CVE-2022-41840: Welcart eCommerce <= 2.7.7 - Unauth Directory Traversal
漏洞标题 CVE-2022-41840: Welcart eCommerce <= 2.7.7 - Unauth Directory Traversal 漏洞描述 Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on Wo...
CVE-2022-22897: PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection
漏洞标题 CVE-2022-22897: PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection 漏洞描述 A SQL injection vulnerability in the product_all_one_img and image_product parameters of the...
Acmailer 邮件系统 init_ctl.cgi 文件 sendmail_path 参数远程命令执行漏洞(CVE-2021-20617)
漏洞标题 Acmailer 邮件系统 init_ctl.cgi 文件 sendmail_path 参数远程命令执行漏洞(CVE-2021-20617) 漏洞描述 Acmailer 是一款用于支持邮件服务的CGI软件。Acmailer 4.0.2版本及之前版本存...
CVE-2023-4151: Store Locator WordPress < 1.4.13 - Cross-Site Scripting
漏洞标题 CVE-2023-4151: Store Locator WordPress < 1.4.13 - Cross-Site Scripting 漏洞描述 The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid...
CVE-2010-0972: Joomla! Component com_gcalendar Suite 2.1.5 – Local File Inclusion
漏洞标题 CVE-2010-0972: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2...
CVE-2020-19295: Jeesns 1.4.2 – Cross-Site Scripting
漏洞标题 CVE-2020-19295: Jeesns 1.4.2 - Cross-Site Scripting 漏洞描述 Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attacker...
CVE-2010-2036: Joomla! Component Percha Fields Attach 1.0 – Directory Traversal
漏洞标题 CVE-2010-2036: Joomla! Component Percha Fields Attach 1.0 - Directory Traversal 漏洞描述 A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsa...
CVE-2022-29078: Node.js Embedded JavaScript 3.1.6 – Template Injection
漏洞标题 CVE-2022-29078: Node.js Embedded JavaScript 3.1.6 - Template Injection 漏洞描述 Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via sett...
CVE-2020-15568: TerraMaster TOS v4.1.24 RCE
漏洞标题 CVE-2020-15568: TerraMaster TOS v4.1.24 RCE 漏洞描述 TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic c...
CVE-2022-2174: microweber 1.2.18 – Cross-site Scripting
漏洞标题 CVE-2022-2174: microweber 1.2.18 - Cross-site Scripting 漏洞描述 Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. PoC代码
bugbounty技巧聚合20220114
漏洞报告 【 Lark Technologies】[IDOR] 通过reminderId参数修改其他团队的提醒 http://hackerone.com/reports/946323 【Adobe】在配置文件中泄露 github 访问令牌 http://hackerone.com/report...
CVE-2022-3124: Frontend File Manager < 21.3 - Unauthenticated File Renaming
漏洞标题 CVE-2022-3124: Frontend File Manager < 21.3 - Unauthenticated File Renaming 漏洞描述 The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenti...
CVE-2007-3010: Alcatel-Lucent OmniPCX – Remote Command Execution
漏洞标题 CVE-2007-3010: Alcatel-Lucent OmniPCX - Remote Command Execution 漏洞描述 The OmniPCX web interface has a script "masterCGI" with a remote command execution vuln...
CVE-2022-45805: WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection
漏洞标题 CVE-2022-45805: WordPress Paytm Payment Gateway <=2.7.3 - SQL Injection 漏洞描述 WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerabi...
CVE-2018-18069: WordPress sitepress-multilingual-cms 3.6.3 – Cross-Site Scripting
漏洞标题 CVE-2018-18069: WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting 漏洞描述 WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site sc...
CVE-2020-25213: WordPress File Manager Plugin – Remote Code Execution
漏洞标题 CVE-2020-25213: WordPress File Manager Plugin - Remote Code Execution 漏洞描述 The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code executi...
