漏洞标题 CVE-2022-0660: Microweber <1.2.11 - Information Disclosure 漏洞描述 Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in ...

漏洞标题 CVE-2022-0873: WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting 漏洞描述 The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise ...

漏洞标题 CVE-2023-27640: PrestaShop tshirtecommerce - Directory Traversal 漏洞描述 The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be fo...

漏洞标题 CVE-2019-20224: Pandora FMS 7.0NG - Remote Command Injection 漏洞描述 Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metach...

漏洞标题 CVE-2010-1056: Joomla! Component com_rokdownloads - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component befo...

漏洞标题 CVE-2010-2920: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Foobla Suggestions (com_foobla_sugge...

漏洞标题 CVE-2020-14883: Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution 漏洞描述 The Oracle Fusion Middleware WebLogic Server admin console...

漏洞标题 CVE-2021-42551: NetBiblio WebOPAC - Cross-Site Scripting 漏洞描述 NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its W...

漏洞标题 CVE-2021-27358: Grafana Unauthenticated Snapshot Creation 漏洞描述 Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigg...

0x01 前言 在渗透测试过程中，如何才能从大量的互联网资产中提取易受攻击的信息系统(例如VPN、邮服、CMS、OA、Shiro、Struts2等)，逐渐成为信息收集中一个必不可少的环节。 0x2 工具调研 在线指...

漏洞报告 【Localize 50刀】文档名处的存储xss http://hackerone.com/reports/1321407 【Tor】Tor Browser using --log or --verbose logs the exact connection time a client connects to any...

漏洞标题 CVE-2023-41597: EyouCms v1.6.2 - Cross-Site Scripting 漏洞描述 EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the compon...

漏洞标题 CVE-2024-1512: MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection 漏洞描述 The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordP...

这篇文章主要介绍了Web应用中设置Context Path案例详解,本篇文章通过简要的案例,讲解了该项技术的了解与使用,以下就是详细内容,需要的朋友可以参考下 URL：http://hostname.com/contextPath/ser...

漏洞标题 CVE-2021-26085: Atlassian Confluence Server - Local File Inclusion 漏洞描述 Atlassian Confluence Server allows remote attackers to view restricted resources via local file...

漏洞标题 CVE-2021-43421: Studio-42 elFinder <2.1.60 - Arbitrary File Upload 漏洞描述 Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connecto...