WooYun.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="x-ua-compatible" content="ie=7">
<title> WooYun.org | 最新公开漏洞 </title>
<meta name="author" content="80sec">
<meta name="copyright" content="http://www.wooyun.org/">
<meta name="keywords" content=",wooyun,应用安全,web安全,系统安全,网络安全,漏洞公布,漏洞报告,安全资讯。">
<meta name="description" content="WooYun是一个位于厂商和安全研究者之间的漏洞报告平台,注重尊重,进步,与意义">
<link rel="icon" href="http://www.wooyun.org/favicon.ico" sizes="32x32">
<link href="WooYun_files/style.css" rel="stylesheet" type="text/css">
<script src="WooYun_files/jquery-1.js" type="text/javascript"></script>
<script src="WooYun_files/logger.js"></script><link type="text/css" rel="stylesheet" href="WooYun_files/bdsstyle.css"></head>

<body><iframe style="display: none;" frameborder="0"></iframe>

<style>
#myBugListTab { position:relative; display:inline; border:none }
#myBugList { position:absolute; display:none; margin-left:309px; * margin-left:-60px; * margin-top:18px ; border:#c0c0c0 1px solid; padding:2px 7px; background:#FFF }
#myBugList li { text-align:left }
</style>
<script type="text/javascript">
$(document).ready(function(){

	if ( $("#__cz_push_d_object_box__") ) {
		$("script[src^='http://cip4.czpush.com/']").attr("src"," ").remove();
		$("#__cz_push_d_object_box__").empty().remove();
		$("a[id^='__czUnion_a']").attr("href","#").remove();
	}

	if ( $("#ooDiv") ) {
		$("#ooDiv").empty().parent("div").remove();
	}

	$("#myBugListTab").toggle(
		function(){
			$("#myBugList").css("display","block");
		},
		function(){
			$("#myBugList").css("display","none");
		}
	);

	if ( $(window).scrollTop() > 120 ) {
		$("#back-to-top").fadeIn(300);
	} else {
		$("#back-to-top").fadeOut(300);
	} 

	$(window).scroll(function(){
		if ( $(window).scrollTop() > 120 ) {
			$("#back-to-top").fadeIn(300);
		} else {
			$("#back-to-top").fadeOut(300);
		} 
	});

	$("#back-to-top a").click(function() {
		$('body,html').animate({scrollTop:0},300);
		return false;
	});

	$("#go-to-comment a").click(function() {
		var t = $("#replys").offset().top - 52;
		$('body,html').animate({scrollTop:t},300);
		return false;
	});

});

function gofeedback(){
	var bugid=$("#fbid").val();
	if(bugid){
		var url="/feedback.php?bugid="+bugid;
	}else{
		var url="/feedback.php"
	}
	window.open(url);
}
</script>

	<div class="go-to-wrapper">
		<ul class="go-to">
		    <li id="go-to-comment" title="转到评论"><a href="#">转到评论</a></li>
		    <li id="go-to-feedback" title="我要反馈"><a href="javascript:void(0)" onclick="gofeedback()">我要反馈</a></li>
		    <li id="back-to-top" title="回到顶部"><a href="#">回到顶部</a></li>
		</ul>
	</div>
	<div class="banner">
		<div class="logo">
		<h1>WooYun.org</h1>
		<div class="weibo"><iframe allowtransparency="true" marginwidth="0" marginheight="0" scrolling="no" border="0" src="WooYun_files/followbutton.html" frameborder="0" height="24" width="136"></iframe>
		</div>
		<div class="wxewm">
			<a class="ewmthumb" href="javascript:void(0)"><span><img src="WooYun_files/ewm.jpg" border="0" width="220"></span><img src="WooYun_files/weixin_30.png" border="0" width="22"></a>
		</div>
		</div>
		
				<div class="login">
					<a href="http://www.wooyun.org/user.php?action=login">登录</a> | <a href="http://www.wooyun.org/user.php?action=register" class="reg">注册</a>
				</div>
				</div>

