Lucene search
+L
SeebugRecent

56796 matches found

seebug
seebug
added 2014/07/02 12:0 a.m.54 views

IBM Algorithmics RICOS 4.5.0 - 4.7.0 - Multiple Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140630-0 ======================================================================= title: Multiple severe vulnerabilities product: IBM Algorithmics RICOS vulnerable...

6.8CVSS6.5AI score0.0571EPSS
Exploits8
seebug
seebug
added 2014/07/02 12:0 a.m.40 views

maccms8 由于涉及缺陷可以再系统内部随意创建文件目录

简要描述: maccms8 由于涉及缺陷可以再系统内部随意创建文件目录(开启文件缓存!!!!!!) 详细说明: 今天在查看苹果cms的时候发现一个任意创建文件目录的代码,本想着可以任意创建文件,但是由于对于文件各方面的过滤,还有一些目录遍历方面的过滤,只能审计到此,啥也不说了,直接看代码 index.php41-42: $tpl-ifex; setPageCache$tpl-P'cp',$tpl-P'cn',$tpl-H; $tpl-run; echo $tpl-H; setPageCache这个函数功能就是把页面内容缓存起来,那么我们进入到缓存的函数里面查看 function...

7AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.28 views

Généré par KDPics 1.18 - Remote Add Admin

No description provided by source. ============================================================================== » Généré par KDPics v1.18 Remote Add Admin ============================================================================== » Script: Généré par KDPics v1.18 http://www.kdland.org/kdpic...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.19 views

PageAdmin最新版反射xss

简要描述: http://demo.pageadmin.net/ PageAdmin最新版反射xss 详细说明: 构造ID参数,双引号闭合前面。 即可植入html代码。 http://demo.pageadmin.net/e/aspx/advnew.aspx?id=1" http://demo.pageadmin.net/e/aspx/advnew.aspx?id=1%22%3C/div%3E%3Cimg/src=1%20onerror=alert%28/XSS/%29%3E 漏洞证明:...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.195 views

PerlSoft Gästebuch Version: 1.7b 'admincenter.cgi' Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33525/info PerlSoft Gästebuch is prone to a vulnerability that attackers can leverage to execute arbitrary commands. This issue occurs because the application fails to adequately sanitize user-supplied input. Note that a...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.38 views

华天动力OA任意文件删除

简要描述: Just another bug. 详细说明: 以官网http://demo.oa8000.com/为例, user:123456 登陆后, 向http://demo.oa8000.com/OAapp/bfapp//buffalo/oaPubptUploadService POST如下参数: \n removeFile\n C:/PROGRA1/htoa/Tomcat/webapps/OAapp/1.html\n 即可删除1.html 漏洞证明: 在删除前,利用wooyun-2014-065670看到的结果本来是这样的 删除后,...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.37 views

Date & Sex Vor und Rückwärts Auktions System <= 2 - Blind SQL Injection Exploit

No description provided by source. ---------------------------Information------------------------------------------------ +Name : Date & Sex Vor und Rückwärts Auktions System = v2 Blind SQL Injection Exploit +Autor : Easy Laster +Date : 27.03.2010 +Script : Date & Sex Vor und Rückwärts Auktions...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.44 views

Powie's PSCRIPT Gästebuch <= 2.09 SQL Injection Vulnerability

No description provided by source. ----------------------------Information------------------------------------------------ +Name : Powie's PSCRIPT Gästebuch = 2.09 SQL Injection Vulnerability +Autor : Easy Laster +Date : 29.03.2010 +Script : Powie's PSCRIPT Gästebuch = 2.09 +Download :...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.14 views

CiMe - Citas Médicas - Multiple Vulnerabilities

No description provided by source. Exploit Title: Control de Citas 1.4 CIME - Multiple Vulnerabilities Date: 01/02/2014 Exploit Author: vinicius777 Contact: vinicius777 AT gmail / @vinicius777 Vendor Homepage: http://www.cgaredes.tk/ Software Link:...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.19 views

Toms Gästebuch 1.00 form.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25507/info Toms Gästebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.29 views

53快服某系统MongoDB配置不当

简要描述: 53快服某系统 MongoDB 配置不当 详细说明: 60.12.147.136 60.191.223.39 不知道是什么系统,但是应该是53KF卖给客户的。 漏洞证明:...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.37 views

Oracle JRE - java.net.URLConnection class – Same-of-Origin (SOP) Policy Bypass

No description provided by source. Description Security-Assessment.com discovered that a Java Applet making use of java.net.URLConnection class can be used to bypass same-of-origin SOP policy and domain based security controls in modern browsers when communication occurs between two domains that...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.80 views

Adobe Acrobat Reader and Flash Player - “newclass” invalid pointer

No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 1 Binary Analysis | | | | || / \ || | | | || ||// \/|/ http://www.exploit-db.com/adobe-acrobat-newclass-invalid-pointer-vulnerability/...

