漏洞标题 CVE-2022-0781: WordPress Nirweb Support <2.8.2 - SQL Injection 漏洞描述 WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin ...

漏洞标题 CVE-2021-26247: Cacti - Cross-Site Scripting 漏洞描述 Cacti contains a cross-site scripting vulnerability via "http://<CACTI_SERVER>/auth_changepassword.php?ref...

前言 在渗透测试中，一般对于登录框的测试，大部分主要测试SQL注入，xss注入，弱口令爆破等，至于验证码，多数就是看看是否可以复用，或者不校验，大多数只是看了一眼就过去了。 但其实验证码也...

漏洞标题 CVE-2021-31316: CentOS Web Panel - SQL Injection 漏洞描述 The unprivileged user portal part of CentOS Web Panel is affected by a SQL Injection via the 'idsession'...

漏洞标题 CVE-2018-16159: WordPress Gift Voucher <4.1.8 - Blind SQL Injection 漏洞描述 WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability vi...

漏洞标题 CVE-2021-24340: WordPress Statistics <13.0.8 - Blind SQL Injection 漏洞描述 WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticat...

漏洞标题 CVE-2017-9506: Atlassian Jira IconURIServlet - Cross-Site Scripting/Server-Side Request Forgery 漏洞描述 The Atlassian Jira IconUriServlet of the OAuth Plugin from version...

漏洞标题 CVE-2023-6655: Hongjing e-HR 2020 - SQL Injection 漏洞描述 A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue ...

漏洞标题 CVE-2023-2982: Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass 漏洞描述 The WordPress Social Login and Register (Discord, Google, Twitter, LinkedI...

漏洞标题 CVE-2022-32771: WWBN AVideo 11.6 - Cross-Site Scripting 漏洞描述 WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the ...

漏洞标题 CVE-2012-4982: Forescout CounterACT 6.3.4.1 - Open Redirect 漏洞描述 Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows r...

漏洞标题 CVE-2023-4450: JeecgBoot JimuReport - Template injection 漏洞描述 A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected...

漏洞标题 CVE-2023-40779: IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect 漏洞描述 An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to ...

漏洞标题 CVE-2022-1950: Wordpress Youzify sql injection 漏洞描述 The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL stateme...

漏洞标题 CVE-2021-39226: Grafana Snapshot - Authentication Bypass 漏洞描述 Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associat...

漏洞标题 CVE-2019-18394: Ignite Realtime Openfire <=4.4.2 - Server-Side Request Forgery 漏洞描述 Ignite Realtime Openfire through version 4.4.2 allows attackers to send arbitrar...