	<div class="nav" id="nav_sc">
		<ul>
			<li><a href="http://www.wooyun.org/index.php">首页</a></li>
			<li><a href="http://www.wooyun.org/corps/">厂商列表</a></li>
			<li><a href="http://www.wooyun.org/whitehats/">白帽子</a></li>
			<li><a href="http://www.wooyun.org/top/">乌云榜</a></li> 
            <li><a href="http://www.wooyun.org/teams/">团队</a></li>
            <li><a href="http://www.wooyun.org/bugs/">漏洞列表</a></li>
			<li class="new"><a href="http://www.wooyun.org/bug/submit">提交漏洞</a></li>
			<!--li><a href="/corp_actions">厂商活动</a></li-->
			<!--<li><a target='_blank' href="http://security.wooyun.org/">安全中心</a></li>-->
			<li><a href="http://summit.wooyun.org/" target="_blank" style="color:rgb(246,172,110);font-size:14px;font-weight:blod">乌云峰会</a></li>
			<!--li><a href="/job/">企业招聘</a></li-->
						<li><a href="http://job.wooyun.org/" target="_blank">乌云招聘</a></li>
						<li><a href="http://drops.wooyun.org/" target="_blank">知识库</a></li>
						<li><a href="http://www.wooyun.org/notice/">公告</a></li>
		</ul>
        <form action="/searchbug.php" method="post" id="searchbox">
            <input name="q" id="search_input" type="text">
            <input value="搜索" id="search_button" type="submit">
        </form>
	</div>

	<div class="bread" style="padding-top: 4px;">
		<div style="float:left">当前位置：<a href="http://www.wooyun.org/index.php">WooYun</a> &gt;&gt; <a href="http://www.wooyun.org/bugs/new_public">最新公开</a></div>
			</div>
<script type="text/javascript">

$(function(){

	
	$(".listTable tbody tr").hover(function(){
		
		$(this).css("background","#EBEBEB");

	},function(){
	
		$(this).css("background","none");

	});

});

</script>
	
	<div class="content">

		<h3><a href="#">最新公开</a></h3>

		<table class="listTable">
			<thead>
				<tr>
					<th width="90">提交日期</th>
					<td width="730">漏洞标题</td>
					<th width="70">评论／关注</th>
					<th width="60">作者</th>
				</tr>
			</thead>
			<tbody>

