CVE-2019-2579: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 – SQL Injection
漏洞标题 CVE-2019-2579: Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection 漏洞描述 The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is ...
CVE-2012-2122: MySQL – Authentication Bypass
漏洞标题 CVE-2012-2122: MySQL - Authentication Bypass 漏洞描述 sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before 5.5.24, and 5.6.x before 5.6.6, and MariaDB 5.1.x be...
CVE-2022-0658: CommonsBooking < 2.6.8 - SQL Injection
漏洞标题 CVE-2022-0658: CommonsBooking < 2.6.8 - SQL Injection 漏洞描述 The plugin does not sanitise and escape the location parameter of the calendar_data AJAX action (availabl...
某鹅一次AK /SK 泄露导致拿下存储桶
第一次写文章师傅们 轻喷~ 起因 大二学生上课摸鱼,然后正常在测一些东西,emm 偶然在前端发现 发现了 AK 等字样~ 心里窃喜 洞要来了 ? !! 直接用现成的工具 就好 然后进一步利用的话 可以做...
CVE-2023-47253: Qualitor <= 8.20 - Remote Code Execution
漏洞标题 CVE-2023-47253: Qualitor <= 8.20 - Remote Code Execution 漏洞描述 Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/ad...
谷歌云 对象存储攻防
本文主要介绍谷歌云对象存储攻防的方式 1、存储桶配置错误-公开访问 当创建的存储桶配置了allUsers拥有GCS对象的读取权限时,该存储桶可以被任何用户公开访问 2、Bucket爆破 当不存在时访问会提...
CVE-2022-44877: Centos Web Panel 7 Unauthenticated Remote Code
漏洞标题 CVE-2022-44877: Centos Web Panel 7 Unauthenticated Remote Code 漏洞描述 Shodan: http.title:"Login | Control WebPanel" fofa: app="CWP-虚拟主机控制面板" ...
CVE-2008-6172: Joomla! Component RWCards 3.0.11 – Local File Inclusion
漏洞标题 CVE-2008-6172: Joomla! Component RWCards 3.0.11 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcard...
CVE-2022-23881: ZZZCMS zzzphp 2.1.0 – Remote Code Execution
漏洞标题 CVE-2022-23881: ZZZCMS zzzphp 2.1.0 - Remote Code Execution 漏洞描述 ZZZCMS zzzphp v2.1.0 is susceptible to a remote command execution vulnerability via danger_key() at zz...
CVE-2021-24452: WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting
漏洞标题 CVE-2021-24452: WordPress W3 Total Cache <2.1.5 - Cross-Site Scripting 漏洞描述 WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via ...
CVE-2024-57514: TP-Link Archer A20 v3 Router – Cross-site Scripting
漏洞标题 CVE-2024-57514: TP-Link Archer A20 v3 Router - Cross-site Scripting 漏洞描述 The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper h...
CVE-2010-20103: ProFTPd-1.3.3c – Backdoor Command Execution
漏洞标题 CVE-2010-20103: ProFTPd-1.3.3c - Backdoor Command Execution 漏洞描述 ProFTPD 1.3.3c contains a command injection backdoor caused by a hidden FTP command trigger in the sou...
CVE-2024-4940: Gradio – Open Redirect
漏洞标题 CVE-2024-4940: Gradio - Open Redirect 漏洞描述 An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an at...
Web应用中设置Context Path案例详解_Tomcat
这篇文章主要介绍了Web应用中设置Context Path案例详解,本篇文章通过简要的案例,讲解了该项技术的了解与使用,以下就是详细内容,需要的朋友可以参考下 URL:http://hostname.com/contextPath/ser...
CVE-2021-44427: Rosario Student Information System Unauthenticated SQL Injection
漏洞标题 CVE-2021-44427: Rosario Student Information System Unauthenticated SQL Injection 漏洞描述 An unauthenticated SQL injection vulnerability in Rosario Student Information Sys...
CVE-2014-3704: Drupal SQL Injection
漏洞标题 CVE-2014-3704: Drupal SQL Injection 漏洞描述 The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepar...
