CVE-2005-3344: Horde Groupware Unauthenticated Admin Access
漏洞标题 CVE-2005-3344: Horde Groupware Unauthenticated Admin Access 漏洞描述 Horde Groupware contains an administrative account with a blank password, which allows remote attacker...
CVE-2021-24291: WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting
漏洞标题 CVE-2021-24291: WordPress Photo Gallery by 10Web <1.5.69 - Cross-Site Scripting 漏洞描述 WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflect...
bugbounty技巧聚合20220106
漏洞报告 【8x8】XSS漏洞 http://hackerone.com/reports/1440161 【Mattermost 】 能够诱使受害者在特定会话中使用伪造的电子邮件地址,然后取回帐户 http://hackerone.com/reports/1357013 【T...
CVE-2018-16167: LogonTracer <=1.2.0 - Remote Command Injection
漏洞标题 CVE-2018-16167: LogonTracer <=1.2.0 - Remote Command Injection 漏洞描述 LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspe...
CVE-2022-4325: WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting
漏洞标题 CVE-2022-4325: WordPress Post Status Notifier Lite <1.10.1 - Cross-Site Scripting 漏洞描述 WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-sit...
CVE-2022-25084: TOTOLink T6 V5.9c.4085_B20190428 Command Injection
漏洞标题 CVE-2022-25084: TOTOLink T6 V5.9c.4085_B20190428 Command Injection 漏洞描述 TOTOLink 多个设备 download.cgi文件存在远程命令执行漏洞,攻击者通过构造特殊的请求可以获取服务器...
CVE-2024-7120: Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 – Command Injection
漏洞标题 CVE-2024-7120: Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90 - Command Injection 漏洞描述 A vulnerability, which was classified as critical, was found in Raisecom M...
CVE-2018-10738: Nagios XI before 5.4.13 SQL Inject
漏洞标题 CVE-2018-10738: Nagios XI before 5.4.13 SQL Inject 漏洞描述 Nagios XI before 5.4.13 SQL Inject PoC代码
CVE-2018-5316: WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting
漏洞标题 CVE-2018-5316: WordPress SagePay Server Gateway for WooCommerce <1.0.9 - Cross-Site Scripting 漏洞描述 WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is ...
CVE-2015-2755: WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting
漏洞标题 CVE-2015-2755: WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting 漏洞描述 WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cr...
CVE-2021-25052: WordPress Button Generator <2.3.3 - Remote File Inclusion
漏洞标题 CVE-2021-25052: WordPress Button Generator <2.3.3 - Remote File Inclusion 漏洞描述 WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows...
CVE-2011-3600: Apache OFBiz – XML External Entity Injection
漏洞标题 CVE-2011-3600: Apache OFBiz - XML External Entity Injection 漏洞描述 The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Inj...
CVE-2020-12832: WordPress Simple File List – Path Traversal
漏洞标题 CVE-2020-12832: WordPress Simple File List - Path Traversal 漏洞描述 Simple File List plugin allows path traversal via file upload, enabling files to be written outside th...
CVE-2013-2251: Apache Struts 2 – DefaultActionMapper Prefixes OGNL Code Execution (S2-016)
漏洞标题 CVE-2013-2251: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (S2-016) 漏洞描述 In Struts 2 before 2.3.15.1 the information following "action:&quo...
Atlassian Jira XSS(CVE-2018-20824)
漏洞标题 Atlassian Jira XSS(CVE-2018-20824) 漏洞描述 Jira7.13.1版本之前的WallboardServlet资源允许远程攻击者通过cyclePeriod参数中的跨站点脚本漏洞注入任意HTML或JavaScript。 PoC代码 ...
CVE-2021-24931: WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection
漏洞标题 CVE-2021-24931: WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection 漏洞描述 WordPress Secure Copy Content Protection and Content Lockin...
