最新发布第785页
CVE-2020-3452: Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) – Local File Inclusion
漏洞标题 CVE-2020-3452: Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion 漏洞描述 Cisco Adaptive Security Appliance (ASA) Software and ...
为你的网站添加一个帅气的IP签名档吧 – 教程附源码
先来看看效果吧 远程调用只需要将下面代码加到想显示的地方就行!比如网站侧栏/弹窗提醒等等... <img src='https://b.encenc.com/tools/ip_picture/' alt='' width='428' height='250' />
CVE-2020-8772: WordPress InfiniteWP <1.9.4.5 - Authorization Bypass
漏洞标题 CVE-2020-8772: WordPress InfiniteWP <1.9.4.5 - Authorization Bypass 漏洞描述 WordPress InfiniteWP plugin before 1.9.4.5 for WordPress contains an authorization bypass v...
CVE-2024-51567: CyberPanel v2.3.6 Pre-Auth Remote Code Execution
漏洞标题 CVE-2024-51567: CyberPanel v2.3.6 Pre-Auth Remote Code Execution 漏洞描述 upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows re...
CVE-2020-12262: Intelbras TIP200/TIP200LITE/TIP300 – Cross-Site Scripting
漏洞标题 CVE-2020-12262: Intelbras TIP200/TIP200LITE/TIP300 - Cross-Site Scripting 漏洞描述 Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 are vulnera...
CVE-2023-1408: Video List Manager <= 1.7 - SQL Injection
漏洞标题 CVE-2023-1408: Video List Manager <= 1.7 - SQL Injection 漏洞描述 The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leadi...
CVE-2022-1916: WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting
漏洞标题 CVE-2022-1916: WordPress Active Products Tables for WooCommerce <1.0.5 - Cross-Site Scripting 漏洞描述 WordPress Active Products Tables for WooCommerce plugin prior to ...
CVE-2018-1000600: Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery
漏洞标题 CVE-2018-1000600: Jenkins GitHub Plugin <=1.29.1 - Server-Side Request Forgery 漏洞描述 Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request f...
CVE-2022-0149: WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting
漏洞标题 CVE-2022-0149: WooCommerce Stored Exporter WordPress Plugin < 2.7.1 - Cross-Site Scripting 漏洞描述 The plugin was affected by a reflected cross-site scripting vulnerab...
CVE-2023-51449: Gradio Hugging Face – Local File Inclusion
漏洞标题 CVE-2023-51449: Gradio Hugging Face - Local File Inclusion 漏洞描述 Gradio LFI when auth is not enabled, affects versions 4.0 - 4.10, also works against Gradio < 3.33 P...
CVE-2019-18665: DOMOS 5.5 – Local File Inclusion
漏洞标题 CVE-2019-18665: DOMOS 5.5 - Local File Inclusion 漏洞描述 SECUDOS DOMOS before 5.6 allows local file inclusion via the log module. PoC代码
CVE-2020-6637: OpenSIS 7.3 – SQL Injection
漏洞标题 CVE-2020-6637: OpenSIS 7.3 - SQL Injection 漏洞描述 OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. PoC代码
空白页面不要慌,我来跟你讲一讲
一次偶然的src挖掘,上班摸鱼中没啥事干,觉得有点空虚就来挖会洞吧,打开xray直接联动,点开页面开始整 点开发现虽然有title,但是页面是空白的 但是响应正常,这就很烦啊 瞅了一眼xray,发现...
CVE-2021-26072: Atlassian Confluence < 5.8.6 - Server-Side Request Forgery
漏洞标题 CVE-2021-26072: Atlassian Confluence < 5.8.6 - Server-Side Request Forgery 漏洞描述 Confluence Server and Data Center before 5.8.6 contain a blind server-side request f...
CVE-2021-24300: WordPress WooCommerce <1.13.22 - Cross-Site Scripting
漏洞标题 CVE-2021-24300: WordPress WooCommerce <1.13.22 - Cross-Site Scripting 漏洞描述 WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerabil...
批量获取网站SSL证书里的域名
大佬们在日常刷洞过程中,或者批量扫某个POC时,总会扫到很多未知资产或者结果量太大一个个去验证资产归属太费时费力。而一些https站点的证书中能看到证书归属,一般通过证书定位的资产都比较准...