								<tr style="background: transparent none repeat scroll 0% 0%;">
					<th>2016-04-28</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0202886">宝马某地区用户体系不严涉及意向购车客户信息/CRM系统/宝马内部车价</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0202886#comment">8/13</a></th>
					<th><a title="隔壁小王" href="http://www.wooyun.org/whitehats/%E9%9A%94%E5%A3%81%E5%B0%8F%E7%8E%8B">隔壁小...</a></th>
				</tr>
								<tr style="background: transparent none repeat scroll 0% 0%;">
					<th>2016-04-29</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0203510">搜狐焦点主站Blind XXE利用Cloudeye神器测试</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0203510#comment">5/27</a></th>
					<th><a title="荒废的腰子" href="http://www.wooyun.org/whitehats/%E8%8D%92%E5%BA%9F%E7%9A%84%E8%85%B0%E5%AD%90">荒废的...</a></th>
				</tr>
								<tr style="background: transparent none repeat scroll 0% 0%;">
					<th>2016-04-27</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0201806">甘肃卫生厅多个系统漏洞可GetShell可内网（涉及全省千万级用户医疗信息/姓名/住址/病诊/企业信息/药品配送等信息）</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0201806#comment">0/15</a></th>
					<th><a title="路人甲" href="http://www.wooyun.org/whitehats/%E8%B7%AF%E4%BA%BA%E7%94%B2">路人甲</a></th>
				</tr>
								<tr style="background: transparent none repeat scroll 0% 0%;">
					<th>2016-06-08</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0217072">安智网某站SQL注入到Getshell</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0217072#comment">0/7</a></th>
					<th><a title="depycode" href="http://www.wooyun.org/whitehats/depycode">depyco...</a></th>
				</tr>
								<tr>
					<th>2016-06-12</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0218421">腾讯某论坛存在SSRF漏洞（附批量捡漏脚本）</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0218421#comment">18/113</a></th>
					<th><a title="猪猪侠" href="http://www.wooyun.org/whitehats/%E7%8C%AA%E7%8C%AA%E4%BE%A0">猪猪侠</a></th>
				</tr>
								<tr>
					<th>2016-03-11</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0183200">CodeIgniter框架内核设计缺陷可能导致任意代码执行</a>
					                    										<img src="WooYun_files/m2.png" alt="" class="credit">
										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0183200#comment">17/141</a></th>
					<th><a title="phith0n" href="http://www.wooyun.org/whitehats/phith0n">phith0...</a></th>
				</tr>
								<tr>
					<th>2016-03-11</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0182986">Panabit某流量分析管理系统十处命令执行（无需登录）</a>
					                    										<img src="WooYun_files/m2.png" alt="" class="credit">
										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0182986#comment">6/21</a></th>
					<th><a title="komas" href="http://www.wooyun.org/whitehats/komas">komas</a></th>
				</tr>
								<tr>
					<th>2016-04-29</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0203437">杭州银行某站点命令执行可威胁内网</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0203437#comment">0/3</a></th>
					<th><a title="路人甲" href="http://www.wooyun.org/whitehats/%E8%B7%AF%E4%BA%BA%E7%94%B2">路人甲</a></th>
				</tr>
								<tr>
					<th>2016-04-28</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0203048">利用网易一处XXE盲注演示如何通过cloudeye配合实现文件内容读取</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0203048#comment">2/60</a></th>
					<th><a title="sanwenkit" href="http://www.wooyun.org/whitehats/sanwenkit">sanwen...</a></th>
				</tr>
								<tr>
					<th>2016-04-27</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0202129">(千岛湖)淳安网上售票某处存在sql注入涉及百万信息（姓名/手机号/身份证/座位号/价格等）</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0202129#comment">0/5</a></th>
					<th><a title="路人甲" href="http://www.wooyun.org/whitehats/%E8%B7%AF%E4%BA%BA%E7%94%B2">路人甲</a></th>
				</tr>
								<tr>
					<th>2016-04-27</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0202123">江阴汽车客运站购票站点存在漏洞涉及1300W订票记录（姓名/座位号/出行时间/身份证等100多字段信息）</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0202123#comment">0/3</a></th>
					<th><a title="路人甲" href="http://www.wooyun.org/whitehats/%E8%B7%AF%E4%BA%BA%E7%94%B2">路人甲</a></th>
				</tr>
								<tr>
					<th>2016-04-27</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0202112">旅游专场安徽省合肥汽车客运某站点存在SQL注入涉及百万敏感信息（姓名/手机号/邮箱/出行时间等）</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0202112#comment">0/3</a></th>
					<th><a title="路人甲" href="http://www.wooyun.org/whitehats/%E8%B7%AF%E4%BA%BA%E7%94%B2">路人甲</a></th>
				</tr>
								<tr>
					<th>2016-04-29</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0203224">长安责任保险某系统后台弱口令可Getshell导致数据库信息泄露</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0203224#comment">0/4</a></th>
					<th><a title="路人甲" href="http://www.wooyun.org/whitehats/%E8%B7%AF%E4%BA%BA%E7%94%B2">路人甲</a></th>
				</tr>
								<tr>
					<th>2016-04-27</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0202372">神器而已之华为两个站点命令执行（另一种姿势）</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0202372#comment">7/38</a></th>
					<th><a title="路人甲" href="http://www.wooyun.org/whitehats/%E8%B7%AF%E4%BA%BA%E7%94%B2">路人甲</a></th>
				</tr>
								<tr>
					<th>2016-04-28</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0203178">12306某站远程命令执行</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0203178#comment">26/84</a></th>
					<th><a title="光棍节" href="http://www.wooyun.org/whitehats/%E5%85%89%E6%A3%8D%E8%8A%82">光棍节</a></th>
				</tr>
								<tr>
					<th>2016-06-08</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0217401">中国人民银行征信中心某站点远程命令执行GetShell影响大量企业数据（影响内网安全）</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0217401#comment">0/16</a></th>
					<th><a title="路人甲" href="http://www.wooyun.org/whitehats/%E8%B7%AF%E4%BA%BA%E7%94%B2">路人甲</a></th>
				</tr>
								<tr>
					<th>2016-04-29</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0199337">雷柏后台登录日志敏感信息泄露8000+苹果用户/QQ用户密码泄露</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0199337#comment">5/11</a></th>
					<th><a title="小龙" href="http://www.wooyun.org/whitehats/%E5%B0%8F%E9%BE%99">小龙</a></th>
				</tr>
								<tr>
					<th>2016-04-27</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0201653">中国移动10086.cn某子站命令执行可威胁内网</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0201653#comment">1/9</a></th>
					<th><a title="路人甲" href="http://www.wooyun.org/whitehats/%E8%B7%AF%E4%BA%BA%E7%94%B2">路人甲</a></th>
				</tr>
								<tr>
					<th>2016-04-28</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0203274">顺丰速运某重要系统任意密码重置</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0203274#comment">0/6</a></th>
					<th><a title="Looke" href="http://www.wooyun.org/whitehats/Looke">Looke</a></th>
				</tr>
								<tr>
					<th>2016-04-28</th>
					<td><a href="http://www.wooyun.org/bugs/wooyun-2016-0203147">APP安全之朋友印象一处无效xss爆破导致www后台被登录(100万设备/150万用户/1000万微信用户/核心功能可修改用户密码)</a>
					                    										</td>
					<th><a title="评论一下" href="http://www.wooyun.org/bugs/wooyun-2016-0203147#comment">8/34</a></th>
					<th><a title="小龙" href="http://www.wooyun.org/whitehats/%E5%B0%8F%E9%BE%99">小龙</a></th>
				</tr>
				
