cors漏洞来袭–一次财大气粗的src主站两千两百元的捡漏
护网的时候闲的没事干,我这条咸鱼也开始挖某财大气粗的src 懒得找什么子域名,小程序app,先看主站,xray被动一开,就报有cors漏洞,这种漏洞想要有危害,就是要找一个敏感接口并且此接口正好...
CVE-2014-5368: WordPress Plugin WP Content Source Control – Directory Traversal
漏洞标题 CVE-2014-5368: WordPress Plugin WP Content Source Control - Directory Traversal 漏洞描述 A directory traversal vulnerability in the file_get_contents function in downloadf...
CVE-2024-23917: JetBrains TeamCity > 2023.11.3 – Authentication Bypass
漏洞标题 CVE-2024-23917: JetBrains TeamCity > 2023.11.3 - Authentication Bypass 漏洞描述 In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible...
Nginx使用Lua模块实现WAF的原理解析_nginx
waf是通过执行一系列针对HTTP/HTTPS的安全策略来专门为Web应用提供保护的一款产品,本文重点给大家介绍Nginx使用Lua模块实现WAF的原理,需要的朋友参考下吧 目录一、WAF产生的背景二、什么是WAF...
CVE-2020-36731: Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update
漏洞标题 CVE-2020-36731: Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update 漏洞描述 The Flexible Checkout Fields for WooCommer...
CVE-2022-31706: VMware vRealize Log Insight – Path Traversal
漏洞标题 CVE-2022-31706: VMware vRealize Log Insight - Path Traversal 漏洞描述 he vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious a...
CVE-2021-44529: Ivanti EPM Cloud Services Appliance Code Injection
漏洞标题 CVE-2021-44529: Ivanti EPM Cloud Services Appliance Code Injection 漏洞描述 Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code inj...
Apache Druid 远程代码执行 (CVE-2021-25646)
漏洞标题 Apache Druid 远程代码执行 (CVE-2021-25646) 漏洞描述 Apache Druid 包括执行用户提供的 JavaScript 的功能嵌入在各种类型请求中的代码。此功能在用于高信任度环境中,默认已被禁用。...
CVE-2024-32735: CyberPower – Missing Authentication
漏洞标题 CVE-2024-32735: CyberPower - Missing Authentication 漏洞描述 An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise pri...
CVE-2022-31373: SolarView Compact 6.00 – Cross-Site Scripting
漏洞标题 CVE-2022-31373: SolarView Compact 6.00 - Cross-Site Scripting 漏洞描述 SolarView Compact 6.00 contains a cross-site scripting vulnerability via Solar_AiConf.php. An attack...
CVE-2019-2729: Oracle WebLogic Server Administration Console – Remote Code Execution
漏洞标题 CVE-2019-2729: Oracle WebLogic Server Administration Console - Remote Code Execution 漏洞描述 The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponen...
CVE-2020-14750: Oracle WebLogic Server – Remote Command Execution
漏洞标题 CVE-2020-14750: Oracle WebLogic Server - Remote Command Execution 漏洞描述 Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is suscepti...
CVE-2022-29081: Zoho ManageEngine – Access Control Bypass
漏洞标题 CVE-2022-29081: Zoho ManageEngine - Access Control Bypass 漏洞描述 Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before ...
CVE-2019-10758: mongo-express Remote Code Execution
漏洞标题 CVE-2019-10758: mongo-express Remote Code Execution 漏洞描述 mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method...
Apache Kylin API未授权访问漏洞(CVE-2020-13937)
漏洞标题 Apache Kylin API未授权访问漏洞(CVE-2020-13937) 漏洞描述 【漏洞对象】Apache Kylin 【涉及版本】Kylin 2.x.x,Kylin <= 3.1.0,Kylin 4.0.0-alpha【漏洞描述】Apache Kylin是一个...
CVE-2023-7028: GitLab – Account Takeover via Password Reset
漏洞标题 CVE-2023-7028: GitLab - Account Takeover via Password Reset 漏洞描述 An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 pr...
