WordPress支付宝Alipay|财付通Tenpay|贝宝PayPal集成插件 Security Vulnerabilities

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)

Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Exploit for Path Traversal in Stagil Stagil Navigation

Jira plugin STAGIL Navigation FileName参数的任意文件读取漏洞POC脚本...

Exploit for OS Command Injection in Cacti

Cacti remote_agent.php 远程命令执行漏洞 CVE-2022-46169 漏洞描述...

Exploit for Unrestricted Upload of File with Dangerous Type in Dahuasecurity Smart Parking Management

大华智慧园区综合管理平台publishing文件上传 POC 安装依赖 ``` pip install...

Exploit for Path Traversal in Lanproxy Project Lanproxy

Lanproxy 目录遍历漏洞 CVE-2021-3019 漏洞描述...

Exploit for Path Traversal in Stagil Stagil Navigation

CVE-2023-26256_POC ```...

Exploit for Path Traversal in Stagil Stagil Navigation

CVE-2023-26256_POC ```...

Command Execution Vulnerability in WPS Windows Edition of Zhuhai Kingsoft Office Software Co.

WPS is an office software. A command execution vulnerability exists in WPS Windows Edition of Zhuhai Kingsoft Office Software Limited, which can be exploited by attackers to execute arbitrary...

Command execution vulnerability in Qixingchen Tianyue Network Security Audit System (CNVD-2023-71706)

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...

Exploit for CVE-2023-38831

项目介绍 这是一款go语言些的用于生成cve-2023-38831漏洞POC的工具 影响版本：WinRAR...

Command Execution Vulnerability in Qixingchen Tianyue Network Security Audit System

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A command execution vulnerability exists in Tianyue Network Security Audit System, which can be...

Smartbi windowUnloading Authentication Bypass Vulnerability

Smartbi is a one-stop big data analytics platform. An authentication bypass vulnerability exists in Smartbi windowUnloading, which can be exploited by an attacker to obtain system user credentials and execute remote...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 14, 2023 to August 20, 2023)

Last week, there were 64 vulnerabilities disclosed in 67 WordPress Plugins and 10 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 37 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

File Upload Vulnerability in Intelligent Logistics Unattended System of Taiyuan ECS Software Technology Co.

Intelligent logistics unattended system is an intelligent information platform for the unified control of raw material procurement, finished product sales and in-plant logistics for process manufacturing enterprises. There is a file upload vulnerability in the Intelligent Logistics Unattended...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

CVE-2023-28432 CVE-2023-28432检测工具 1、启动使用方法：...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 7, 2023 to August 13, 2023)

Last week, there were 86 vulnerabilities disclosed in 68 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....

Command Execution Vulnerability in Sky Mirror Web Application Inspection System of Qixing Information Technology Group Co.

Qixing Information Technology Group Corporation is an enterprise mainly engaged in technology promotion and application service industry. A command execution vulnerability exists in the Sky Mirror Web Application Inspection System of Qixing Information Technology Group Co. that can be exploited by....

Discord.io confirms theft of 760,000 members' data

Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io's users database was posted on BreachForums, the owners have decided to shut down all Discord.io services "for the foreseeable future."...

Remote Code Execution Vulnerability in WPS Office of Zhuhai Kingsoft Office Software Co.

WPS Office is an office software suite from Zhuhai Kingsoft Office Software Co. A remote code execution vulnerability exists in WPS Office of Zhuhai Kingsoft Office Software Co. Ltd, which can be exploited by attackers to gain server...

Interpol Busts Phishing-as-a-Service Platform '16Shop,' Leading to 3 Arrests

Interpol has announced the takedown of a phishing-as-a-service (PhaaS) platform called 16Shop, in addition to the arrests of three individuals in Indonesia and Japan. 16Shop specialized in the sales of phishing kits that other cybercriminals can purchase to mount phishing attacks on a large scale,....

Exploit for Release of Invalid Pointer or Reference in Tencent Qq

声明...

Exploit for Missing Authorization in Wpmet Metform Elementor Contact Form Builder

CVE-2022-1442 WordPress Plugin Metform <= 2.1.3 - Improper...

Command Execution Vulnerability in Sky Mirror Vulnerability Scanning and Management System of Qixing Information Technology Group Co.

Sky Mirror Vulnerability Scanning and Management System is a vulnerability scanning product independently developed by Qixing, a network-based vulnerability analysis, assessment and management system. There is a command execution vulnerability in the Sky Mirror Vulnerability Scanning and...

Arbitrary File Read Vulnerability in Sky Mirror Vulnerability Scanning and Management System of Kaixingchen Information Technology Group Co.

Sky Mirror Vulnerability Scanning and Management System is a vulnerability scanning product independently developed by Qixing, a network-based vulnerability analysis, assessment and management system. Sky Mirror Vulnerability Scanning and Management System of Qixing Information Technology Group...

Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)

Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities....

Exploit for CVE-2021-44910

CVE-2021-44910-SpringBlade漏洞检测工具...

Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft...

LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack

[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of...

Exploit for CVE-2023-34960

Chamilo__CVE-2023-34960_RCE Chamilo 是一个电子学习平台，也称为学习管理系统...

BloodBank 1.0 Cross Site Scripting

...

BloodBank 1.0 Insecure Direct Object Reference

...

Internet Bug Bounty: jdbc apache airflow provider code execution vulnerability

In airflow.providers.jdbc.hooks.jdbc.JdbcHook, A privilege escalation vulnerability exists in a system due to controllable Driver Path and Driver Class parameters which cause executing any java code. Vulnerability reproduction steps: 1. create a malicious jdbc driver, like this ``` import...

CVE-2021-4420

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....

CVE-2021-4420

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....

CVE-2021-4420

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....

Cross site request forgery (csrf)

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....

CVE-2021-4420

The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a....

Exploit for CVE-2023-27372

CVE-2023-27372-POC 概述 这个代码是用于检测目标网站是否存在 CVE-2023-27372...

CVE-2023-24405

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...

CVE-2023-24405

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...

Cross site request forgery (csrf)

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3...

CVE-2023-24405 WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 1.9.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin &lt;= 1.9.3...

Exploit for Command Injection in Chamilo

Chamilo_CVE-2023-34960-EXP 帮助： usage: CVE-2023-34960.py...

Exploit for Path Traversal in Igniterealtime Openfire

CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py 概述...

Exploit for Use After Free in Linux Linux Kernel

fork from https://github.com/veritas501/hbp_attack_demo...

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2023-2170......

Exploit for Double Free in Openbsd Openssh

CVE-2023-25136 OpenSSH 9.1漏洞大规模扫描和利用 *脆弱性的详细信息...

Exploit for CVE-2023-2982

CVE-2023-2982 WordPress Social Login and Register (Discord,...

Wordfence Intelligence Weekly WordPress Vulnerability Report (June 19, 2023 to June 25, 2023)

Last week, there were 84 vulnerabilities disclosed in 76 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 42 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....

Arbitrary File Download Vulnerability in ES File Browser of Beijing Xiaoxiong Bowang Technology Co.

ES File Explorer is a powerful and free local and network file manager. ES File Browser has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive...