573 matches found
CVE-2018-5377
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter...
CVE-2024-30884
Reflected Cross-Site Scripting XSS vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component...
CVE-2024-30884
Reflected Cross-Site Scripting XSS vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component...
PT-2024-23656 · Discuzx · Discuzx
Name of the Vulnerable Software and Affected Versions: Discuz! version X3.4 20220811 Description: The issue is a Reflected Cross-Site Scripting XSS vulnerability, which allows remote attackers to execute arbitrary code and obtain sensitive information. This is achieved via a crafted payload to th...
Discuz! 安全漏洞
Cansheng Xintron Technology Discuz! is a community forum system based on PHP and MySQL by China's Cansheng Xintron Technology Company. A security vulnerability exists in Discuz! X3.4 version 20220811, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that allows...
CVE-2024-30884
Reflected Cross-Site Scripting XSS vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component...
CVE-2024-30884
Reflected Cross-Site Scripting XSS vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component...
Discuz! X 跨站脚本漏洞
Discuz! X is a forum platform. A cross-site scripting vulnerability exists in version 3.4-20200818 and prior versions of Discuz! X. The vulnerability stems from the fact that incorrect manipulation of the uchidden parameter can lead to cross-site scripting...
CVE-2023-49759
Cross-Site Request Forgery CSRF vulnerability in gVectors Team WooDiscuz – WooCommerce Comments.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.3.0...
Discuz! 跨站脚本漏洞
Cansheng Xinchuang Technology Discuz! is a community forum system based on PHP and MySQL by Cansheng Xinchuang Technology Company in China. A security vulnerability exists in Discuz! X version 3.4, which stems from the presence of a cross-site scripting XSS vulnerability that can be exploited by ...
SQL Injection Vulnerability in Discuz!
Discuz! is a general-purpose community forum software system. A SQL injection vulnerability exists in Discuz! An attacker can exploit the vulnerability to obtain sensitive information from the database...
Shenzhen Tencent Computer System Co., Ltd Discuz! information leakage vulnerability
Crossday Discuz! Board Forum System referred to as Discuz! Forum is an efficient forum solution built with PHP and MySQL/Pgsql and many other databases. An information leakage vulnerability exists in Shenzhen Tencent Computer Systems Limited Discuz! An attacker can exploit this vulnerability to...
Arbitrary file deletion vulnerability in the background of Beijing Kangsheng Xinchuang Technology Co.
Discuz! is a general community forum software system launched by Beijing Kangsheng Xinchuang Technology Co. Discuz! x3.4 backend has an arbitrary file deletion vulnerability that can be exploited by an attacker to construct a packet to delete arbitrary files, possibly enabling reinstallation...
msf_module
msf-module wooyun还在的时候根据别人的审计写的一些msf插件,有几个还是挺好用的 module列表 auxiliary + zoomeye-search.rb exploits + Dswjcms-upload-wooyun-2015-0160899.rb + Lotapp-exec-wooyun-2015-0133750.rb + OEM-exec-wooyun-2010-0192732.rb + ZTE-exec-wooyun-2016-190343.rb + discuz-ssrf-wooyun-2011-0151179.rb +...
poc
This is a collection of proof-of-concept PoC exploits for various vulnerabilities, primarily targeting web applications. The PoCs are written in Python and utilize the Beebeeto framework. Here's a summary of the PoCs: 1. Discuz x3.0 /static/image/common/focus.swf Cross Site Scripting XSS POC: Thi...
X3.4 suffers from arbitrary file reading vulnerability
Discuz! is a general-purpose community forum software system. X3.4 has an arbitrary file reading vulnerability that can be exploited by attackers to read file information...
ML Code Injection Vulnerability
Discuz!ML is an open source community forum system based on the Discuz!X engine. A security vulnerability exists in Discuz!ML version 3.2 to 3.4. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...
CVE-2019-13956
Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH40df5language=en to 4gH40df5language=en'.phpinfo.'; if the random prefix 4gH40df5 were used...
Code injection
Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH40df5language=en to 4gH40df5language=en'.phpinfo.'; if the random prefix 4gH40df5 were used...
CVE-2019-13956
Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH40df5language=en to 4gH40df5language=en'.phpinfo.'; if the random prefix 4gH40df5 were used...