云记
CVE-2025-30220: GeoServer WFS – XXE Processing Vulnerability
漏洞标题 CVE-2025-30220: GeoServer WFS - XXE Processing Vulnerability 漏洞描述 GeoServer Web Feature Service (WFS) is vulnerable to an XML External Entity (XXE) processing attack d...
CVE-2021-25161: Aruba Instant Access Point (IAP) – Cross-Site Scripting
漏洞标题 CVE-2021-25161: Aruba Instant Access Point (IAP) - Cross-Site Scripting 漏洞描述 A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Acc...
CVE-2023-0942: WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting
漏洞标题 CVE-2023-0942: WordPress Japanized for WooCommerce <2.5.5 - Cross-Site Scripting 漏洞描述 WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cros...
CVE-2022-29464: WSO2 Management – Arbitrary File Upload & Remote Code Execution
漏洞标题 CVE-2022-29464: WSO2 Management - Arbitrary File Upload & Remote Code Execution 漏洞描述 Certain WSO2 products allow unrestricted file upload with resultant remote cod...
CVE-2022-23898: MCMS 5.2.5 – SQL Injection
漏洞标题 CVE-2022-23898: MCMS 5.2.5 - SQL Injection 漏洞描述 MCMS 5.2.5 contains a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. An attacker...
CVE-2021-24169: WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting
漏洞标题 CVE-2021-24169: WordPress Advanced Order Export For WooCommerce <3.1.8 - Authenticated Cross-Site Scripting 漏洞描述 WordPress Advanced Order Export For WooCommerce plu...
CVE-2020-15568: TerraMaster TOS v4.1.24 RCE
漏洞标题 CVE-2020-15568: TerraMaster TOS v4.1.24 RCE 漏洞描述 TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic c...
CVE-2017-18529: PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting
漏洞标题 CVE-2017-18529: PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting 漏洞描述 The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. PoC代码
CVE-2021-37416: Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
漏洞标题 CVE-2021-37416: Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting 漏洞描述 Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cro...
CVE-2013-7285: XStream <1.4.6/1.4.10 - Remote Code Execution
漏洞标题 CVE-2013-7285: XStream <1.4.6/1.4.10 - Remote Code Execution 漏洞描述 Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security frame...
奇葩漏洞面面观
下载地址:http://i0x0fy4ibf.feishu.cn/file/boxcnP2siX6p3DN3YjKEomok3kb 简介 0x00 众里寻他千百度 0x01 精骛八极,心游万仞 0x02 天下大事,必作于细 0x03 不破楼兰终不还 0x04 工欲善其事,...
CVE-2023-20864: VMware Aria Operations for Logs – Unauthenticated Remote Code Execution
漏洞标题 CVE-2023-20864: VMware Aria Operations for Logs - Unauthenticated Remote Code Execution 漏洞描述 VMware Aria Operations for Logs contains a deserialization vulnerability. ...
一次奇葩的任意用户登录
在安全小天地测试某src时发现一个界面,域名为xxxa.xxx.com,是一个登录界面,发现该界面支持使用手机号登录以及注册功能,测试后发现该网站使用的短信验证码为123456 因此用脚趾头都能想出来的...
CVE-2019-9193: PostgreSQL 9.3-12.3 Authenticated Remote Code Execution
漏洞标题 CVE-2019-9193: PostgreSQL 9.3-12.3 Authenticated Remote Code Execution 漏洞描述 In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superu...
CVE-2018-9845: Etherpad Lite <1.6.4 - Admin Authentication Bypass
漏洞标题 CVE-2018-9845: Etherpad Lite <1.6.4 - Admin Authentication Bypass 漏洞描述 Etherpad Lite before 1.6.4 is exploitable for admin access. PoC代码
CVE-2015-3337: Elasticsearch – Local File Inclusion
漏洞标题 CVE-2015-3337: Elasticsearch - Local File Inclusion 漏洞描述 Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecif...
