漏洞标题 CVE-2021-24288: WordPress AcyMailing <7.5.0 - Open Redirect 漏洞描述 WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sa...

漏洞标题 CVE-2023-39108: rConfig 3.9.4 - Server-Side Request Forgery 漏洞描述 rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter...

漏洞标题 CVE-2022-47945: Thinkphp Lang - Local File Inclusion 漏洞描述 ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack fe...

漏洞标题 CVE-2024-3274: D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure 漏洞描述 A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 202...

漏洞标题 CVE-2021-25003: WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution 漏洞描述 WordPress WPCargo Track & Trace plugin before 6.9.0 is susceptible to re...

漏洞标题 CVE-2021-24215: Controlled Admin Access WordPress Plugin <= 1.4.0 - Improper Access Control & Privilege Escalation 漏洞描述 An Improper Access Control vulnerability...

漏洞标题 CVE-2023-2518: WordPress Easy Forms for Mailchimp Plugin < 6.8.9 - Cross-Site Scripting 漏洞描述 The Easy Forms for Mailchimp plugin before version 6.8.9 contains a ref...

漏洞标题 CVE-2018-14918: LOYTEC LGATE-902 6.3.2 - Local File Inclusion 漏洞描述 LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manip...

漏洞标题 CVE-2021-22214: Gitlab CE/EE 10.5 - Server-Side Request Forgery 漏洞描述 GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerab...

漏洞标题 CVE-2022-3982: WordPress Booking Calendar <3.2.2 - Arbitrary File Upload 漏洞描述 WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload...

在某些场景，我们可能需要写入bat，vbs，py等文件，当我们逐个echo将字符写入文件时，写入内容会自动换行： 可以通过命令 >>text.txt set/p='test' < nul 避免写入内容被换行 文字来源...

漏洞标题 CVE-2010-1308: Joomla! Component SVMap 1.1.1 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allow...

漏洞标题 CVE-2016-5649: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure 漏洞描述 NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxtto...

漏洞标题 CVE-2023-37629: Online Piggery Management System v1.0 - Unauthenticated File Upload 漏洞描述 Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthen...

漏洞标题 CVE-2025-61882: Oracle E-Business Suite 12.2.3–12.2.14 – Remote Code Execution 漏洞描述 Oracle Concurrent Processing 12.2.3-12.2.14 contains a remote code execution caus...

漏洞报告 JNDI 反击——H2 数据库控制台中未经身份验证的 RCE http://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ 挖洞技巧 通过嵌套解析器条件对 XSS ...