Lucene search
K
SeebugRecent

56796 matches found

seebug.org
seebug.org
added 2016/01/23 12:0 a.m.24 views

中兴wlan控制器sql注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.21 views

ecmall2.x修改任意管理员和用户密码

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.34 views

用友FE协作办公平台5.5 /common/treeXml.jsp 文件 code 参数SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.13 views

福建四创灾害预警系统(strongsoft) /warn/OuterWarnModEdit.aspx 文件 adcd 参数SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.194 views

用友致远A6协同系统 /yyoa/HJ/iSignatureHtmlServer.jsp 文件 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.12 views

省级农机购置补贴信息管理系统 gongs.aspx SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.36 views

joomla! 组件GoogleSearch (CSE) V3.0.2 参数q XSS漏洞

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '1' ssvid version = '1.0' author = 'kikay' vulDate = '2015-08-29' createDate =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.18 views

省级农机购置补贴信息管理系统 chakanfendang.aspx 参数areacode SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.23 views

Powered by BIC online SQL Injection

/newsdetail.php?id=-4%27+UNION+SELECT+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,version,18--%20-...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.31 views

Power by NETDOIT Cross Site Scripting

/newsdetail.php?id=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28/xss/%29%3c%2fScRiPt%3e...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.123 views

泛微E-mobile /calendar_page.php 文件 detailid 参数 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.171 views

杰奇小说连载系统(JieqiCMS) V1.7 /modules/article/packdown.php 文件 cid 参数任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/23 12:0 a.m.22 views

ATCOMINK Shop Cross Site Scripting

Payload = "PersianHack Team /webboard/show.php?Category=thaitestonline&No=121%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team.VpgF8SiDHIU...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.25 views

启莱OA系统/client/checkuser.aspx SQL 注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.38 views

kingdee live800在线客服系统SQL注射漏洞

0x01 漏洞概述 相关厂商: live800.com 漏洞时间: 2015-10-18 loginAction.jsp SQL注射漏洞,可看客户与客服对话内容,泄露大量敏感信息。 0x02 漏洞细节 在loginAction.jsp中发现以下内容: String loginName=request.getParameter"loginName"; String password=request.getParameter"password"; String loginServerUrl = request.getParameter"loginServerUrl"; OperatorInf...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.18 views

shopnc o2o版 3处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.35 views

CSCMS在app/controllers/api/count.php中存在sql注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.16 views

YXcms建站系统 showkbxx.asp 参数id SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.17 views

YouYaX_V5.47 YouYa.php param 参数 SQL 注入

问题出现在ORG/YouYa.php文件中。 第356行: public function find$table, $ext = "string", $param //在 param 中寻找与给定的正则表达式 pattern 所匹配的子串 if pregmatchall"/=/", $param, $tmp $sql = "select from " . $table . " where " . $param; //echo 'x'.$sql; else $param = "id=$param"; $sql = "select from " . $table . " where "...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.38 views

方维O2O商业系统 /app/Lib/biz/ajaxModule.class.php SQL 注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.15 views

ZDSoft教育信息发布系统 /cnet/servlet/servletupload 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.15 views

Bo-blog 2.1.1 xmlrpc.php 上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.14 views

PHPCMS后台CSRF

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/22 12:0 a.m.75 views

shopnc o2o版 index.php?act=payment&op=notify SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.24 views

Commentator WordPress Plugin 2.5.2 XSS Vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.14 views

中软政务系统Technological.aspx 参数id SQL注入漏洞

SQL Injection: /ExtendForm/Down/Technological.aspx?id=1 不过使用的数据库功能有限,没有什么核心内容。...

7.6AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.18 views

帝友P2P前台lates/index.html SQL注入

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.258 views

用友GRP系统sql 注入漏洞

用友GRP系统sql注射 /R9iPortal/cm/cminfocontent.jsp 参数 infoid http://221.2.68.102:8888/R9iPortal/cm/cminfocontent.jsp?infoid=-8431%20UNION%20ALL%20SELECT%2067,67,user,67,67,67,67,67,67,67,67,67,67,67--...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.40 views

大汉 jcms m_5_7/replace/export.jsp 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.141 views

用友U8-OA系统/yyoa/ext/https/getSessionList.jsp文件敏感信息泄漏漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.25 views

Joomla Spider FAQ Component index.php 参数theme SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.13 views

Apache SOLR 未授权访问

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.16 views

Wordpress Tubepress 插件 v2.0 popup.php 参数 name XSS 漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.20 views

双杨OA系统 /DSOA_TY/goods/GoodsAdd.aspx SQL注入漏洞

双杨OA系统/DSOATY/goods/GoodsAdd.aspx SQL注入漏洞 注入参数 goodsid http://xinhuachongming.com.cn/DSOATY/goods/GoodsAdd.aspx?goodsid=1%20and%201=user&flag=2 http://xinhuachongming.com.cn/DSOATY/goods/GoodsAdd.aspx?goodsid=1%20and%201=@@SERVERNAME&flag=2...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.19 views

U-Mail V9.8.57 /fast/default/operates.php 任意用户登录及注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.116 views

