云记-渗透云记 - 专注于网络安全与技术分享-第970页
bugbounty技巧聚合20210910-渗透云记 - 专注于网络安全与技术分享

bugbounty技巧聚合20210910

漏洞报告 Avito url跳转绕过 http://hackerone.com/reports/956449 挖洞技巧 两个账户劫持漏洞 http://blog.usamav.dev/two-account-takeover-bugs-worth-4300-dollar-bounty Azure跨账户容器劫...
2022年3月10日 23:33
010
CVE-2010-2033: Joomla! Percha Categories Tree 0.6 - Local File Inclusion-渗透云记 - 专注于网络安全与技术分享

CVE-2010-2033: Joomla! Percha Categories Tree 0.6 – Local File Inclusion

漏洞标题 CVE-2010-2033: Joomla! Percha Categories Tree 0.6 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) ...
CVE-2021-25003: WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution-渗透云记 - 专注于网络安全与技术分享

CVE-2021-25003: WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution

漏洞标题 CVE-2021-25003: WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution 漏洞描述 WordPress WPCargo Track & Trace plugin before 6.9.0 is susceptible to re...
CVE-2024-1061: WordPress HTML5 Video Player - SQL Injection-渗透云记 - 专注于网络安全与技术分享

CVE-2024-1061: WordPress HTML5 Video Player – SQL Injection

漏洞标题 CVE-2024-1061: WordPress HTML5 Video Player - SQL Injection 漏洞描述 WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can ex...
CVE-2019-19822: TOTOLINK/Realtek Routers - Information Disclosure-渗透云记 - 专注于网络安全与技术分享

CVE-2019-19822: TOTOLINK/Realtek Routers – Information Disclosure

漏洞标题 CVE-2019-19822: TOTOLINK/Realtek Routers - Information Disclosure 漏洞描述 A certain router administration interface using Realtek APMIB (e.g., on TOTOLINK models) allows ...
CVE-2019-2767: Oracle Business Intelligence Publisher - XML External Entity Injection-渗透云记 - 专注于网络安全与技术分享

CVE-2019-2767: Oracle Business Intelligence Publisher – XML External Entity Injection

漏洞标题 CVE-2019-2767: Oracle Business Intelligence Publisher - XML External Entity Injection 漏洞描述 Oracle Business Intelligence Publisher is vulnerable to an XML external enti...
CVE-2022-0949: WordPress Stop Bad Bots <6.930 - SQL Injection-渗透云记 - 专注于网络安全与技术分享

CVE-2022-0949: WordPress Stop Bad Bots <6.930 - SQL Injection

漏洞标题 CVE-2022-0949: WordPress Stop Bad Bots <6.930 - SQL Injection 漏洞描述 WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin do...
CVE-2022-2373: WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure-渗透云记 - 专注于网络安全与技术分享

CVE-2022-2373: WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure

漏洞标题 CVE-2022-2373: WordPress Simply Schedule Appointments <1.5.7.7 - Information Disclosure 漏洞描述 WordPress Simply Schedule Appointments plugin before 1.5.7.7 is suscept...
CVE-2022-4306: WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting-渗透云记 - 专注于网络安全与技术分享

CVE-2022-4306: WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting

漏洞标题 CVE-2022-4306: WordPress Panda Pods Repeater Field <1.5.4 - Cross-Site Scripting 漏洞描述 WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripti...
CVE-2024-8425: WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload-渗透云记 - 专注于网络安全与技术分享

CVE-2024-8425: WooCommerce Ultimate Gift Card ≤ 2.6.0 – Arbitrary File Upload

漏洞标题 CVE-2024-8425: WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload 漏洞描述 The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary ...
CVE-2021-22053: Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution-渗透云记 - 专注于网络安全与技术分享

CVE-2021-22053: Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution

漏洞标题 CVE-2021-22053: Spring Cloud Netflix Hystrix Dashboard <2.2.10 - Remote Code Execution 漏洞描述 Spring Cloud Netflix Hystrix Dashboard prior to version 2.2.10 is suscep...
CVE-2022-0817: WordPress BadgeOS <=3.7.0 - SQL Injection-渗透云记 - 专注于网络安全与技术分享

CVE-2022-0817: WordPress BadgeOS <=3.7.0 - SQL Injection

漏洞标题 CVE-2022-0817: WordPress BadgeOS <=3.7.0 - SQL Injection 漏洞描述 WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize an...
CVE-2024-36991: Splunk Enterprise - Local File Inclusion-渗透云记 - 专注于网络安全与技术分享

CVE-2024-36991: Splunk Enterprise – Local File Inclusion

漏洞标题 CVE-2024-36991: Splunk Enterprise - Local File Inclusion 漏洞描述 In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path...
为什么 Nginx 比 Apache 更牛逼_nginx-渗透云记 - 专注于网络安全与技术分享

为什么 Nginx 比 Apache 更牛逼_nginx

为什么Nginx在处理高并发方面要优于httpd,我们先从两种web服务器的工作原理以及工作模式说起。对Nginx对比 Apache的相关知识感兴趣的朋友跟随小编一起看看吧 Nginx才短短几年,就拿下了Web服务...
2022年9月17日 10:40
010
CVE-2025-2747: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006)-渗透云记 - 专注于网络安全与技术分享

CVE-2025-2747: Kentico Xperience 13 CMS – Staging Service Authentication Bypass (WT-2025-0006)

漏洞标题 CVE-2025-2747: Kentico Xperience 13 CMS - Staging Service Authentication Bypass (WT-2025-0006) 漏洞描述 An authentication bypass vulnerability in Kentico Xperience allows ...
CVE-2022-36537: ZK Framework - Information Disclosure-渗透云记 - 专注于网络安全与技术分享

CVE-2022-36537: ZK Framework – Information Disclosure

漏洞标题 CVE-2022-36537: ZK Framework - Information Disclosure 漏洞描述 ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attac...