Citrix ShareFile 存在代码注入漏洞(CVE-2023-24489)
漏洞标题 Citrix ShareFile 存在代码注入漏洞(CVE-2023-24489) 漏洞描述 Citrix旗下多款交付控制器和网关存在RCE漏洞,攻击者在无需身份验证的情况下就可执行任意命令。Citrix ShareFile存在代...
CVE-2023-4490: WordPress Job Portal < 2.0.6 - SQL Injection
漏洞标题 CVE-2023-4490: WordPress Job Portal < 2.0.6 - SQL Injection 漏洞描述 The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter bef...
CVE-2020-36112: CSE Bookstore 1.0 – SQL Injection
漏洞标题 CVE-2020-36112: CSE Bookstore 1.0 - SQL Injection 漏洞描述 CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injectio...
CVE-2020-12054: WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
漏洞标题 CVE-2020-12054: WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting 漏洞描述 WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripti...
CVE-2021-24245: WordPress Stop Spammers <2021.9 - Cross-Site Scripting
漏洞标题 CVE-2021-24245: WordPress Stop Spammers <2021.9 - Cross-Site Scripting 漏洞描述 WordPress Stop Spammers plugin before 2021.9 contains a reflected cross-site scripting v...
CVE-2023-34020: Uncanny Toolkit for LearnDash – Open Redirection
漏洞标题 CVE-2023-34020: Uncanny Toolkit for LearnDash - Open Redirection 漏洞描述 A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to...
CVE-2023-27637: PrestaShop `tshirtecommerce` Module – SQL Injection
漏洞标题 CVE-2023-27637: PrestaShop `tshirtecommerce` Module - SQL Injection 漏洞描述 The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via t...
CVE-2021-4191: GitLab GraphQL API User Enumeration
漏洞标题 CVE-2021-4191: GitLab GraphQL API User Enumeration 漏洞描述 An unauthenticated remote attacker can leverage this vulnerability to collect registered GitLab usernames, name...
CVE-2021-21234: Spring Boot Actuator Logview Directory Traversal
漏洞标题 CVE-2021-21234: Spring Boot Actuator Logview Directory Traversal 漏洞描述 spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability i...
CVE-2023-6875: WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass
漏洞标题 CVE-2023-6875: WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass 漏洞描述 The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP ...
CVE-2024-4434: LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection
漏洞标题 CVE-2024-4434: LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection 漏洞描述 The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to time-based ...
PDF解析器html/XSS 实现SSRF
上次安全小天地审核整理SSRF的时候找我沟通,聊到了PDF的SSRF,当时答应了找找之前的存档写个文档。遂写下改小菜文。大佬们勿喷。(文章写于去年,随便记录的文章,可能存在逻辑或者图片的丢失...
CVE-2023-6000: WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS
漏洞标题 CVE-2023-6000: WordPress Popup Builder <= 4.2.3 - Unauthenticated Stored XSS 漏洞描述 The Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors f...
CVE-2021-40651: OS4Ed OpenSIS Community 8.0 – Local File Inclusion
漏洞标题 CVE-2021-40651: OS4Ed OpenSIS Community 8.0 - Local File Inclusion 漏洞描述 OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.ph...
CVE-2010-2920: Joomla! Component Foobla Suggestions 1.5.1.2 – Local File Inclusion
漏洞标题 CVE-2010-2920: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Foobla Suggestions (com_foobla_sugge...
CVE-2010-1475: Joomla! Component Preventive And Reservation 1.0.5 – Local File Inclusion
漏洞标题 CVE-2010-1475: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Preventive & Reservation (...
