cve database

Wordpress4.2.3 privilege escalation and SQL Injection Vulnerability (CVE-2015-5623) AnalysisThis is a vulnerability that you have been paying attention to over the past few days. wordpress released version 4.2.4 last week, which mentioned fixing possible SQL vulnerabilities and Multiple XSS.Check point was quickly analyzed. I also analyzed and reproduced the latest vulnerability.0x01 unauthorized vulnerability caused by GP MixingFirst, describe the ba

Guide Zabbix can monitor various network parameters, ensure the safe operation of the server system, and provide flexible notification mechanism for the system administrator to quickly locate/solve the various problems. about Zabbix Zabbix is an enterprise-class open source solution based on the Web interface that provides distributed system monitoring and network monitoring capabilities. Zabbix can monitor various network parameters, ensure the safe operation of the server system

Samba SMB1 ACL Overwriting Vulnerability (CVE-2015-7560)Samba SMB1 ACL Overwriting Vulnerability (CVE-2015-7560) Release date:Updated on:Affected Systems: Samba Samba 3.2.0-4.4.0rc3 Description: CVE (CAN) ID: CVE-2015-7560Samba is a free software that implements the SMB protocol on Linux and UNIX systems. It consists

Samba NETLOGON service information leakage Vulnerability (CVE-2016-2111)Samba NETLOGON service information leakage Vulnerability (CVE-2016-2111) Release date:Updated on:Affected Systems: Samba Samba 4.x-4.2.11Samba Samba 4.4.x-4.4.2Samba Samba 4.3.x-4.3.8Samba Samba 3.x Description: CVE (CAN) ID: CVE-2016-2111Samba is

Samba SMB Client Spoofing Vulnerability (CVE-2016-2115)Samba SMB Client Spoofing Vulnerability (CVE-2016-2115) Release date:Updated on:Affected Systems: Samba Samba 4.x-4.2.11Samba Samba 4.4.x-4.4.2Samba Samba 4.3.x-4.3.8Samba Samba 3.x Description: CVE (CAN) ID: CVE-2016-2115Samba is a free software that implements t

Samba MS-SAMR/MS-LSAD man-in-the-middle attack Vulnerability (CVE-2016-2118)Samba MS-SAMR/MS-LSAD man-in-the-middle attack Vulnerability (CVE-2016-2118) Release date:Updated on:Affected Systems: Samba Samba 3.6.0 － 4.4.0 Description: CVE (CAN) ID: CVE-2016-2118Samba is a free software that implements the SMB protocol

Git vulnerability allows arbitrary code execution (CVE-2018-17456) Foreign security researcher joernchen reported details about the vulnerability to the GIT official team on June 13, September 23. On October 5, the GIT project disclosed a vulnerability numbered CVE-2018-17456. When a user clones a malicious repository, this vulnerability may cause arbitrary code execution. Vulnerability description This vul

Release date:Updated on: Affected Systems:XenSource Xen 4.4.xDescription:--------------------------------------------------------------------------------CVE (CAN) ID: CVE-2014-3717Xen is an open-source Virtual Machine monitor developed by the University of Cambridge. In Xen 4.4.x, the 64-bit ARM client kernel loading address is not correctly verified. This allows local users to trigger buffer overflow throu

Samba nmbd NetBIOS Name Service Remote Code Execution Vulnerability (CVE-2014-3560) Release date:Updated on: Affected Systems:Samba 4.0.0-4.1.10Description:--------------------------------------------------------------------------------CVE (CAN) ID: CVE-2014-3560Samba is a set of programs that implement the SMB (Server Messages Block) protocol, cross-platform fil

ShellShock: CVE-2014-6271 vulnerability and emergency repair methods About this vulnerabilityHello, a Linux security vulnerability was found to be more serious than "heartbleed", that is, the ShellShock: CVE-2014-6271 vulnerability, attackers can remotely execute arbitrary commands, full control of your server, A lower operating threshold than "heartbleed" makes it more risky than the former. The vulnerabil