9.3CVSS9.3AI score0.82365EPSS
Exploits22
seebug
seebug
added 2014/07/02 12:0 a.m.40 views

Stem Innovation ‘IZON’ Hard-coded Credentials

No description provided by source. Stem Innovation ‘IZON’ Hard-coded Credentials CVE-2013-6236 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- Stem Innovation's IP camera called ‘IZON’ utilizes numerous hard-coded credentials within its Linux...

7.2CVSS9.2AI score0.10207EPSS
Exploits6
seebug
seebug
added 2014/07/02 12:0 a.m.22 views

Conceptronic Grab’n’Go Network Storage Directory Traversal

No description provided by source. Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversa...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.29 views

Conceptronic Grab’n’Go and Sitecom Storage Center Password Disclosure

No description provided by source. Updated to include Sitecom MD-253 and MD254 Minor textual changes == Conceptronic Grab’n’Go and Sitecom Storage Center - Password disclosure Vulnerability - Security Advisory AA-002 Severity Rating: High Discovery Date: May 5, 2012 Vendor Notification: May 31,...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.22 views

Mesut Manþet Haber 1.0 - Auth Bypass Vulnerability

No description provided by source. ============================================================================== » Note : LionTurk.Turkblog.com Resmi Web Sitem :D ============================================================================== »Mesut Manþet Haber V1.0 Auth Bypass Vulnerability...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.52 views

Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 4.1.X Bypass

No description provided by source. !-- Internet Explorer 8 Fixed Col Span ID full ASLR, DEP and EMET 4.1.X bypass Offensive Security Research Team http://www.offensive-security.com/vulndev/disarming-enhanced-mitigation-experience-toolkit-emet Affected Software: Internet Explorer 8 Vulnerability:...

9.3CVSS6.5AI score0.64962EPSS
Exploits27
seebug
seebug
added 2014/07/02 12:0 a.m.18 views

BSDI BSD/OS <= 2.1,Caldera OpenLinux Standard 1.0,Data General DG/UX <= 5.4 4.11,IBM AIX <= 4.3,ISC

No description provided by source. source: http://www.securityfocus.com/bid/134/info A buffer overflow exists in certain versions of BIND, the nameserver daemon currently maintained by the Internet Software Consortium ISC. BIND fails to properly bound the data recieved when processing an inverse...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.13 views

ZeroCms 1.0 /zero_view_article.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.16 views

ZeroCms 1.0 /zero_transact_article.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.22 views

wesoft /MainPage.aspx SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.18 views

Ibrahim Ã?AKICI Okul Portal 2.0 Haber_Oku.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24379/info Ibrahim Ã?AKICI Okul Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue by...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.34 views

phpscripte24 Vor und Rückwärts Auktions System Blind SQL Injection Vulnerability

No description provided by source. ----------------------------Information------------------------------------------------ +Name : phpscripte24 Vor und Rückwärts Auktions System Blind SQL Injection auktion.php +Autor : Easy Laster +Date : 02.04.2010 +Script : phpscripte24Vor und Rückwärts Auktion...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.24 views

phpscripte24 Countdown Standart Rückwärts Auktions System SQL Injection

No description provided by source. ----------------------------Information------------------------------------------------ +Name : phpscripte24 Countdown Standart Rückwärts Auktions System SQL Injection Vulnerability +Autor : Easy Laster +ICQ : 11-051-551 +Date : 08.05.2010 +Script : phpscripte24...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.9 views

Toms Gästebuch 1.00 admin/header.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25507/info Toms Gästebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.25 views

wdlinux一处sql注射

简要描述: rt 详细说明: http://www.wdlinux.cn/bbs/faq.php?action=grouppermission&gids99=%27&gids1000=%20and%20select%201%20from%20select%20count,concatversion,floorrand02x%20from%20informationschema%20.tables%20group%20by%20xa%23 漏洞证明:...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.50 views

CmsEasy最新 V5.5-UTF8 正式版暴力注入

简要描述: 官网下载最新版为20140605 注入+后台getshell 详细说明: cmseasy最新版后台无验证码,导致管理员账户可被暴力破解: 1.cmseasy后台无验证码导致可暴力破解管理员密码登陆后台; 2.后台模板编辑html文件,发现html里可执行php代码,利用php的写文件函数写shell。 漏洞证明: 0x01:爆破登陆后台 1.后台点击登陆后抓包: 2.burp爆破,通过回显得知管理员密码: 3.成功登陆后台: 0x02:后台模板编辑getshell 后台模板编辑处,我们先看left.html,点击编辑后发现是一堆代码。那我添加写文件的代码不就getshell了...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.65 views

Flussonic Media Server 4.1.25 - 4.3.3 - Aribtrary File Disclosure

No description provided by source. Document Title: ============ Flussonic Media Server 4.3.3 Multiple Vulnerabilities Release Date: =========== June 29, 2014 Product & Service Introduction: ======================== Flussonic is a mutli-protocol streaming server with support for many protocols,...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/02 12:0 a.m.18 views

UranyumSoft Ýlan Servisi Database Disclosure Vulnerability

No description provided by source. ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note : Mutlu...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.12 views

