漏洞标题 CVE-2021-24997: WordPress Guppy <=1.1 - Information Disclosure 漏洞描述 WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can a...

漏洞标题 CVE-2019-20504: Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Remote Code Execution 漏洞描述 service/krashrpt.php in Quest KACE K1000 Systems Management Appl...

漏洞标题 CVE-2025-30220: GeoServer WFS - XXE Processing Vulnerability 漏洞描述 GeoServer Web Feature Service (WFS) is vulnerable to an XML External Entity (XXE) processing attack d...

漏洞标题 CVE-2022-40684: Fortinet FortiOS admin 远程命令执行漏洞 漏洞描述 Fortinet 周一指出，上周修补的 CVE-2022-40684 身份验证绕过安全漏洞，正在野外被广泛利用。作为管理界面上的一...

漏洞标题 CVE-2023-1263: Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access 漏洞描述 The plugin does not restrict access to published and non protected post...

漏洞标题 CVE-2021-26085: Atlassian Confluence Server - Local File Inclusion 漏洞描述 Atlassian Confluence Server allows remote attackers to view restricted resources via local file...

漏洞标题 CVE-2019-0230: Apache Struts <=2.5.20 - Remote Code Execution S2-059 漏洞描述 Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user inp...

漏洞标题 CVE-2023-20889: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability 漏洞描述 Aria Operations for Networks contains an information dis...

漏洞标题 CVE-2016-10134: Zabbix - SQL Injection 漏洞描述 Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids arra...

漏洞标题 CVE-2017-9506: Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery 漏洞描述 The Atlassian Jira IconUriServlet of the OAuth Plugin from version...

挖洞技巧 Full account takeover through referral code http://hector0x.medium.com/broken-authentication-through-referral-code-25cd0e8bccc2 SecurityMB's October 2021 Prototype Polluti...

漏洞标题 CVE-2022-28666: Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update 漏洞描述 YIKES Inc. Custom Product Tabs for WooCommerce plug...

网络空间的竞争，归根结底是人才的竞争。3月11日，西湖论剑·第五届中国杭州网络安全技能大赛决赛在杭州拉开帷幕。作为首届全球数字贸易博览会的亮点单元，本次大赛由杭州市公安局、共青团杭州...

漏洞标题 CVE-2021-3287: Zoho ManageEngine OpManager < 12.5.329 - Remote Code Execution 漏洞描述 Zoho ManageEngine OpManager before 12.5.329 contains a remote code execution caus...

目录卸载及安装 samba新建共享路径及权限设置编辑samba 配置文件重启samba服务windows 打开共享文件夹卸载及安装 samba sudo apt-get purge samba samba-* sudo apt-get update sudo apt-get in...

漏洞标题 CVE-2020-35847: Agentejo Cockpit <0.11.2 - NoSQL Injection 漏洞描述 Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword func...