漏洞标题 CVE-2023-22480: KubeOperator Foreground `kubeconfig` - File Download 漏洞描述 KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, d...

漏洞标题 CVE-2021-3223: Node RED Dashboard - Directory Traversal 漏洞描述 Node-RED-Dashboard before 2.26.2 allows ui_base/js/..%2f directory traversal to read files. PoC代码

现在好多应用都通过API接口对外提供服务 如果鉴权做的不好的话，很容易出现未授权访问漏洞 通过BurpJSLinkFinder或findsomething很容易获取到接口信息 下面以某SRC API接口测试的一个小案例进行...

漏洞标题 CVE-2022-1946: WordPress Gallery <2.0.0 - Cross-Site Scripting 漏洞描述 WordPress Gallery plugin before 2.0.0 contains a reflected cross-site scripting vulnerability. I...

漏洞标题 CVE-2018-1000861: Jenkins - Remote Command Injection 漏洞描述 Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapl...

漏洞标题 CVE-2024-33724: SOPlanning 1.52.00 Cross Site Scripting 漏洞描述 SOPlanning v1.52.00 is vulnerable to XSS via the 'groupe_id' parameters a remote unautheticated ...

漏洞标题 CVE-2010-1494: Joomla! Component AWDwall 1.5.4 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla!...

漏洞标题 CVE-2021-32478: Moodle 3.8-3.10.3 - Reflected XSS & Open Redirect 漏洞描述 Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 contain a reflected XSS and open ...

反向代理：反向代理也叫reverse proxy,指的是代理外网用户的请求到内部的指定web服务器,并将数据返回给用户的一种方式,这是用的比较多的一种方式,下面这篇文章主要给大家介绍了关于Nginx反向代...

漏洞标题 CVE-2017-11629: FineCMS <=5.0.10 - Cross-Site Scripting 漏洞描述 FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the fun...

漏洞标题 CVE-2023-43325: MooSocial 3.1.8 - Cross-Site Scripting 漏洞描述 A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user lo...

漏洞标题 CVE-2022-24260: VoipMonitor - Pre-Auth SQL Injection 漏洞描述 A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the...

这篇文章主要介绍了详解nginx请求头数据读取流程，文中通过示例代码介绍的非常详细，对大家的学习或者工作具有一定的参考学习价值，需要的朋友们下面随着小编来一起学习学习吧 在上一篇文章中，...

漏洞标题 CVE-2022-0651: WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection 漏洞描述 The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient e...

这篇文章主要介绍了VMware下安装VMware tools,安装文件没有出现问题的解决，文中通过示例代码介绍的非常详细，对大家的学习或者工作具有一定的参考学习价值，需要的朋友们下面随着小编来一起学...

这篇文章主要介绍了Vmware vcenter未授权任意文件上传漏洞(CVE-2021-21972),本文给大家介绍的非常详细，对大家的学习或工作具有一定的参考借鉴价值，需要的朋友可以参考下 背景 CVE-2021-21972 ...