Lucene search
K
SeebugRecent

56796 matches found

seebug.org
seebug.org
added 2016/04/18 12:0 a.m.15 views

Kamailio 4.3.4 基于堆的缓冲区溢出漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/18 12:0 a.m.19 views

南京擎天政务系统 /webpages/bjcx_list_page.aspx POST类型SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/18 12:0 a.m.21 views

WordPress Memphis Document Library Plugin 2.3 - 3.1.5任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/15 12:0 a.m.140 views

T-Site建站系统 /AjaxFile/DownLoadFile.aspx文件FilePath参数任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/15 12:0 a.m.19 views

Internet Download Manager 6.25 Build 14 - 'Find file' Unicode SEH Exploit

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/15 12:0 a.m.255 views

蚂蚁信息分类系统(mymps) V5.0 corporation.php文件Catid参数SQL注入漏洞

0x01 框架介绍 mymps(蚂蚁分类信息/地方门户系统)是一款基于php mysql的建站系统.为在各种服务器上架设分类信息以及地方门户网站提供完美的解决方案。 mymps,整站生成静态,拥有世界一流的用户体验,卓越的访问速度和负载能力。 mympsphp分类信息系统/php地方门户系统能让你在最短的时间架设一个专业的分类信息/地方门户网站,是一款专注分类信息领域的CMS内容管理系统,能以最低的成本,最少的人力投入,在最短的时间内架设一个功能齐全,性能优异规模庞大并且易于维护的网站平台。 官方网站:http://www.mymps.com.cn 0x02 漏洞利用 神器扫描结果:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/15 12:0 a.m.13 views

小云wifi路由器默认webserver 代理服务未授权访问

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/15 12:0 a.m.17 views

网趣网上购物系统(cnhww)HTML静态版 v2010 review.asp 文件 id 参数SQL注入漏洞

网趣简介 网趣作为国内老牌购物系统,拥有国内庞大的用户使用群体和多年的购物系统开发经验,产品能够满足企业及个人网上开店的各种不同需求!HTML静态版又是其最出色的产品之一,凭借软件强大的功能和完善的服务体系越来越受到用户的喜爱,多年的发展奠定了网趣软件在国内购物系统领域的绝对地位,相信会有更多的用户在这里实现自己网上创业的梦想。 漏洞原理 参数id未做好过滤,直接被带入SQL语句中进行查询,导致SQL注入漏洞的产生 漏洞分析 查看admin/review.asp文件 alert'您的回复已成功提交!!';history.go-1;" response.End end if %...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/15 12:0 a.m.20 views

Sysax Multi Server 6.50 - HTTP File Share SEH Overflow RCE Exploit

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/15 12:0 a.m.12 views

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/15 12:0 a.m.11 views

iTop 2.2.1 - CSRF Vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/15 12:0 a.m.16 views

Dating Pro Genie 2015.7 - CSRF Vulnerabilities

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/15 12:0 a.m.13 views

Disc ORGanizer - DORG - Multiple Vulnerabilities

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/14 12:0 a.m.16 views

WordPress Import CSV Plugin 1.0 - Directory Traversal

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/14 12:0 a.m.40 views

RuvarHRM 人力资源管理系统 accounts_list.aspx SQL注入

exp: http://oa.hnlxbus.com:8081/RuvarHRM/admin/accountslist.aspx?udepartmentid=1%27and%201%3Dconvert%28int%2C%20CHAR%28126%29%20%2b%20CHAR%28126%29%20%2b%20CHAR%28126%29%2bdbname%28%29%2b%20CHAR%28126%29%20%2b%20CHAR%28126%29%20%2b%20CHAR%28126%29%29--...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/14 12:0 a.m.16 views

Xoops 2.5.7.2 - Directory Traversal Bypass

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/14 12:0 a.m.20 views

WordPress Abtest Plugin - Local File Inclusion

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/14 12:0 a.m.20 views

Xoops 2.5.7.2 - Arbitrary User Deletions CSRF

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/14 12:0 a.m.187 views

ProjectSend r582 多个(持久)XSS漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/13 12:0 a.m.17 views

phpyun model\register.class.php SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/13 12:0 a.m.87 views

神器而已之EMobile某版本表达式注入(命令执行)

简要描述: 神器扫出来的 详细说明: 版本:E-Mobile 4.5 查看源码即可看到 .../verifyLogin.do data:loginid=CasterJs&password=CasterJs&clienttype=Webclient&clientver=4.5&language=&country=&[email protected]@[email protected]@getRuntime.exec'ipconfig'.getInputStream 其他案例 http://.../verifyLogin.do data:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/13 12:0 a.m.87 views

