CVE-2024-33113: D-LINK DIR-845L bsc_sms_inbox.php file – Information Disclosure
漏洞标题 CVE-2024-33113: D-LINK DIR-845L bsc_sms_inbox.php file - Information Disclosure 漏洞描述 D-LINK DIR-845L <=v1.01KRb03 is vulnerable to Information disclosurey via bsc_s...
CVE-2020-28188: TerraMaster TOS – Unauthenticated Remote Command Execution
漏洞标题 CVE-2020-28188: TerraMaster TOS - Unauthenticated Remote Command Execution 漏洞描述 TerraMaster TOS <= 4.2.06 is susceptible to a remote code execution vulnerability wh...
(CVE-2024-50623) Cleo Harmony/VLTrader/LexiCom 无限制文件上传下载 远程代码执行漏洞
漏洞标题 (CVE-2024-50623) Cleo Harmony/VLTrader/LexiCom 无限制文件上传下载 远程代码执行漏洞 漏洞描述 (CVE-2024-50623) Cleo Harmony/VLTrader/LexiCom 无限制文件上传下载 远程代码执行...
CVE-2021-24510: WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
漏洞标题 CVE-2021-24510: WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting 漏洞描述 WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting...
CVE-2021-25111: WordPress English Admin <1.5.2 - Open Redirect
漏洞标题 CVE-2021-25111: WordPress English Admin <1.5.2 - Open Redirect 漏洞描述 WordPress English Admin plugin before 1.5.2 contains an open redirect vulnerability. The plugin ...
CVE-2022-45037: WBCE CMS v1.5.4 – Cross Site Scripting (Stored)
漏洞标题 CVE-2022-45037: WBCE CMS v1.5.4 - Cross Site Scripting (Stored) 漏洞描述 A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows att...
Acmailer 邮件系统 init_ctl.cgi 文件 sendmail_path 参数远程命令执行漏洞(CVE-2021-20617)
漏洞标题 Acmailer 邮件系统 init_ctl.cgi 文件 sendmail_path 参数远程命令执行漏洞(CVE-2021-20617) 漏洞描述 Acmailer 是一款用于支持邮件服务的CGI软件。Acmailer 4.0.2版本及之前版本存...
CVE-2022-4117: WordPress IWS Geo Form Fields <=1.0 - SQL Injection
漏洞标题 CVE-2022-4117: WordPress IWS Geo Form Fields <=1.0 - SQL Injection 漏洞描述 WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The...
CVE-2021-45027: Oliver 5 Library Server <8.00.008.053 - Local File Inclusion
漏洞标题 CVE-2021-45027: Oliver 5 Library Server <8.00.008.053 - Local File Inclusion 漏洞描述 Oliver 5 Library Server versions prior to 8.00.008.053 are vulnerable to local fil...
CVE-2021-22911: Rocket.Chat <=3.13 - NoSQL Injection
漏洞标题 CVE-2021-22911: Rocket.Chat <=3.13 - NoSQL Injection 漏洞描述 Rocket.Chat 3.11, 3.12 and 3.13 contains a NoSQL injection vulnerability which allows unauthenticated acce...
CVE-2018-14918: LOYTEC LGATE-902 6.3.2 – Local File Inclusion
漏洞标题 CVE-2018-14918: LOYTEC LGATE-902 6.3.2 - Local File Inclusion 漏洞描述 LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manip...
bugbounty技巧聚合20220218
漏洞报告 子域名接管 750$ http://hackerone.com/reports/1474784 挖洞技巧 SSRF读取元数据RCE http://cloud.tencent.com/developer/article/1423222 Zabbix - 不安全会话存储的案例研究 http:/...
CVE-2010-1429: Red Hat JBoss Enterprise Application Platform – Sensitive Information Disclosure
漏洞标题 CVE-2010-1429: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure 漏洞描述 Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP0...
CVE-2010-4769: Joomla! Component Jimtawl 1.0.2 – Local File Inclusion
漏洞标题 CVE-2010-4769: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! all...
CVE-2024-35693: WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting
漏洞标题 CVE-2024-35693: WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting 漏洞描述 Code for Recovery 12 Step Meeting List versions up to 3.14.33 contain a...
bugbounty技巧聚合20211124
漏洞报告 【XVIDEOS 】No-Rate limit of current password on delete account endpoint(http://www.xvideos.com/account/close) http://hackerone.com/reports/1392287 【DigitalOcean】Blind X...
