漏洞类别:CGI 漏洞等级: 漏洞信息 SAP NetWeaver Application Server (AS) or SAP Web Application Server is a component of the solution which works as a web application server to SAP solutions. The vulnerability exists in the implemented webdynpro service, which is an example …
漏洞类别:Local 漏洞等级: 漏洞信息 An update for rh-postgresql94-postgresql is now available for Red Hat Software Collections. A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could…
漏洞类别:Local 漏洞等级: 漏洞信息 An update for rh-ror41-rubygem-actionview is now available for Red Hat Software Collections. It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attac…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): *A flaw was found in the Linux kernel's keyring handling code: the key_reject_and_link() function could be forced to free an arbitrar…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-…
漏洞类别:RedHat 漏洞等级: 漏洞信息 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: * A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-on…
CVE
Cisco Wireless LAN Controller Wireless Web Authentication Denial of Service Vulnerability (Cisco-SA-20150508-CVE-2015-0723)
漏洞类别:General remote services 漏洞等级: 漏洞信息 A vulnerability in the wireless web authentication subsystem of Cisco Wireless LAN Controller (WLC) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability exists…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for php7 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Mal…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for php53 to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gd to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 11-SP4 SUSE Linux Enterprise Server 11-SP4 漏洞危害 This vulnerability could be exploited to gain partial ac…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for gd to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability …
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for imagemagick to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulne…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for flash-player to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerability could be exploited to gain partial access to sensitive information. Malicious us…
漏洞类别:SUSE 漏洞等级: 漏洞信息 SUSE has released security update for openslp to fix the vulnerabilities. Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP1 SUSE Linux Enterprise Server 12-SP1 SUSE Linux Enterprise Desktop 12-SP1 漏洞危害 This vulnerabi…
漏洞类别:Local 漏洞等级: 漏洞信息 Apple Xcode is a development application for Macintosh OS X. A vulnerable version of Xcode was found on the target host. The update resolves the following security issues: - Multiple vulnerabilities existed in Git versions prior to 2.5.4.…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Bind incorrectly handled certain responses containing a DNAME answer. 漏洞危害 A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. 解决方案 Refer to Ubuntu advisory USN…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery (CSRF) attacks. It was discovered that the Mailman user options page did not protect against cross-site request forgery (C…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that the GD library incorrectly handled certain malformed Tiff images. It was discovered that the GD library incorrectly handled certain integers when processing WebP images. It was discovered that the GD library incorr…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that DBus incorrectly validated the source of ActivationFailure signals. It was discovered that DBus incorrectly handled certain format strings. 漏洞危害 A local attacker could use this issue to cause a denial of service. T…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that DBus incorrectly validated the source of ActivationFailure signals. It was discovered that DBus incorrectly handled certain format strings. 漏洞危害 A local attacker could use this issue to cause a denial of service. T…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 It was discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. It was discovered that Django incorrectly validated hosts when being run with the debug setting enabled. 漏洞危害 A remote attacker…
漏洞类别:Ubuntu漏洞等级: 漏洞信息 It was discovered that URLs of resources loaded after a navigation start could be leaked to the following page via the Resource Timing API. Multiple memory safety issues in Thunderbird. A heap buffer overflow during text conversion with s…
漏洞类别:Ubuntu 漏洞等级: 漏洞信息 A use-after-free was discovered in service workers. It was discovered that web content could access information in the HTTP cache in some circumstances. 漏洞危害 If a user were tricked in to opening a specially crafted website, an attacker c…
缺陷编号: WooYun-2016-219438 漏洞标题: 工商银行某网上缴费服务接口可通过单号遍历该缴费服务用户姓名&身份证号 相关厂商: 中国工商银行 漏洞作者: 路人甲 提交时间: 2016-06-15 13:28 公开时间: 2016-06-20 13:50 漏洞类型: 设计缺陷/逻辑错误 危害等级: 低 自评Rank: 5 漏洞状态: 漏洞已经通知厂商但是厂商忽略漏洞 漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 help@wooyun.org Tags标签:…
缺陷编号: WooYun-2016-219335 漏洞标题: 天天果园某平台表达式注入(已Getshell) 相关厂商: fruitday.com 漏洞作者: A1opex 提交时间: 2016-06-15 06:49 公开时间: 2016-06-20 07:40 漏洞类型: 命令执行 危害等级: 高 自评Rank: 20 漏洞状态: 漏洞已经通知厂商但是厂商忽略漏洞 漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 help@wooyun.org Tags标签: 表达式注入 18人…