漏洞标题 CVE-2018-14912: cgit < 1.2.1 - Directory Traversal 漏洞描述 cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is...

漏洞标题 CVE-2022-3934: WordPress FlatPM <3.0.13 - Cross-Site Scripting 漏洞描述 WordPress FlatPM plugin before 3.0.13 contains a cross-site scripting vulnerability. The plugin ...

漏洞标题 CVE-2010-1478: Joomla! Component Jfeedback 1.2 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) c...

漏洞标题 CVE-2022-1580: Site Offline WP Plugin < 1.5.3 - Authorization Bypass 漏洞描述 The plugin prevents users from accessing a website but does not do so if the URL contained...

漏洞标题 CVE-2017-12611: Apache Struts2 S2-053 - Remote Code Execution 漏洞描述 Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Fr...

漏洞标题 CVE-2022-0885: Member Hero <=1.0.9 - Remote Code Execution 漏洞描述 WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks...

漏洞标题 CVE-2018-10942: Prestashop AttributeWizardPro Module - Arbitrary File Upload 漏洞描述 In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute...

漏洞标题 CVE-2010-1540: Joomla! Component com_blog - Directory Traversal 漏洞描述 A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for ...

漏洞标题 CVE-2024-6746: EasySpider 0.6.2 - Arbitrary File Read 漏洞描述 A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by th...

漏洞标题 CVE-2023-32563: Ivanti Avalanche - Remote Code Execution 漏洞描述 An unauthenticated attacker could achieve the code execution through a RemoteControl server. PoC代码

前言 熊海CMS是由熊海开发的一款应用于个人博客，个人网站，企业网站的一套网站综合管理系统。 熊海CMS v1.0存在后台权限绕过漏洞，攻击者可伪造COOKIE绕过登录检测，成功登录后台。 编号：CNVD...

漏洞标题 CVE-2022-0437: karma-runner DOM-based Cross-Site Scripting 漏洞描述 NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability. PoC代码

漏洞标题 CVE-2019-3799: Spring Cloud Config Server - Local File Inclusion 漏洞描述 Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1....

本文转载于公众号：融云攻防实验室，原文地址： 漏洞复现-CVE-2014-3120 ElasticSearch 命令执行漏洞 0x01 阅读须知 Elasticsearch向使用者提供执行脚本代码的功能，支持mvel, js,groovy,pytho...

漏洞标题 CVE-2018-19287: WordPress Ninja Forms <3.3.18 - Cross-Site Scripting 漏洞描述 WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. ...

漏洞标题 CVE-2020-3452: Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion 漏洞描述 Cisco Adaptive Security Appliance (ASA) Software and ...