CVE-2022-30073: WBCE CMS 1.5.2 – Cross-Site Scripting
漏洞标题 CVE-2022-30073: WBCE CMS 1.5.2 - Cross-Site Scripting 漏洞描述 WBCE CMS 1.5.2 contains a stored cross-site scripting vulnerability via \admin\user\save.php Display Name pa...
CVE-2021-24849: WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
漏洞标题 CVE-2021-24849: WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection 漏洞描述 The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin...
CVE-2023-32243: WordPress Elementor Lite 5.7.1 – Arbitrary Password Reset
漏洞标题 CVE-2023-32243: WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset 漏洞描述 Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allo...
CVE-2010-4617: Joomla! Component JotLoader 2.2.1 – Local File Inclusion
漏洞标题 CVE-2010-4617: Joomla! Component JotLoader 2.2.1 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for J...
挖掘存储Xss时发现的小Tips
前言:一直以来在挖掘xss时总是被各种过滤,各种实体化转义。是真滴很难受,敢想连着几天兴冲冲奔着表单去,看着被过滤,转义的payload,用尽办法都过不去的心情。最后似乎有个声音在跟我说,能...
CVE-2024-25600: WordPress的Bricks主题存在远程命令执行
漏洞标题 CVE-2024-25600: WordPress的Bricks主题存在远程命令执行 漏洞描述 Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks B...
CVE-2017-3506: Oracle Fusion Middleware Weblogic Server – Remote OS Command Execution
漏洞标题 CVE-2017-3506: Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution 漏洞描述 The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Servic...
CVE-2017-5521: Bypassing Authentication on NETGEAR Routers
漏洞标题 CVE-2017-5521: Bypassing Authentication on NETGEAR Routers 漏洞描述 NETGEAR routers before 6.0.10 allow remote attackers to bypass authentication and gain access to the ro...
Apache Struts S2-053 ONGL表达式注入漏洞(CVE-2017-12611)
漏洞标题 Apache Struts S2-053 ONGL表达式注入漏洞(CVE-2017-12611) 漏洞描述 Apache Struts S2-053 ONGL表达式注入漏洞(CVE-2017-12611) PoC代码 暂无
CVE-2010-1714: Joomla! Component Arcade Games 1.0 – Local File Inclusion
漏洞标题 CVE-2010-1714: Joomla! Component Arcade Games 1.0 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 f...
CVE-2023-37462: XWiki Platform – Remote Code Execution
漏洞标题 CVE-2023-37462: XWiki Platform - Remote Code Execution 漏洞描述 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Im...
CVE-2022-0678: Microweber <1.2.11 - Cross-Site Scripting
漏洞标题 CVE-2022-0678: Microweber <1.2.11 - Cross-Site Scripting 漏洞描述 Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. Use...
(CVE-2022-1815) 之前GitHub存储库jgraph/drawio 输入验证漏洞
漏洞标题 (CVE-2022-1815) 之前GitHub存储库jgraph/drawio 输入验证漏洞 漏洞描述 (CVE-2022-1815) 之前GitHub存储库jgraph/drawio 输入验证漏洞 PoC代码 暂无
CVE-2023-38992: Jeecg-Boot v3.5.1 – SQL Injection
漏洞标题 CVE-2023-38992: Jeecg-Boot v3.5.1 - SQL Injection 漏洞描述 SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData in jeecg-boot v3.5.1. PoC代码
CVE-2021-24237: WordPress Realteo <=1.2.3 - Cross-Site Scripting
漏洞标题 CVE-2021-24237: WordPress Realteo <=1.2.3 - Cross-Site Scripting 漏洞描述 WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scri...
CVE-2014-8676: Simple Online Planning Tool <1.3.2 - Local File Inclusion
漏洞标题 CVE-2014-8676: Simple Online Planning Tool <1.3.2 - Local File Inclusion 漏洞描述 SOPlanning <1.32 contain a directory traversal in the file_get_contents function vi...
