Lucene search
K
SeebugRecent

56796 matches found

seebug.org
seebug.org
added 2016/05/09 12:0 a.m.24 views

ShopNum1 ScoreProductSearchList.html文件ProductCategoryID参数SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/09 12:0 a.m.20 views

FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow Exploit

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/09 12:0 a.m.33 views

东芝e-STUDIO 系列打印机未授权访问漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/09 12:0 a.m.76 views

Ezoffice jmx-console 弱口令漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/09 12:0 a.m.72 views

ShopNum1 ProductListCategory.aspx文件BrandGuid参数SQL注入漏洞

0x01 框架介绍 ShopNum1网店系统是武汉群翔软件有限公司自主研发的基于 WEB 应用的 B/S 架构的B2C网上商店系统,主要面向中高端客户, 为企业和大中型网商打造优秀的电子商务平台,ShopNum1运行于微软公司的 .NET 平台,采用最新的 ASP.NET 3.5技术进行分层开发。拥有更强的安全性、稳定性、易用性。 官方主页:www.shopnum1.com 影响厂商:武汉群翔软件有限公司 0x02 漏洞利用 关键词:inurl:ProductListCategory.aspx BrandGuid参数过滤不严导致注入。 利用方式:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/08 12:0 a.m.29 views

信游科技网站管理后台弱口令

简要描述: 信游科技管理后台可登陆 详细说明: 访问信游科技页游平台管理系统 http://ht.52xinyou.cn/xykj/login.aspx 可以使用账号:xinyoukeji 密码:xinyoukeji 登陆系统 https://images.seebug.org/upload/201605/080212066495390cc27b03f0e0cf03af86d90417.png 可以执行的操作一目了然了, 对用户组的管理 查看用户信息...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.21 views

PHPOA /ntko/FileEdit.php 等五处SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.58 views

dedecms v5.7缓存文件data/cache/typename.inc导致任意代码执行(有条件)

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.24 views

PHPCMS /phpsso_server/phpcms/modules/phpsso/index.php任意代码执行

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.16 views

Apache OFBiz安全绕过漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.21 views

PHPCMS V9 phpsso/index.php authkey 泄露漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.68 views

FFmpeg 2.x版本服务器端请求伪造漏洞

详情来源 :ffmpeg SSRF漏洞分析 ffmpeg得反应很快,1月16日就发布了修复版本。 漏洞影响 如果ffmpeg解析了一个恶意的文件,会导致本地的文件信息泄露。受影响的出了ctf中这个在线视频格式转换的服务外,如果是采用ffmpeg了客户端如果可以输入恶意文件也会造成本地文件信息泄露。 漏洞分析 change log中提到了两个CVE CVE-2016-1897和CVE-2016-1898。 CVE-2016-1897 FFmpeg 2.x版本允许攻击者通过服务器端请求伪造SSRF:Server-Side Request Forgery...

4.3CVSS6.3AI score0.14621EPSS
Exploits3
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.26 views

Discuz! source\function\function_discuzcode.php 存储型xss漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.38 views

正方教务(2006/2008)登录页面处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/06 12:0 a.m.202 views

Tipask 2.5 /control/question.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.16 views

PowerCreator在线教学系统openCourse.aspx文件cid参数SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.19 views

悟空CRM V0.5.4 /App/Lib/Action/FinanceAction.class.php SQL盲注

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.34 views

万户OA /defaultroot/information_manager/informationmanager_upload.jsp 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.17 views

悟空CRM V0.5.4 /App/Lib/Action/ProductAction.class.php SQL盲注

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.28 views

74cms v3.6 申请友情链接 XSS漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.25 views

悟空CRM V0.5.4 /App/Lib/Action/LeadsAction.class.php SQL盲注

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.19 views

万户OA /defaultroot/public/jsp/multiuploadfile.jsp 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.18 views

万户OA /defaultroot/work_flow/formOptJSPUpload.jsp 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.20 views

Wukong CRM system /Public/js/php/file_manager_json.php unauthorized access vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.158 views

Wordpress 4.5.1 Remote Command Execute

来源 http://ricterz.me/,格式稍作整理 ImageMagick ImageMagick 昨天曝出 CVE-2016-3714,Java、PHP 的库也受其影响可参考 https://www.seebug.org/vuldb/ssvid-91446 。其中 PHP 的库 Imagick 应用广泛,波及也大。Wordpress 也就是受此漏洞影响出现了 RCE。 这个漏洞很蠢,ImageMagick 在 MagickCore/constitute.c 的 ReadImage 函数中解析图片,如果图片地址是https://开头的,即调用 InvokeDelegate。...

