WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 Security Vulnerabilities

Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware

Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...

Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware

Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...

File Upload Vulnerability in Qixingchen Tianyue Network Security Audit System

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A file upload vulnerability exists in Tianyue Network Security Audit System, which can be...

Exploit for Improper Authentication in Fit2Cloud Jumpserver

blackjump 中文 |...

Exploit for Improper Authentication in Fit2Cloud Jumpserver

blackjump 中文 |...

Exploit for CVE-2023-22515

CVE-2023-22515 Confluence Data Center & Server 权限提升漏洞...

Shopify: IDOR on GraphQL queries BillingDocumentDownload and BillDetails

Summary: An IDOR on the BillingInvoice id on both BillingDocumentDownload and BillDetails graphql operations are leaking other merchants' ██████: email full address content of their invoice last 4 digits of credit card + type of credit card OR paypal email shop impacted Shops Used to Test:...

Exploit for Path Traversal in Fit2Cloud Jumpserver

CVE-2023-42819 CVE-2023-42819 漏洞说明 JumpServer 任意文件写入漏洞...

Exploit for Out-of-bounds Write in Haxx Libcurl

免责声明...

Command Execution Vulnerability in Tianyue Network Security Audit System of Qixingchen Information Technology Group Co. Ltd (CNVD-2023-85472)

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of network operation behaviors in business environments. A command execution vulnerability exists in the Tianyue Network Security Audit System of Qixing Information Technology Group Co., Ltd,.....

Exploit for CVE-2023-22515

红队工具-Confluence未授权添加管理员用户(CVE-2023-22515)漏洞利用工具 漏洞影响范围...

Exploit for CVE-2023-38646

MetabaseRceTools CVE-2023-38646 Metabase RCE 工具...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Fit2Cloud Jumpserver

CVE-2023-42820 CVE-2023-42820 漏洞说明 JumpServer 密码重置漏洞...

Exploit for CVE-2023-38646

CVE-2023-38646...

Exploit for Untrusted Pointer Dereference in Microsoft

产生原因：对比202209和202307的AFD.sys,在函数AfdNotifyRemoveIOCompletion中，202......

Electron_Shell - Developing A More Covert Remote Access Trojan (RAT) Tool By Leveraging Electron's Features For Command Injection And Combining It With Remote Control Methods

Electron_shell Developing a more covert Remote Access Trojan (RAT) tool by leveraging Electron's features for command injection and combining it with remote control methods. Read More: [AOH 024]探索将Shell寄生于Electron程序的自动化实现 Features Supports almost all operating systems mac linux windows ...

Exploit for Vulnerability in Fit2Cloud Jumpserver

CVE-2023-42820 漏洞描述 JumpServer 是一款广受欢迎的开源堡垒机，是符合 4A...

Arbitrary File Read Vulnerability in ECS Intelligent Logistics Unattended System

ECS Intelligent Logistics Unattended System is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is an arbitrary file read vulnerability in the ECS Intelligent...

Are You Willing to Pay the High Cost of Compromised Credentials?

Weak password policies leave organizations vulnerable to attacks. But are the standard password complexity requirements enough to secure them? 83% of compromised passwords would satisfy the password complexity and length requirements of compliance standards. That's because bad actors already have.....

Fresh Wave of Malicious npm Packages Threaten Kubernetes Configs and SSH Keys

Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised machines to a remote server. Sonatype said it has discovered 14 different npm packages so far:...

Malicious code in paypal-validators (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (ebc6b081257d4c572b2609876f97c2068316a5023ba3ed2acc567fbca9e0f2eb) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Leyka < 3.30.7.1 - Subscriber+ Sensitive Information Disclosure

Description The plugin is vulnerable to Sensitive Information Exposure via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and...

CVE-2023-4917

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank.....

CVE-2023-4917

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank.....

Design/Logic Flaw

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank.....

CVE-2023-4917

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank.....

Exploit for Classic Buffer Overflow in Notepad-Plus-Plus Notepad++

CVE-2023-40031 notepad++堆缓冲区溢出漏洞CVE-2023-40031 分析与复现 漏洞概述...

Smart chastity device exposes sensitive user data

A security breach or piece of inadvertent exposure can be a devastating thing, not just for the company impacted but also the people whose data is stolen or exposed to the world. The usual roll-call of "name, address, phone number and card details" is bad enough. If such things are tied to...

Exploit for SQL Injection in Tongda2000 Tongda Office Anywhere

CVE-2023-4166 fofa：通达 OA python3 CVE-2023-4165.py -h ...

Exploit for SQL Injection in Tongda2000 Tongda Office Anywhere

CVE-2023-4165 fofa：通达 OA python3 CVE-2023-4165.py -h...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)

Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Exploit for Path Traversal in Stagil Stagil Navigation

Jira plugin STAGIL Navigation FileName参数的任意文件读取漏洞POC脚本...

Exploit for Injection in Cacti

Cacti remote_agent.php 远程命令执行漏洞 CVE-2022-46169 漏洞描述...

Exploit for Unrestricted Upload of File with Dangerous Type in Dahuasecurity Smart Parking Management

大华智慧园区综合管理平台publishing文件上传 POC 安装依赖 ``` pip install...

Exploit for Path Traversal in Lanproxy Project Lanproxy

Lanproxy 目录遍历漏洞 CVE-2021-3019 漏洞描述...

Exploit for Path Traversal in Stagil Stagil Navigation

CVE-2023-26256_POC ```...

Exploit for Path Traversal in Stagil Stagil Navigation

CVE-2023-26256_POC ```...

Command Execution Vulnerability in WPS Windows Edition of Zhuhai Kingsoft Office Software Co.

WPS is an office software. A command execution vulnerability exists in WPS Windows Edition of Zhuhai Kingsoft Office Software Limited, which can be exploited by attackers to execute arbitrary...

Command execution vulnerability in Qixingchen Tianyue Network Security Audit System (CNVD-2023-71706)

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...

Exploit for CVE-2023-38831

项目介绍 这是一款go语言些的用于生成cve-2023-38831漏洞POC的工具 影响版本：WinRAR...

Command Execution Vulnerability in Qixingchen Tianyue Network Security Audit System

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...

Smartbi windowUnloading Authentication Bypass Vulnerability

Smartbi is a one-stop big data analytics platform. An authentication bypass vulnerability exists in Smartbi windowUnloading, which can be exploited by an attacker to obtain system user credentials and execute remote...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)

Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

File Upload Vulnerability in Intelligent Logistics Unattended System of Taiyuan ECS Software Technology Co.

Intelligent logistics unattended system is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is a file upload vulnerability in the Intelligent Logistics Unattended...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

CVE-2023-28432 CVE-2023-28432检测工具 1、启动使用方法：...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023)

Last week, there were 86 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....

Command Execution Vulnerability in Sky Mirror Web Application Inspection System of Qixing Information Technology Group Co.

Qixing Information Technology Group Corporation is an enterprise mainly engaged in technology promotion and application service industry. A command execution vulnerability exists in the Sky Mirror Web Application Inspection System of Qixing Information Technology Group Co. that can be exploited by....

Discord.io confirms theft of 760,000 members' data

Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future."...

Remote Code Execution Vulnerability in WPS Office of Zhuhai Kingsoft Office Software Co.

WPS Office is an office software suite from Zhuhai Kingsoft Office Software Co. A remote code execution vulnerability exists in WPS Office of Zhuhai Kingsoft Office Software Co. Ltd, which can be exploited by attackers to gain server...

Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests

Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale,....