用友oa getSessionList.jsp信息泄露

https://g.jiuminghu.com/newwindow=1&q=intitle:%E3%80%8A%E7%94%A8%E5%8F%8BU8-OA%E3%80%8B&btnK=+%E6%90%9C%E7%B4%A2 intitle:《用友U8-OA》 谷歌搜索即可搜出来大量案例 漏洞存在于:http://www.example.com/yyoa/ext/https/getSessionList.jsp?cmd=getAll 该漏洞允许攻击者获取所有用户的用户名和密码MD5值...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.27 views

用友FE协同办公系统 V6.0 showphoto.xf?photoid 参数盲注漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.35 views

Libsys图书管理系统 ajax_libsys_view.php 信息泄漏漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.30 views

用友FE协作办公系统 system/config/groupTreeXml.js 文件 SG04 参数SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.15 views

用友人力资源管理 country 和 language 字段任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.61 views

jcms /interface/user/out_userinfo.jsp 文件 xmlinfo 参数敏感信息泄漏漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.393 views

冰峰VPN /log/system.log 敏感信息泄漏漏洞

由于“ICEFLOW VPN Router”设备产品存在各种日志文件未授权访问可导致系统敏感信息泄漏。(包括登录成功后的session值) 系统日志http://url/log/system.log VPN日志http://url/log/vpn.log 移动用户日志http://url/log/mobile.log 防火墙日志http://url/log/firewall.log 访问日志http://url/log/access.log 告警日志http://url/log/warn.log 错误日志http://url/log/error.log...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/21 12:0 a.m.15 views

大汉网络政府办公系统 /lm/front/reg_2.jsp 文件 sysid 参数本地文件包含漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/20 12:0 a.m.77 views

用友某软件存在通用XXE漏洞

简要描述: 详细说明: 1.民生证券 http://.../uapws/ 抓包 POST /uapws/soapFormat.ajax HTTP/1.1 Host: ... User-Agent: Mozilla/5.0 Windows NT 6.1; rv:43.0 Gecko/20100101 Firefox/43.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/20 12:0 a.m.114 views

maticsoft Shop商城系统 regionhandle.aspx 参数ParentId SQL注入漏洞

动软商城系统是一套集CMS资讯+独立商城+微信商城+手机APP+SNS用户社区于一体的全新电商营销解决方案。主要为企业树立企业品牌形象,实现独立网络推广,充分利用网站SEO、微博、APP,微信等移动客户端多渠道网络营销手段,为您搭建一个全新的营销渠道。 官方主页: http://www.maticsoft.com/ Google Dork:MaticsoftFK 0x02 漏洞细节 通用注入 http://shop1.maticsoft.cn/regionhandle.aspx 页面中 ParentId 过滤不严,造成post注入 sqlmap过程: Place: POST...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2016/01/20 12:0 a.m.43 views

DaMall商城系统httphandler/getdata.ashx SQL注入漏洞

0x01 框架介绍 商城网站建设-damall多功能商城建站系统,支持B2C2C,O2O模式...DaMall商城建站系统采用强劲的.NET企业级平台研发,可兼容多行业、多模式的业务特点以及扩展需求。 官方主页:http://www.bg68.com 0x02 漏洞细节 漏洞页面: http://mall.bg68.com/httphandler/getdata.ashx 参数brandid 部分用户案例: http://mall.hicay.com/httphandler/getdata.ashx http://w16.cxecs.com/httphandler/getdata.ash...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/20 12:0 a.m.23 views

CSDJCMS V4 reg.php 参数username SQL注入漏洞

漏洞文件app/controllers/user/reg.php public function check $username = $this-security-xssclean$this-input-getpost'username', TRUE; //username $sqlu="SELECT csid FROM ".CSSqlPrefix."user where csname='".$username."'"; $row=$this-CsdjDB-getall$sqlu; if!$row echo 'no'; else echo 'ok';...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/20 12:0 a.m.28 views

新云cms建站系统showkbxx.asp文件id参数SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/20 12:0 a.m.24 views

蓝太平洋网站决策支持系统webeng~1.bz2配置文件下载漏洞

蓝太平洋网站决策支持系统WebEngine存在利用短文件漏洞下载明文系统配置文件可泄漏管理员明文密码等系统敏感配置信息 部分部署安装在win+apache环境下存在缺陷通过短文件漏洞实现利用。 配置文件中包涵了账号密码: poc导出的密码:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/01/20 12:0 a.m.536 views

正方协同办公系统/zfoa/gwxxbviewhtml.do任意文件下载漏洞

0x01 系统介绍 正方协同办公系统的设计目标是帮助各部门快速构建起一个安全、可靠、易用的文档一体化办公环境,实现公文处理的自动化,同时作为内部通讯和信息共享的平台。 系统的特点如下: (1)简单易用:实现快速部署,轻松办公 符合日常办公习惯的界面和操作,通过简单的使用培训,使用人员即可了解系统中的相关办公设置,并可应用系统进行办公。 (2)灵活的自定义功能,满足个性与变化的需求 组织机构、表单格式、工作流程、访问权限、打印格式、统计等全面提供自定义,能够很好的满足各单位现在和未来的办公自动化需求。 (3)多层次的安全设计,为办公自动化提供保障...

7.1AI score
Exploits0
Total number of security vulnerabilities56796