CVE-2010-0982: Joomla! Component com_cartweberp – Local File Inclusion
漏洞标题 CVE-2010-0982: Joomla! Component com_cartweberp - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 fo...
CVE-2019-17230: WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes
漏洞标题 CVE-2019-17230: WordPress OneTone theme <= 3.0.6 – Unauthenticated Options Changes 漏洞描述 includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPre...
CVE-2020-15148: Yii 2 < 2.0.38 - Remote Code Execution
漏洞标题 CVE-2020-15148: Yii 2 < 2.0.38 - Remote Code Execution 漏洞描述 Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application cal...
CVE-2022-3768: WordPress WPSmartContracts <1.3.12 - SQL Injection
漏洞标题 CVE-2022-3768: WordPress WPSmartContracts <1.3.12 - SQL Injection 漏洞描述 WordPress WPSmartContracts plugin before 1.3.12 contains a SQL injection vulnerability. The p...
CVE-2023-42442: JumpServer > 3.6.4 – Information Disclosure
漏洞标题 CVE-2023-42442: JumpServer > 3.6.4 - Information Disclosure 漏洞描述 JumpServer is an open source bastion host and a professional operation and maintenance security aud...
CVE-2023-22463: KubePi JwtSigKey 登陆绕过漏洞
漏洞标题 CVE-2023-22463: KubePi JwtSigKey 登陆绕过漏洞 漏洞描述 KubePi 中存在 JWT硬编码,攻击者通过硬编码可以获取服务器后台管理权限,添加任意用户 fofa: "kubepi" PoC代码
Apache OFBiz webtools/control/xmlrpc 远程代码执行漏洞(CVE-2023-49070)
漏洞标题 Apache OFBiz webtools/control/xmlrpc 远程代码执行漏洞(CVE-2023-49070) 漏洞描述 Apache OFBiz是一个开源的企业资源规划(ERP)系统,提供了多种商业功能和模块。Apache OFBiz 在...
CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
漏洞标题 CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution 漏洞描述 Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenti...
CVE-2024-22024: Ivanti Pulse Connect Secure VPN XXE
漏洞标题 CVE-2024-22024: Ivanti Pulse Connect Secure VPN XXE 漏洞描述 An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti...
CVE-2007-0885: Jira Rainbow.Zen – Cross-Site Scripting
漏洞标题 CVE-2007-0885: Jira Rainbow.Zen - Cross-Site Scripting 漏洞描述 Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which all...
Appspace服务端请求伪造漏洞(CVE-2021-27670)
漏洞标题 Appspace服务端请求伪造漏洞(CVE-2021-27670) 漏洞描述 Appspace 6.2.4存在漏洞,允许通过api/v1/core/proxy/jsonprequest接口来进行服务端请求伪造,危害系统安全。 PoC代码 暂无
CVE-2023-32243: WordPress Elementor Lite 5.7.1 – Arbitrary Password Reset
漏洞标题 CVE-2023-32243: WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset 漏洞描述 Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allo...
CVE-2020-9496: Apache OFBiz 17.12.03 – Cross-Site Scripting
漏洞标题 CVE-2020-9496: Apache OFBiz 17.12.03 - Cross-Site Scripting 漏洞描述 Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an ...
CVE-2020-14750: Oracle WebLogic Server – Remote Command Execution
漏洞标题 CVE-2020-14750: Oracle WebLogic Server - Remote Command Execution 漏洞描述 Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is suscepti...
CVE-2024-6911: PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion
漏洞标题 CVE-2024-6911: PerkinElmer ProcessPlus <= 1.11.6507.0 - Local File Inclusion 漏洞描述 Files on the Windows system are accessible without authentication to external part...
Apache OFBiz StatsSinceStart 远程代码执行漏洞(CVE-2024-45507)
漏洞标题 Apache OFBiz StatsSinceStart 远程代码执行漏洞(CVE-2024-45507) 漏洞描述 Apache OFBiz 18.12.16 之前的版本在 Linux 和 Windows 系统上存在未经身份验证的远程代码执行漏洞。 PoC...