Note that when compiling a vulnerability exploits a program: gcc-lpthread dirtyc0w.c-o dirtyc0w The actual test under Ubuntu 15.10 needs to be changed to: Gcc-pthread Dirtyc0w.c-o dirtyc0w Or GCC dirtyc0w.c-o dirtyc0w -lpthread To compile correctly. Other vulnerabilities exploit code: Https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs Http://www.tuicool.com/articles/Rjiy2maHow to Patch and Protect Linux Kernel the Zero day local privilege escalation vulnerability ... Time 2016-10-21 16:

Release date:Updated on: Affected Systems:Apache Group Camel Apache Group Camel Description:--------------------------------------------------------------------------------CVE (CAN) ID: CVE-2014-0002 Apache Camel is an open-source integration framework based on a known enterprise-level integration model. The XSLT components of Apache Camel 2.11.0-2.11.3 and Apache Camel 2.12.0-2.12.2 use xslt routines to pa

Process and conclusion of CVE-2014-4423 Analysis Introduction Some time ago, "steamed rice" published an article on its blog "phishing attack (stealing the App Store password) on a non-jailbreaking iPhone 6 (iOS 8.1.3 )", try to reproduce the entire process after seeing the article. Since "steamed rice" clearly describes the entire process, combined with Apple's related documents, it quickly realizes background running, round robin check App running,

Unbound Security Restriction Bypass Vulnerability (CVE-2017-15105)Unbound Security Restriction Bypass Vulnerability (CVE-2017-15105) Release date:Updated on:Affected Systems: Unbound Description: Bugtraq id: 102817CVE (CAN) ID: CVE-2017-15105Unbound is a recursive and cached DNS parser.Unbound 1.6.8 and earlier versions have security vulnerabilities in the

Lantronix xPrintServer hard-coded credential Vulnerability (CVE-2016-4325)Lantronix xPrintServer hard-coded credential Vulnerability (CVE-2016-4325) Release date:Updated on:Affected Systems: Lantronix xPrintServer Description: CVE (CAN) ID: CVE-2016-4325Lantronix xPrintServer is a plug-and-play mobile printing s

Phpmailer This article will briefly demonstrate the use of the Phpmailer Remote Code Execution Vulnerability (CVE-2016-10033), using a Docker environment that someone else has already built, see the reference link.The lab environment is on Ubuntu 16.04.3, using Docker mirroring.Installing and using Docker imagesTo install Docker on Ubuntu First, you can install it using the following command:[Email protected]:~#apt-Get Install docker.io "Installing do

Vulnerability Hazard :"CVE 2015-0235:gnu glibc gethostbyname buffer Overflow Vulnerability" is a full-blown outbreak that resulted in the discovery of a glibc in the GNU C library (__nss_hostname) when Qualys company was conducting internal code audits The _digits_dots function caused a buffer overflow vulnerability. This bug can be triggered by the gethostbyname * () function, both locally and remotely. The vulnerability (Ghost vulnerability) caused

Release date:Updated on: Affected Systems:Cacti 0.8.8bCacti 0.8.7fDescription:--------------------------------------------------------------------------------Bugtraq id: 66392CVE (CAN) ID: CVE-2014-2327Cacti is a database round robin (RRD) tool that helps you create images from database information. It has multiple Linux versions.Cacti 0.8.8b and earlier versions

Release date:Updated on: Affected Systems:Oracle MySQL Server Description:--------------------------------------------------------------------------------Bugtraq id: 66863CVE (CAN) ID: CVE-2014-2450Oracle MySQL Server is a lightweight relational database system.Oracle MySQL Server has a remote security vulnerability in the implementation of the MySQL Server component. This vulnerability can be exploited thr

Release date:Updated on: Affected Systems:IBM DB2 Connect 9.xDescription:--------------------------------------------------------------------------------Bugtraq id: 67617CVE (CAN) ID: CVE-2014-0907IBM DB2 is a large commercial relational database system. DB2 Connect connects PCs and mobile devices to the organization's mainframe.Multiple IBM DB2 products have the local privilege escalation vulnerability, wh