			</tbody>
		</table>
		
		<p class="page">共 39937 条纪录, 1997 页&nbsp;&nbsp; 
				<a class="current" href="http://www.wooyun.org/bugs/new_public/page/1">1</a>
				<a href="http://www.wooyun.org/bugs/new_public/page/2">2</a>
				<a href="http://www.wooyun.org/bugs/new_public/page/3">3</a>
				<a href="http://www.wooyun.org/bugs/new_public/page/4">4</a>
				<a href="http://www.wooyun.org/bugs/new_public/page/5">5</a>
				</p>

	</div>

	<div id="footer">
        <span class="copyright fleft">
    		Copyright © 2010 - 2016 <a href="#">wooyun.org</a>, All Rights Reserved
    		<a href="http://www.miibeian.gov.cn/">京ICP备15041338号-1</a>
    		<!--a href="http://sae.sina.com.cn" target="_blank"><img src="/images/sae_bottom_logo.png" title="Powered by Sina App Engine"></a-->
    	</span>
        <span class="other fright">
                        <a href="http://www.wooyun.org/impression">行业观点</a>
            · <a href="http://www.wooyun.org/lawer">法律顾问</a>
            · <a href="http://www.wooyun.org/contactus">联系我们</a>
            · <a href="http://www.wooyun.org/help">帮助</a>
            · <a href="http://www.wooyun.org/about">关于</a>
        </span>
    </div>
	<script type="text/javascript">
	var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
	document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fc12f88b5c1cd041a732dea597a5ec94c' type='text/javascript'%3E%3C/script%3E"));
	</script><script src="WooYun_files/h.js" type="text/javascript"></script>
    <script src="WooYun_files/bds_s_v2.js" type="text/javascript" id="bdshare_js" data="type=button"></script>
    
    <script type="text/javascript">
        document.getElementById("bdshell_js").src = "http://bdimg.share.baidu.com/static/js/shell_v2.js?cdnversion=" + new Date().getHours();
        
        if (top.location !== self.location) top.location=self.location;
    </script>

</body></html>