 5.7 plus/guestbook.php 注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.22 views

易想团购(easethink) v1.4 /vote.php dovote参数 SQL注入漏洞 POC

会记录cookie ,请求一次清除一下cookie。http://xxx.com/vote.php?act=dovote&namea%27111=aaMySQL server error report:Array 0 = Array message = MySQL Query Error 1 = Array sql = select from tvoteresult where name = 'aa' and voteid = 0 and voteaskid = a' 2 = Array error = You have an error in your SQL syntax; chec...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.20 views

kxmail /prog/get_passwd.server.php 处存在SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.17 views

LiteCart 1.1.2.1 /search.php 跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.21 views

CSDJCMS 3.5 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.20 views

stampi fotogalerie.php 本地包含漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.21 views

骑士(74)cms user/user_download_resume.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/08 12:0 a.m.15 views

浪潮电商系统 /DocCenterService/image?photo_size 任意文件下载漏洞 POC

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/07 12:0 a.m.38 views

PHPSHE 二次注入一枚

简要描述: rt 详细说明: case 'register': if isset$ppesubmit if$db-penum'user', array'username'=pedbhold$gusername peerror'用户名已存在...'; if$db-penum'user', array'useremail'=pedbhold$guseremail peerror'邮箱已存在...'; if strtolower$sauthcode != strtolower$pauthcode peerror'验证码错误'; $sqlset'username' = $pusername;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/07 12:0 a.m.19 views

kppw最新版2处sql注入。

简要描述: 二次注入。 详细说明: 1 /www/control/user/accountbasic.php ..... $arrMemberExts = kekezu::gettabledata "", "witkeymemberext", " type='sect' and uid= ".$gUid, "", "", "", "k" ; ........ if $sect foreach $sect as $k = $v if $arrMemberExts $k dbfactory::execute sprintf " update %switkeymemberext set...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/05 12:0 a.m.32 views

phpyun最新版两处注入(无视gpc)

简要描述: PHP云人才系统 phpyun v4.0正式版 build20150819 4.0已经重新改版了,别在用3.2和4.0比较 详细说明: 第一处出现在 /member/com/model/show.class.php中 3.2版本的源码是 function delshowaction $companyshow=$this-obj-DBselectall"companyshow","id in ".$POST'ids'." and uid='".$this-uid."'","picurl"; ifisarray$companyshow&&$companyshow...

7AI score
Exploits0
seebug.org
seebug.org
added 2015/10/05 12:0 a.m.248 views

泛微 e-Weaver系统自定义SQL语句执行

名称:e-cology 泛微协同商务系统 === --- 测试发现,该商务系统邮件附件下载处存在: ①未授权访问漏洞(无需登录即可遍历下载内部邮件附件) ②SQL注入漏洞 问题链接:http://www.target.com//weaver/weaver.email.FileDownloadLocation?fileid=附件ID&download=1 0x01: 未授权访问 说明:访问问题链接,显示为空白页;遍历附件ID值,如存在附件可直接下载导致内部信息泄露。该漏洞不是重点,SO 简单带过就 OK。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/10/02 12:0 a.m.27 views

WordPress DB-Backup Plugin 4.5 /download.php 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/30 12:0 a.m.18 views

qibocms 地方门户 LFI漏洞 可Getshell

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/30 12:0 a.m.190 views

StrongSoft 四创灾害预警系统SQL报错注入(queryvalue参数)

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/30 12:0 a.m.106 views

用友软件企业门户xxe漏洞[测试前用友官域]

简要描述: 用友自带技能。 详细说明: 漏洞描述: 测试的时候发现使用yongyou nc的目录下有uapws/目录。百度百科。 打开后。自带登录模式,密码直接给你准备好了,登录就行了。好有爱。 找个接口,先提交请求。然后进行format the response(在这里抓包) xxe漏洞 漏洞证明: 高清无码 https://images.seebug.org/upload/201509/301834010d7b0d90e830d78290493a8fee...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/29 12:0 a.m.28 views

qibocms v7.0 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/29 12:0 a.m.17 views

e-cology 时间盲注(templateId参数)

1、应用:泛微e-cology2、缺陷文件:/page/maint/login/Page.jsp3、expurl:http://localhost/page/maint/login/Page.jsp?templateId=18 4、验证:sqlmap.py -u "http://localhost/page/maint/login/Page.jsp?templateId=18" --technique T --dbms "Microsoft SQL Server"...

7.6AI score
Exploits0
seebug.org
seebug.org
added 2015/09/29 12:0 a.m.19 views

ZeusCart 4 信息泄漏漏洞

No description provided by source. !/usr/bin/env python coding: utf-8 from urlparse import urljoin from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '11111 ' vul ID version = '1' author = 'Disorder' vulDate =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/29 12:0 a.m.24 views

WordPress Pinboard 1.1.10 Theme Reflected XSS

$GET'tab' is not escaped. File: pinboard\includes\theme-options.php function pinboardthemepage addthemepage 'Pinboard Theme Options', 'pinboard' , 'Theme Options', 'pinboard' , 'editthemeoptions', 'pinboardoptions', 'pinboardadminoptionspage' ; addaction 'adminmenu', 'pinboardthemepage' ; functio...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/29 12:0 a.m.11 views

JSPMyAdmin 1.1 SQL Injection, CSRF & XSS漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/29 12:0 a.m.217 views

phpwind 9.0 /res/js/dev/util_libs/jPlayer/Jplayer.swf 跨站脚本漏洞

1、漏洞文件为:http://www.phpwind.net/res/js/dev/utillibs/jPlayer/Jplayer.swf2、反编译后看代码:this.jQuery = loaderInfo.parameters.jQuery + "'" + loaderInfo.parameters.id + "'.jPlayer"; …… private function initarg1:TimerEvent:void this.myInitTimer.stop; if ExternalInterface.available ……...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/29 12:0 a.m.18 views

w3tw0rk / Pitbul IRC Bot 远程命令执行

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'w3tw0rk / Pitbul IRC Bot Remote Code Execution', 'Description' = %q This module allows remote...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/29 12:0 a.m.18 views

FortiManager 5.2.2 -持久型 XSS 漏洞

2 个确定了存在的XSS: 在SOMVpnSSLPortalDialog XSS漏洞。 在FGDMngUpdHistory XSS漏洞。 图形用户界面GUIFortiManager v5.2.3是容易的 一个反射 XSS 漏洞和一个存储 XSS 漏洞。 另外 2 个确定了存在的XSS: 在sharedjobmanager XSS漏洞。 在SOMServiceObjDialog XSS漏洞。 受影响的产品 XSS项目1 - 2:FortiManager v5.2.2或更早。 XSS项目3 - 4:FortiManager v5.2.3或更早。...

6.5AI score
Exploits0
seebug.org
seebug.org
added 2015/09/29 12:0 a.m.1046 views

国微CMS(原PHP168) SQL 注入漏洞

该系统通过以下参数调用 ask/item-confirm-category-8.html 其中item代表目录 confirm代表该目录下的文件 ask/modules/item/confirm.php $keyword = isset$GET'keyword' ? rawurldecode$GET'keyword' : ''; ifempty$keyword message'askerror', HTTPREFERER, 3; get得到keyword变量然后urldecode解码 $select = select; $select-from$thismodule-table . ' ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/09/29 12:0 a.m.17 views

phpwind 9.0 反射XSS漏洞

No description provided by source...

7.1AI score
Exploits0
Total number of security vulnerabilities56796