10CVSS8.6AI score0.97485EPSS
Exploits11
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.19 views

ATutor 2.2.1远程代码执行漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.134 views

74cms v3.6 任意密码重置漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.195 views

大米CMSFV5.53遍历目录

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/05 12:0 a.m.24 views

PHPWind 8.3 /apps/group/admin/manage.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.13 views

Liferay Portal 5.1.2 - Persistent XSS

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.14 views

fengcms_v1.32.beta 前台SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.47 views

CVE-2016-1743苹果OS X 本地提权漏洞

No description provided by source...

9.3CVSS7.8AI score0.05457EPSS
Exploits5
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.21 views

WordPress 支付插件SQL 注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.18 views

Foxit Reader 7.3.0 UAF 漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.20 views

Wordpress kento-post-view-counter 插件 存储型 XSS

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.42 views

NetCommWireless HSPA 3G10WVE 命令执行漏洞

Below listed vulnerabilities enable an anonymous unauthorized attacker to gain access of network troubleshooting page ping.cgi on wireless router and inject commands to compromise full system/network. 1 Bypass authentication and gain unauthorized access vulnerability - CVE-2015-6023 2 Command...

7.5CVSS7.4AI score0.10983EPSS
Exploits6
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.17 views

万户OA webservice SQL 注入漏洞

0x3 SQL注射 webservice服务需要一个通信密码,但官方自己留了一个万能密码:auth.key.whir2012 有了这个key,webservice都能使用。可以进行添加、删除用户等操作。 webservice很多地方没有使用参数查询还是拼接sql,存在SQL注射:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.31 views

Flash 整数溢出漏洞 (CVE-2016-1010)

No description provided by source...

10CVSS8.6AI score0.19785EPSS
Exploits1
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.147 views

万户OA /UploadServlet 任意文件上传漏洞

任意文件上传 url: /UploadServlet 最后上传的文件路径就是: uploadFolder/path/fileId.substring0, 6/fileId,path和fileId两个参数可控,所以可以上传任意文件了 官方demo演示:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.25 views

Trend Micro Deep Discovery Inspector 3.8, 3.7 - CSRF Vulnerabilities

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.22 views

艾思迈非书资源管理系统 site/rdmore.html 文件 type 参数 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.15 views

NetCommWireless HSPA 3G10WVE Authentication Bypass

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.270 views

OpenSSL Memory corruption in the ASN.1 encoder (CVE-2016-2108)

No description provided by source...

10CVSS9.6AI score0.77906EPSS
Exploits1
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.118 views

ImageMagick 命令执行漏洞 (ImageTragick)

详情来源:CVE-2016-3714 - ImageMagick 命令执行分析 - 乌云知识库 ImageMagick是一款使用量很广的图片处理程序,很多厂商都调用了这个程序进行图片处理,包括图片的伸缩、切割、水印、格式转换等等。但近来有研究者发现,当用户传入一个包含『畸形内容』的图片的时候,就有可能触发命令注入漏洞。 国外的安全人员为此新建了一个网站: https://imagetragick.com/ ,不得不说,有些外国人蛮会玩的。...

10CVSS6.9AI score0.97485EPSS
Exploits13
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.18 views

Wordpress spreadsheet 插件-spreadsheet.php文件page参数-跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.16 views

Lindon-EDU V2 数字校园平台 /code/teach/class/classcourse.aspx 参数SubjectID SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.16 views

金蝶办公系统get_file.jsp 和getFileUseSpace两处 SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.29 views

致翔OA /OpenWindows/Openleibie_wtMc.aspx文件id参数SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.62 views

万户OA xfire xml实体注入漏洞

xfire xml实体注入 webservice使用了xfire框架,存在xxe漏洞 jmx-console 存在默认口令: admin/ezoffice,网上搜一下基本没改。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/05/04 12:0 a.m.19 views

PHPCMS v9.6.0 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
Total number of security vulnerabilities56796