最新发布第679页
CVE-2014-4940: WordPress Plugin Tera Charts – Local File Inclusion
漏洞标题 CVE-2014-4940: WordPress Plugin Tera Charts - Local File Inclusion 漏洞描述 Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordP...
CVE-2019-2767: Oracle Business Intelligence Publisher – XML External Entity Injection
漏洞标题 CVE-2019-2767: Oracle Business Intelligence Publisher - XML External Entity Injection 漏洞描述 Oracle Business Intelligence Publisher is vulnerable to an XML external enti...
CVE-2024-51978: Brother Printers – Authentication Bypass via Default Admin Password
漏洞标题 CVE-2024-51978: Brother Printers – Authentication Bypass via Default Admin Password 漏洞描述 By leaking a target device's serial number, a remote attacker can genera...
CVE-2024-12356: Privileged Remote Access & Remote Support – Command Injection
漏洞标题 CVE-2024-12356: Privileged Remote Access & Remote Support - Command Injection 漏洞描述 A critical vulnerability has been discovered in Privileged Remote Access (PRA) a...
CVE-2021-24762: WordPress Perfect Survey <1.5.2 - SQL Injection
漏洞标题 CVE-2021-24762: WordPress Perfect Survey <1.5.2 - SQL Injection 漏洞描述 Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET p...
CVE-2018-1000130: Jolokia Agent – JNDI Code Injection
漏洞标题 CVE-2018-1000130: Jolokia Agent - JNDI Code Injection 漏洞描述 Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary...
CVE-2023-1408: Video List Manager <= 1.7 - SQL Injection
漏洞标题 CVE-2023-1408: Video List Manager <= 1.7 - SQL Injection 漏洞描述 The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leadi...
CVE-2024-5932: GiveWP – PHP Object Injection
漏洞标题 CVE-2024-5932: GiveWP - PHP Object Injection 漏洞描述 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in ...
CVE-2022-29455-headless: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
漏洞标题 CVE-2022-29455-headless: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting 漏洞描述 WordPress Elementor Website Builder plugin 3.5.5 and prior con...
Atlassian Jira信息泄露漏洞(CVE-2019-8449)
漏洞标题 Atlassian Jira信息泄露漏洞(CVE-2019-8449) 漏洞描述 Atlassian Jira 8.4.0之前版本/rest/api/latest/groupuserpicker接口允许远程攻击者枚举用户名,导致信息泄露。 PoC代码 暂无
CVE-2025-27007: OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation
漏洞标题 CVE-2025-27007: OttoKit < 1.0.83 - SureTriggers allows Privilege Escalation 漏洞描述 Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allow...
CVE-2022-36923: Zoho ManageEngine – getUserAPIKey Authentication Bypass
漏洞标题 CVE-2022-36923: Zoho ManageEngine - getUserAPIKey Authentication Bypass 漏洞描述 Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager,...
利用302跳转绕过限制-ssrf仅能使用http协议时
当ssrf限制只能使用http或https协议,可通过Header函数绕过限制。在vps创建一个302.php的文件,根据需求设置协议类型,内容参考下图: 将对应的url参数改为:http://vpsip/302.php即可进行深度...
CVE-2023-4136: CrafterCMS Engine – Cross-Site Scripting
漏洞标题 CVE-2023-4136: CrafterCMS Engine - Cross-Site Scripting 漏洞描述 CrafterCMS Engine is vulnerable to reflected cross-site scripting (XSS) via the transformerName parameter ...
验证码爆破导致的业务逻辑问题
应用场景:验证码没有设置失效时间,且请求包可无限重放(比如登录,注册,绑定,解绑,修改密码,领优惠券等实际场景) 某支付众测案例:验证码有效期过长导致银行卡与任意xx账号绑定 绑定银行...
CVE-2023-45375: PrestaShop PireosPay – SQL Injection
漏洞标题 CVE-2023-45375: PrestaShop PireosPay - SQL Injection 漏洞描述 In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can ...







