CVE-2025-34091

CVE-2025-34091 describes a padding oracle vulnerability in Google Chrome’s AppBound cookie encryption, due to DPAPI decryption error reporting in Windows Event Logs. A local attacker can send malformed SYSTEM-DPAPI ciphertext to Chrome’s elevation service, distinguish padding vs MAC errors, and p...

Empire Download System V2.5 Information Disclosure Vulnerability

Empire Download System" is a code completely open source, dedicated to the website information download and online video site to provide solutions. Empire Download System receives user error feedback report function flaws and vulnerabilities, the user by submitting a large number of characters ca...

Iwebsns最新版SQL注入第七枚（多个漏洞打包）

简要描述： Iwebsns最新版SQL注入第七枚（多个漏洞打包） 详细说明： 在wooyun上看到雨牛提了5个iwebsns的漏洞了（ WooYun: Iwebsns sql 第五枚。 ），我来捡捡漏儿吧，已对比，不重复，下载Iwebsns最新的1.1.0来看看。 为了使审核的大大们容易确认是否有重复，我先把存在漏洞的文件和注入参数分别写在这里：/action/poll/polladd.action.php sex noreply maxchoice 这个文件中的 sex noreply maxchoice三个参数都存在同样的注入漏洞，如下图 这里就一起提了吧，以sex为例进行证明。...