威速科技官网某子站SQL注入可提权服务器

简要描述: 详细说明: 第三方会议系统,V2 Conference. 见: WooYun: V2视频会议系统某处SQL注射、XXE漏洞可getshell 漏洞证明: http://zuyong.v2tech.com/Conf/jsp/systembulletin/bulletinAction.do?operator=details&sysId=-1%20union%20select%201,user%28%29,3,version%28%29,5%23 mysql root权限注入,可写shell. 查看远程桌面端口:39556 创建了wooyun用户,连接远程桌面: img...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/13 12:0 a.m.16 views

PHP 7.0.0格式化字符串漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/13 12:0 a.m.665 views

用友ERP-NC任意文件遍历漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/13 12:0 a.m.27 views

Timber E-learning在线考试系统后台 /system/Dep_Right.aspx 参数DEP_NAME2 SQL注入漏洞

0x01漏洞简介 Timber E-learning在线考试系统的后台/system/DepRight.aspx对参数DEPNAME2过滤不严格,导致出现注入漏洞。远程攻击者先需要注册一个用户,登陆后台后可以利用这些漏洞执行SQL指令。该漏洞利用的步骤如下: 1访问页面/usercontrol/ajax.aspx输入用户名密码,进行登陆 http://www..com/usercontrol/ajax.aspx post: Action=post&username=&pwd=&func=Login 登陆成功,将返回true,否则返回false 2登陆成功后,可以利用注入漏洞执行SQL指令...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/13 12:0 a.m.42 views

Samba Badlock 漏洞

概述 Samba 3.6.0-4.4.0版本在MS-SAMR及MS-LSAD协议未正确处理DCERPC连接,可使中间人攻击者修改客户端到服务器的数据流,执行协议降级攻击并冒充用户,对Security Account Manager Database读写操作,获取敏感信息等。 在首次被公开发布时称为"Badlock"。 受影响版本 cpe:/a:samba:samba:4.4.0 cpe:/a:samba:samba:4.4.1 cpe:/a:samba:samba:4.4.0:rc3 cpe:/a:samba:samba:4.4.0:rc2...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/13 12:0 a.m.24 views

VBcms /post.php SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.16 views

YXcmsApp1.3.0补丁不当任意文件删除

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.16 views

ourphp 1.5.2 /function/ourphp_shoppingorders.class.php 参数id 绕过过滤SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.27 views

eyou Storage_explore.php Cookie命令注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.14 views

Wordpress Scoreme主题跨站漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.14 views

ourphp v1.3.1 商品分类页面 type参数SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.282 views

Netgear R6220 管理后台默认口令

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.19 views

KPPW 2.5 /control/user/message_notice.php 和 /control/user/message_privite.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.12 views

Netgear DGND3700v2 管理后台默认口令

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.32 views

ourphp 1.5.0 /function/ourphp_shoppingorders.class.php 参数id绕过过滤SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.12 views

ourphp 1.5.0 OP_Useremail SQL二次注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.16 views

Tipask 2.5 setting.php 存在CSRF漏洞 (结合xss可getshell)

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.25 views

NTP crypto_recv() 函数缓冲区溢出漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.18 views

Ourphp CMS 评论处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.13 views

ourphp 1.5.0 /function/plugs/Comment/product-content.php 参数row SQL盲注漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.27 views

Web India Solutions CMS 2015 - SQL Injection Vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.26 views

Schneider AS AS-P系列-v1.7及之前版本管理账户-弱口令漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.11 views

emlog 5.3.1 store.php CSRF漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.24 views

用友FE协作办公平台 /common/parseTree.jsp 等2处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.22 views

用友FE协作办公系统 V5.5 /indexsearch/filter.jsp文件tableId参数SQL注入漏洞

exp: http://xxx.com/indexsearch/filter.jsp?tableId=1 UNION ALL SELECT NULL,NULL,char126+char126+char126+isnullcastdbname as nvarchar4000,char32+char126+char126+char126,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/12 12:0 a.m.18 views

用友FE协作系统办公系统 filter.jsp 参数tableId SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/11 12:0 a.m.14 views

emlog 5.3.1 后台储存型xss漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/11 12:0 a.m.18 views

Cmseasy多处CSRF

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/11 12:0 a.m.47 views

Wordpress MyBand插件-timthumb.php文件-跨站脚本漏洞

No description provided by source...

7.1AI score
Exploits0
Total number of security vulnerabilities56796