56796 matches found
TRS portal个性化门户任意文件读取(二)
简要描述: 发现portal个性化门户其他链接实体注入漏洞 详细说明: TRS Portal个性化门户 http://XX.XX.XX.XX/portal/help/wcmhelpaddeditdowith.jsp链接未对外部实体进行过滤,可调用外部实体进行解析,可任意读取服务器上任意文件 漏洞证明: 漏洞利用过程: http://XX.XX.XX.XX/portal/help/wcmhelpaddeditdowith.jsp POST请求:ObjectXML=%0d%0a%20%20%25remote;%0d%0a%5D%0d%0a...
Horde Groupware 5.2.10 - CSRF 漏洞
No description provided by source...
Netwin SurgeFTP Sever 23d6 存储型跨站脚本攻击漏洞.
No description provided by source...
Drupal UC Profile模块信息泄露漏洞
No description provided by source...
Wordpress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
No description provided by source...
Horde Groupware跨站请求伪造漏洞
No description provided by source...
Drupal MAYO主题跨站脚本漏洞
No description provided by source...
ecshop某处通杀存储型xss直达后台漏洞
简要描述: 测试了2.7.3-2.7.4 都存在这个漏洞 应该是通杀吧:) 详细说明: 随便找一个商品购买 数量填999999999999 然后会让你填写缺货登记 数据随便填 然后利用burp抓包 修改掉email中的数据提交 然后坐等管理员审核缺货登记。。。 漏洞证明: 过滤...
FFmpeg ljpeg_decode_yuv_scan 函数拒绝服务漏洞
No description provided by source...
ATutor PHP代码注入漏洞
No description provided by source...
FFmpeg ff_hevc_parse_sps 函数拒绝服务漏洞
No description provided by source...
QEMU NE2000 NIC Emulation Heap Based Buffer Overflow Vulnerability
No description provided by source...
Linux kernel输入验证漏洞
No description provided by source...
信游科技多站弱口令及SQL注入漏洞#大量信息泄露
简要描述: rt 详细说明: 信游科技多站弱口令及SQL注入漏洞大量信息泄露。 SQL注入:地址:http://xin.52xinyou.cn/ 弱口令用户:xinyoukeji;xinyoukeji 注入需登录:http://xin.52xinyou.cn/pay-order.html?gid=62485%27 漏洞证明: 多站弱口令,信息泄露: 1.地址:http://fx.52xinyou.cn/login.html test;123456 https://images.se...
金蝶某系统撞库&远程命令执行
简要描述: . 详细说明: 1.撞库:https://sso.youshang.com/sso/userAuthnAction.do无限制撞库 抓包,撞库,123456密码 以下可以登录: 漏洞证明: 登录一个作证明 2.http://service.youshang.com/fee/moneybagHome.do s-19远程命令执行...
Samsung Galaxy S6 Edge内存破坏漏洞
No description provided by source...
ATutor任意文件上传漏洞
No description provided by source...
Linux kernel IPv6栈拒绝服务漏洞
No description provided by source...
Piwik PHP对象注入漏洞
No description provided by source...
QEMU 'e1000.c' Denial of Service Vulnerability
No description provided by source...
Piwik本地文件包含漏洞
No description provided by source...
FFmpeg init_tile 函数拒绝服务漏洞
No description provided by source...
WordPress Work The Flow File Upload 2.5.2 - Arbitrary File Upload Vulnerability
漏洞类型: 文件上传漏洞 漏洞概述: Work the flow是一个基于HTML5的Wordpress插件,它主要向用户提供文件上传功能。但是由于插件开发作者没有对上传文件进行足够的检查导致插件存在文件上传漏洞。 漏洞分析: 漏洞存在于插件“work-the-flow-file-upload\public\assets\jQuery-File-Upload-9.5.0\server\php”目录下UploadHandler.php文件中的UploadHandler类。 下面我们看看漏洞形成的原因: 1、UploadHandler类未经验证初始化。...
FFmpeg decode_uncompressed 函数拒绝服务漏洞
No description provided by source...
discuz 7.2 网站路径泄露漏洞
No description provided by source...
Linux kernel竞争条件漏洞
No description provided by source...
Linux kernel securelevel/secureboot 本地安全绕过漏洞
No description provided by source...
Microsoft Excel for Mac跨站脚本漏洞
No description provided by source...
Atlassian Bamboo远程代码执行漏洞
No description provided by source...
Microsoft .NET Framework跨站脚本漏洞
No description provided by source...
Microsoft Windows日记本堆溢出漏洞
No description provided by source...
libreswan拒绝服务漏洞(CNVD-2015-07581)
No description provided by source...
HP ArcSight Management Center 多个跨站脚本漏洞
No description provided by source...
XScreenSaver安全机制绕过漏洞
No description provided by source...
Drupal User Dashboard模块SQL注入漏洞
No description provided by source...
Adobe Flash Player & Compiler内存错误引用漏洞(CNVD-2015-07616)
No description provided by source...
Linux kernel "drivers/usb/serial/whiteheat.c" 拒绝服务漏洞
No description provided by source...
Cisco FireSIGHT Management Center存在多个跨站脚本漏洞
No description provided by source...
ZTE ZXHN H108N R1A任意文件读取漏洞
No description provided by source...
Apple OS X Script Editor限制绕过漏洞
No description provided by source...
libpng png_set_PLTE()和png_get_PLTE()缓冲区溢出漏洞
No description provided by source...
Xen对齐检查异常处理拒绝服务漏洞
No description provided by source...
Sensio Labs Twig displayBlock任意代码执行漏洞
No description provided by source...
Cisco IOS ACL控制绕过漏洞
No description provided by source...
Infinite Automation Mango Automation任意命令执行漏洞
No description provided by source...
Oxwall跨站请求伪造漏洞
No description provided by source...
Bouncy Castle Java library信息泄漏漏洞
No description provided by source...
Microsoft Windows安全机制绕过漏洞(CNVD-2015-07598)
No description provided by source...
Foxit Reader表单越界远程代码执行漏洞
No description provided by source...
util-linux缓冲区溢出漏洞
No description provided by source...