CVE-2022-29455-headless: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
漏洞标题 CVE-2022-29455-headless: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting 漏洞描述 WordPress Elementor Website Builder plugin 3.5.5 and prior con...
CVE-2022-2314: WordPress VR Calendar <=2.3.2 - Remote Code Execution
漏洞标题 CVE-2022-2314: WordPress VR Calendar <=2.3.2 - Remote Code Execution 漏洞描述 WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The pl...
CVE-2023-46347: PrestaShop Step by Step products Pack – SQL Injection
漏洞标题 CVE-2023-46347: PrestaShop Step by Step products Pack - SQL Injection 漏洞描述 In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design ...
CVE-2024-7591: Kemp LoadMaster Load Balancer – Unauthenticated Command Injection
漏洞标题 CVE-2024-7591: Kemp LoadMaster Load Balancer - Unauthenticated Command Injection 漏洞描述 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command ...
CVE-2024-13126: WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure
漏洞标题 CVE-2024-13126: WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure 漏洞描述 The WordPress Download Manager plugin before version 3.3.07 does not preven...
CVE-2021-44910: SpringBlade – Information Leakage
漏洞标题 CVE-2021-44910: SpringBlade - Information Leakage 漏洞描述 SpringBlade is a comprehensive project upgraded and optimized from a commercial-grade project, featuring both a ...
CVE-2018-10738: Nagios XI before 5.4.13 SQL Inject
漏洞标题 CVE-2018-10738: Nagios XI before 5.4.13 SQL Inject 漏洞描述 Nagios XI before 5.4.13 SQL Inject PoC代码
CVE-2021-35250: SolarWinds Serv-U 15.3 – Directory Traversal
漏洞标题 CVE-2021-35250: SolarWinds Serv-U 15.3 - Directory Traversal 漏洞描述 SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to ...
CVE-2023-36934: MOVEit Transfer – SQL Injection
漏洞标题 CVE-2023-36934: MOVEit Transfer - SQL Injection 漏洞描述 In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2...
CVE-2022-0234: WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting
漏洞标题 CVE-2022-0234: WordPress WOOCS < 1.3.7.5 - Cross-Site Scripting 漏洞描述 WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does n...
CVE-2023-4666: Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload
漏洞标题 CVE-2023-4666: Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload 漏洞描述 The plugin does not validate signatures when creating them on the server from user ...
CVE-2023-30943: Moodle – Cross-Site Scripting/Remote Code Execution
漏洞标题 CVE-2023-30943: Moodle - Cross-Site Scripting/Remote Code Execution 漏洞描述 The vulnerability was found Moodle which exists because the application allows a user to contr...
一次小程序端接口越权的分析
之前在挖一个src的时候,有一个资产是小程序 抓包如下 根据地址id查看收货地址 注意到请求里没有cookie,然后url里面这个digest字段比较奇怪,所有的接口都是根据这个参数鉴权的,一般不都应该...
CVE-2010-1952: Joomla! Component BeeHeard 1.0 – Local File Inclusion
漏洞标题 CVE-2010-1952: Joomla! Component BeeHeard 1.0 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_bee...
bugbounty技巧聚合20211213
漏洞报告 微软和 GitHub OAuth 实施漏洞导致重定向攻击 http://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection 挖洞...
CVE-2024-34102: Adobe Commerce & Magento – CosmicSting
漏洞标题 CVE-2024-34102: Adobe Commerce & Magento - CosmicSting 漏洞描述 Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Res...
