CVE-2022-21661: WordPress Core 5.8.2 – ‘WP_Query’ SQL注入信息泄露漏洞
漏洞标题 CVE-2022-21661: WordPress Core 5.8.2 - 'WP_Query' SQL注入信息泄露漏洞 漏洞描述 此漏洞允许远程攻击者泄露有关受影响的WordPress核心安装的敏感信息,Authentication 不...
CVE-2024-27956: WordPress Automatic Plugin <= 3.92.0 - SQL Injection
漏洞标题 CVE-2024-27956: WordPress Automatic Plugin <= 3.92.0 - SQL Injection 漏洞描述 The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and i...
CVE-2022-1119: WordPress Simple File List <3.2.8 - Local File Inclusion
漏洞标题 CVE-2022-1119: WordPress Simple File List <3.2.8 - Local File Inclusion 漏洞描述 WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the e...
CVE-2025-34152: Shenzhen Aitemi M300 Wi-Fi Repeater – Unauthenticated Remote Command Execution via `time` Parameter
漏洞标题 CVE-2025-34152: Shenzhen Aitemi M300 Wi-Fi Repeater – Unauthenticated Remote Command Execution via `time` Parameter 漏洞描述 An unauthenticated OS command injection vulne...
CVE-2021-21315: Node.JS System Information Library <5.3.1 - Remote Command Injection
漏洞标题 CVE-2021-21315: Node.JS System Information Library <5.3.1 - Remote Command Injection 漏洞描述 Node.JS System Information Library System before version 5.3.1 is suscepti...
CVE-2016-7834: Sony IPELA Engine IP Camera – Hardcoded Account
漏洞标题 CVE-2016-7834: Sony IPELA Engine IP Camera - Hardcoded Account 漏洞描述 Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded cred...
CVE-2024-13322: Ads Pro Plugin <= 4.88 - Unauthenticated SQL Injection
漏洞标题 CVE-2024-13322: Ads Pro Plugin <= 4.88 - Unauthenticated SQL Injection 漏洞描述 The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is...
CVE-2023-41763: Skype for Business 2019 (SfB) – Blind Server-side Request Forgery
漏洞标题 CVE-2023-41763: Skype for Business 2019 (SfB) - Blind Server-side Request Forgery 漏洞描述 Skype Pre-Auth Server-side Request Forgery (SSRF) vulnerability PoC代码
CVE-2020-36728: WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload
漏洞标题 CVE-2020-36728: WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload 漏洞描述 The Adning Advertising plugin for WordPress versions below 1.5.6 is vulnera...
CVE-2011-3600: Apache OFBiz – XML External Entity Injection
漏洞标题 CVE-2011-3600: Apache OFBiz - XML External Entity Injection 漏洞描述 The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Inj...
CVE-2010-2920: Joomla! Component Foobla Suggestions 1.5.1.2 – Local File Inclusion
漏洞标题 CVE-2010-2920: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Foobla Suggestions (com_foobla_sugge...
一次有意思的js未授权访问
前言: 今天分享的这个漏洞是在某项目中挖到的,当时这个漏洞点很多师傅也发现了,也在弄,只是我误打误撞先一步把数据包构造出来拿到了数据,最后拿到了赏金。所以感觉这洞的数据包构造还是有...
CVE-2022-25148: WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection
漏洞标题 CVE-2022-25148: WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection 漏洞描述 The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient ...
WAF Bypass小技巧
WAF Bypass小技巧 /actuator/env ---> 403 Forbidden /actuator;/env ---> 200 OK //actuator/env ---> 200 OK #火线Zone Tips# 本文迁移自知识星球“火线Zone” 文字来源于- 火线 Z...
CVE-2020-9496: Apache OFBiz 17.12.03 – Cross-Site Scripting
漏洞标题 CVE-2020-9496: Apache OFBiz 17.12.03 - Cross-Site Scripting 漏洞描述 Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an ...
bugbounty技巧聚合20210818
漏洞报告 MTN Grou #1060518 No rate limit in otp code sending Mail.ru #1255676 Blind XSS Stored and CORS misconfiguration в отчете 'События' сервиса top.mail.ru...