Symantec SYMTDI.SYS Device Driver - Local Denial of Service (DoS) Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22977/info Symantec 'SYMTDI.SYS' device driver is prone to a local denial-of-service vulnerability. A local authenticated attacker may exploit this issue to crash affected computers, denying service to legitimate users...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.14 views

vBulletin "Cyb - Advanced Forum Statistics" DoS

No description provided by source...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.15 views

SolucionXpressPro 'main.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33111/info SolucionXpressPro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.43 views

VbsEdit 4.7.2.0 - (.vbs) Buffer Overflow Vulnerability

No description provided by source. Title: VbsEdit v 4.7.2.0.vbs Buffer Overflow Vulnerability Author : anT!-Tr0J4n Email : D3v-PoinTathotmaild0tcom & C1EHatHotmaild0tcom Greetz : Dev-PoinT.com ; GlaDiatOr,SILVER STAR , HoBeeZ, Coffin Of Evil special thanks : r0073r,Sid3^effects,L0rd...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.27 views

PHP 4.x tempnam() Function open_basedir Restriction Bypass

No description provided by source. source: http://www.securityfocus.com/bid/17439/info PHP is prone to multiple 'safemode' and 'openbasedir' restriction-bypass vulnerabilities. Successful exploits could allow an attacker to access sensitive information or to write files in unauthorized locations...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.37 views

CloneCD/DVD (ElbyCDIO.sys < 6.0.3.2) Local Privilege Escalation Exploit

No description provided by source. //////////////////////////////////////////////////////////////////////////////////// // +----------------------------------------------------------------------------+ // // | | // // | SlySoft Inc. - http://www.slysoft.com/ | // // | | // // | Affected Software:...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.24 views

SLMail 5.5 - POP3 PASS Buffer Overflow Exploit

No description provided by source. SLmail 5.5 POP3 PASS Buffer Overflow Discovered by : Muts Coded by : Muts www.offsec.com Plain vanilla stack overflow in the PASS command D:\Projects\BOSLmail-5.5-POP3-PASS.py D:\Projects\BOnc -v 192.168.1.167 4444 localhost.lan 192.168.1.167 4444 ? open Microso...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.21 views

BigACE 1.8.2 upload_form.php GLOBALS Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute i...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.15 views

Kerio Mailserver 5.6.3 do_map Module Overflow

No description provided by source. source: http://www.securityfocus.com/bid/7967/info Multiple buffer overrun vulnerabilities have been discovered in Kerio MailServer, which affect the webmail component. The problem occurs when handling usernames of excessive length and likely occurs due to...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.15 views

Free Blog 1.0 - Multiple Vulnerabilities

No description provided by source. Free Blog 1.0 Multiple Vulnerability By cr4wl3r http://bastardlabs.info http://bastardlabs.info/exploits/FreeBlog.txt Software Link: http://blog.sdnex.com/ Tested: Ubuntu 12.04.1 LTS Proof of concept: Arbitrary File Upload Vulnerability...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.26 views

Pointter Social Network LFI Vulnerablility

No description provided by source. 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : pointter Social network LFI Vulnerablility Date : july, 2 2010 Critical Level : HIGH Vendor Url : http://www.pointter.com/ Auth...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.20 views

Iphone Pointter Social Network LFI Vulnerablility

No description provided by source. 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Iphone pointter Social network LFI Vulnerablility Date : july, 2 2010 Critical Level : HIGH Vendor Url : http://www.pointter.co...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.12 views

PDF Viewer Component ActiveX DoS

No description provided by source. Title : PDF Viewer Component ActiveX DoS Auther : Senator of Pirates E-Mail : [email protected] FaceBook : FaceBook.Com/SenatorofPirates Software link : http://www.ocxt.com/download/PDFViewerSetup.exe Date : 05/02/2012 Tested : Windows Xp SP3 EN...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.26 views

Joomla Component Arcade Games com_arcadegames Local File Inclusion Vulnerability

No description provided by source. ================================================================================================================= o Joomla Component Arcade Games Local File Inclusion Vulnerability Software : comarcadegames version 1.0 Author : AntiSecurity Vrs-hCk NoGe OoNBoY...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.38 views

ePhone Disk 1.0.2 iOS - Multiple Vulnerabilities

No description provided by source. Document Title: =============== ePhone Disk v1.0.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1230 Release Date: ============= 2014-03-25 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.27 views

Aborior Encore Web Forum Remote Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10040/info Encore Web Forum is reported prone to an issue that may allow a remote user to execute arbitrary commands on a system implementing the forum software. This issue is due to the application's failure to properly...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.24 views

PHP < 4.5.0 - unserialize Overflow

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.41 views

PHPBB2 Page_Header.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6888/info A SQL injection vulnerability has been reported in phpBB2. phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.24 views

phpBB2 Gender Mod 1.1.3 - Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5342/info phpBB2 is an open-source web forum application that is written in PHP and backended by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems...

7.1AI score
Exploits0
seebug
seebug
added 2014/07/01 12:0 a.m.19 views

PHPBB2 Plus 1.5 Index.PHP Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13150/info phpBB2 Plus is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...

7.1AI score
Exploits0
Total number of security vulnerabilities56796