最新发布第936页
CVE-2022-28117: Navigate CMS 2.9.4 – Server-Side Request Forgery
漏洞标题 CVE-2022-28117: Navigate CMS 2.9.4 - Server-Side Request Forgery 漏洞描述 Navigate CMS 2.9.4 is susceptible to server-side request forgery via feed_parser class. This can ...
CVE-2024-58136: Yii2 PHP Framework < 2.0.52 - Remote Code Execution
漏洞标题 CVE-2024-58136: Yii2 PHP Framework < 2.0.52 - Remote Code Execution 漏洞描述 Yii2 PHP Framework before 2.0.52 is vulnerable to remote code execution via improper valida...
CVE-2022-3908: WordPress Helloprint <1.4.7 - Cross-Site Scripting
漏洞标题 CVE-2022-3908: WordPress Helloprint <1.4.7 - Cross-Site Scripting 漏洞描述 WordPress Helloprint plugin before 1.4.7 contains a cross-site scripting vulnerability. The p...
CVE-2020-25078: D-Link DCS-2530L/DCS-2670L – Administrator Password Disclosure
漏洞标题 CVE-2020-25078: D-Link DCS-2530L/DCS-2670L - Administrator Password Disclosure 漏洞描述 D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulne...
(CVE-2022-0540) Atlassian Jira Seraph 身份验证绕过漏洞
漏洞标题 (CVE-2022-0540) Atlassian Jira Seraph 身份验证绕过漏洞 漏洞描述 (CVE-2022-0540) Atlassian Jira Seraph 身份验证绕过漏洞 PoC代码 暂无
CVE-2023-2745: WordPress Core <=6.2 - Directory Traversal
漏洞标题 CVE-2023-2745: WordPress Core <=6.2 - Directory Traversal 漏洞描述 WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘...
CVE-2024-4439: WordPress Core <6.5.2 - Cross-Site Scripting
漏洞标题 CVE-2024-4439: WordPress Core <6.5.2 - Cross-Site Scripting 漏洞描述 WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar bl...
渗透测试中常见扩大攻击面的方法:
渗透测试中常见扩大攻击面的方法: 当我们遇到pay.huoxian.cn,可能他存在以下测试域名。 dev.pay.huoxian.cn pay.dev.huoxian.cn devpay.huoxian.cn dev-pay.huoxian.cn paydev.huoxian.cn pay...
CVE-2021-2135: Oracle WebLogic Server – Remote Code Execution
漏洞标题 CVE-2021-2135: Oracle WebLogic Server - Remote Code Execution 漏洞描述 Oracle WebLogic Server (12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0) contains a remote code execution caused ...
CVE-2024-47062: Navidrome < 0.53.0 - Authenticated SQL Injection
漏洞标题 CVE-2024-47062: Navidrome < 0.53.0 - Authenticated SQL Injection 漏洞描述 Navidrome is an open source web-based music collection server and streamer. Navidrome automati...
CVE-2010-1315: Joomla! Component webERPcustomer – Local File Inclusion
漏洞标题 CVE-2010-1315: Joomla! Component webERPcustomer - Local File Inclusion 漏洞描述 A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberp...
CVE-2022-28033: Atom.CMS 2.0 – SQL Injection
漏洞标题 CVE-2022-28033: Atom.CMS 2.0 - SQL Injection 漏洞描述 Atom.CMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_uploads.php which allows an attacker to execute arbitr...
CVE-2021-24245: WordPress Stop Spammers <2021.9 - Cross-Site Scripting
漏洞标题 CVE-2021-24245: WordPress Stop Spammers <2021.9 - Cross-Site Scripting 漏洞描述 WordPress Stop Spammers plugin before 2021.9 contains a reflected cross-site scripting v...
CVE-2021-20021: SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation
漏洞标题 CVE-2021-20021: SonicWall Email Security <= 10.0.9.x - Unauthenticated Admin Account Creation 漏洞描述 SonicWall Email Security version 10.0.9.x allows an attacker to c...
CVE-2021-24510: WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting
漏洞标题 CVE-2021-24510: WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting 漏洞描述 WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting...
CVE-2020-5847: UnRaid <=6.80 - Remote Code Execution
漏洞标题 CVE-2020-5847: UnRaid <=6.80 - Remote Code Execution 漏洞描述 UnRaid <=6.80 allows remote unauthenticated attackers to execute arbitrary code. PoC代码






