CVE-2023-29887: Nuovo Spreadsheet Reader 0.5.11 – Local File Inclusion
漏洞标题 CVE-2023-29887: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion 漏洞描述 A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote...
记一次任意账号登录漏洞
一次任意用户登录漏洞记录: 一次偶然情况下, 发现在某app(app名称暂保密)中有个一键登录功能,由于一键登录不需要验证码、密码之类的校验,结合拦截的请求数据进行分析,发现可以通过更改请...
Apache Struts2(S2-062)远程代码执行漏洞(CVE-2021-31805)
漏洞标题 Apache Struts2(S2-062)远程代码执行漏洞(CVE-2021-31805) 漏洞描述 Apache Struts2框架是一个用于开发Java EE网络应用程序的Web框架。Apache Struts< 2.5.30存在OGNL表达式注入漏...
CVE-2010-2920: Joomla! Component Foobla Suggestions 1.5.1.2 – Local File Inclusion
漏洞标题 CVE-2010-2920: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Foobla Suggestions (com_foobla_sugge...
Chamilo存在命令执行漏洞(CVE-2023-34960)
漏洞标题 Chamilo存在命令执行漏洞(CVE-2023-34960) 漏洞描述 Chamilo是一款可供用户免费下载的学习管理软件,Chamilo存在命令执行漏洞,恶意攻击者可以通过构造的xml文件任意命令,进而控制服务...
CVE-2020-24550: EpiServer Find <13.2.7 - Open Redirect
漏洞标题 CVE-2020-24550: EpiServer Find <13.2.7 - Open Redirect 漏洞描述 EpiServer Find before 13.2.7 contains an open redirect vulnerability via the _t_redirect parameter in a ...
bugbounty技巧聚合20211221
漏洞报告 【Azbuka Vkusa 】 未经授权访问 http://hackerone.com/reports/963161 【Azbuka Vkusa 】重定向(基于 DOM) http://hackerone.com/reports/958864 挖洞技巧 从盲打 SSRF漏洞到发现一...
Atlassian Confluence CVE-2023-22527 远程命令执行漏洞
漏洞标题 Atlassian Confluence CVE-2023-22527 远程命令执行漏洞 漏洞描述 Atlassian Confluence存在远程命令执行漏洞,此漏洞是对用户的数据缺乏校验导致的。 PoC代码 暂无
CVE-2015-9406: mTheme Unus < 2.3 - Directory Traversal
漏洞标题 CVE-2015-9406: mTheme Unus < 2.3 - Directory Traversal 漏洞描述 The mTheme-Unus theme for WordPress, prior to version 2.3, contained a directory traversal flaw that let...
bugbounty技巧聚合20211220
漏洞报告 【Judge.me】 html 注入 http://hackerone.com/reports/1036995 【Flickr 】使用 AWS Cognito API 接管 Flickr 账户 http://hackerone.com/reports/1342088 【MTN Group】注册时邮件内...
(CVE-2022-0954) Microweber 权限控制不当漏洞
漏洞标题 (CVE-2022-0954) Microweber 权限控制不当漏洞 漏洞描述 (CVE-2022-0954) Microweber 权限控制不当漏洞 PoC代码 暂无
CVE-2022-44957: WebTareas 2.4p5 – Cross-Site Scripting
漏洞标题 CVE-2022-44957: WebTareas 2.4p5 - Cross-Site Scripting 漏洞描述 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clie...
CVE-2023-33510: Jeecg P3 Biz Chat – Local File Inclusion
漏洞标题 CVE-2023-33510: Jeecg P3 Biz Chat - Local File Inclusion 漏洞描述 Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters. PoC...
Ubuntu18.04更改apt源为阿里云源的详细过程_Linux
目录前言:Ubuntu18.04更改apt源为阿里云源ubuntu sudo update与upgrade的作用及区别总结前言: 看见Ubuntu新出了18.04版本感觉不错,装一个玩玩,虽然有很多教程可以参考,但我也给出一个不是...
CVE-2020-8512: IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting
漏洞标题 CVE-2020-8512: IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting 漏洞描述 IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability i...
CVE-2021-24862: WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection
漏洞标题 CVE-2021-24862: WordPress RegistrationMagic <5.0.1.6 - Authenticated SQL Injection 漏洞描述 WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated ...
