最新发布第863页
CVE-2023-4111: PHPJabbers Bus Reservation System 1.1 – Cross-Site Scripting
漏洞标题 CVE-2023-4111: PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting 漏洞描述 A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as ...
CVE-2020-28188: TerraMaster TOS – Unauthenticated Remote Command Execution
漏洞标题 CVE-2020-28188: TerraMaster TOS - Unauthenticated Remote Command Execution 漏洞描述 TerraMaster TOS <= 4.2.06 is susceptible to a remote code execution vulnerability wh...
CVE-2021-24746: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
漏洞标题 CVE-2021-24746: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting 漏洞描述 WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-s...
CVE-2021-20124: Draytek VigorConnect 6.0-B3 – Local File Inclusion
漏洞标题 CVE-2021-20124: Draytek VigorConnect 6.0-B3 - Local File Inclusion 漏洞描述 Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download funct...
CVE-2023-3845: MooDating 1.2 – Cross-Site Scripting
漏洞标题 CVE-2023-3845: MooDating 1.2 - Cross-Site Scripting 漏洞描述 A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue...
CVE-2021-35064: Kramer VIAware – Privilege Escalation and Remote Code Execution
漏洞标题 CVE-2021-35064: Kramer VIAware - Privilege Escalation and Remote Code Execution 漏洞描述 Kramer VIAware, all tested versions, allow privilege escalation and remote code ex...
CVE-2023-0968: WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
漏洞标题 CVE-2023-0968: WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting 漏洞描述 WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin...
CVE-2021-34624: WordPress ProfilePress 3.0-3.1.3 – Arbitrary File Upload
漏洞标题 CVE-2021-34624: WordPress ProfilePress 3.0-3.1.3 - Arbitrary File Upload 漏洞描述 A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.ph...
CVE-2020-12124: WAVLINK WN530H4 live_api.cgi – Command Injection
漏洞标题 CVE-2020-12124: WAVLINK WN530H4 live_api.cgi - Command Injection 漏洞描述 A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLIN...
CVE-2022-0765: WordPress Loco Translate < 2.6.1 - Cross-Site Scripting
漏洞标题 CVE-2022-0765: WordPress Loco Translate < 2.6.1 - Cross-Site Scripting 漏洞描述 Loco Translate WordPress plugin before 2.6.1 contains a stored cross-site scripting vuln...
CVE-2023-2982: Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass
漏洞标题 CVE-2023-2982: Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass 漏洞描述 The WordPress Social Login and Register (Discord, Google, Twitter, LinkedI...
一次小程序端接口越权的分析
之前在挖一个src的时候,有一个资产是小程序 抓包如下 根据地址id查看收货地址 注意到请求里没有cookie,然后url里面这个digest字段比较奇怪,所有的接口都是根据这个参数鉴权的,一般不都应该...
CVE-2021-43810: Admidio – Cross-Site Scripting
漏洞标题 CVE-2021-43810: Admidio - Cross-Site Scripting 漏洞描述 A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site script...
bugbounty技巧聚合20211213
漏洞报告 微软和 GitHub OAuth 实施漏洞导致重定向攻击 http://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection 挖洞...
CVE-2020-14864: Oracle Fusion – Directory Traversal/Local File Inclusion
漏洞标题 CVE-2020-14864: Oracle Fusion - Directory Traversal/Local File Inclusion 漏洞描述 Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are...
CVE-2023-1496: Imgproxy < 3.14.0 - Cross-site Scripting (XSS)
漏洞标题 CVE-2023-1496: Imgproxy < 3.14.0 - Cross-site Scripting (XSS) 漏洞描述 Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. Po...







