CVE-2022-29078: Node.js Embedded JavaScript 3.1.6 – Template Injection
漏洞标题 CVE-2022-29078: Node.js Embedded JavaScript 3.1.6 - Template Injection 漏洞描述 Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via sett...
CVE-2020-25213: WordPress File Manager Plugin – Remote Code Execution
漏洞标题 CVE-2020-25213: WordPress File Manager Plugin - Remote Code Execution 漏洞描述 The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code executi...
CVE-2022-2174: microweber 1.2.18 – Cross-site Scripting
漏洞标题 CVE-2022-2174: microweber 1.2.18 - Cross-site Scripting 漏洞描述 Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. PoC代码
信息收集系列之指纹识别
0x01 前言 在渗透测试过程中,如何才能从大量的互联网资产中提取易受攻击的信息系统(例如VPN、邮服、CMS、OA、Shiro、Struts2等),逐渐成为信息收集中一个必不可少的环节。 0x2 工具调研 在线指...
Atlassian Confluence CVE-2023-22515 权限提升漏洞 (阶段1: 属性修改)
漏洞标题 Atlassian Confluence CVE-2023-22515 权限提升漏洞 (阶段1: 属性修改) 漏洞描述 Atlassian Confluence CVE-2023-22515 权限提升漏洞 (阶段1: 属性修改) 日期: 2024-02-07 | 影响软件:...
CVE-2021-41349: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting
漏洞标题 CVE-2021-41349: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting 漏洞描述 Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware t...
水一发:vip业务权限漏洞挖掘入门姿势实战
现在很多网站都是通过卖VIP会员盈利的,为了让用户更有购买欲望,有的时候会把内容展示一小部分,然后隐藏绝大多部分,让你看完一点还想看就忍不住付钱了:),产品经理的愿景是很美好的,但是...
CVE-2024-6926: Viral Signup <= 2.1 - SQL Injection
漏洞标题 CVE-2024-6926: Viral Signup <= 2.1 - SQL Injection 漏洞描述 The Viral Signup limited opt-in with viral referral sharing plugin for WordPress is vulnerable to SQL Inject...
CVE-2025-1661: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion
漏洞标题 CVE-2025-1661: HUSKY – Products Filter Professional for WooCommerce <= 1.3.6.5 - Unauthenticated Local File Inclusion 漏洞描述 The HUSKY – Products Filter Professiona...
CVE-2022-4321: PDF Generator for WordPress < 1.1.2 - Cross Site Scripting
漏洞标题 CVE-2022-4321: PDF Generator for WordPress < 1.1.2 - Cross Site Scripting 漏洞描述 The plugin includes a vendored dompdf example file which is susceptible to Reflected ...
CVE-2021-25075: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
漏洞标题 CVE-2021-25075: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting 漏洞描述 WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-sit...
Apache HTTPD 换行解析漏洞(CVE-2017-15715)
漏洞标题 Apache HTTPD 换行解析漏洞(CVE-2017-15715) 漏洞描述 Apache HTTPD 换行解析漏洞(CVE-2017-15715) PoC代码 暂无
503 service unavailable错误解决方案讲解_nginx
这篇文章主要介绍了503 service unavailable错误解决方案讲解,本篇文章通过简要的案例,讲解了该项技术的了解与使用,以下就是详细内容,需要的朋友可以参考下 1、打开网页访问出现503 service una...
CVE-2024-23897: Jenkins < 2.441 - Arbitrary File Read
漏洞标题 CVE-2024-23897: Jenkins < 2.441 - Arbitrary File Read 漏洞描述 Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser t...
CVE-2022-1933: WordPress CDI <5.1.9 - Cross Site Scripting
漏洞标题 CVE-2022-1933: WordPress CDI <5.1.9 - Cross Site Scripting 漏洞描述 WordPress CDI plugin prior to 5.1.9 contains a cross-site scripting vulnerability. The plugin does n...
CVE-2012-4032: WebsitePanel before v1.2.2.1 – Open Redirect
漏洞标题 CVE-2012-4032: WebsitePanel before v1.2.2.1 - Open Redirect 漏洞描述 Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers t...
