CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4671 Google Chromium in Visuals Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

CVE-2020-8644

creationtimestamp| type| source ---|---|--- 2020-04-03 14:31:14+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/playsmstemplateinjection.rb 2020-04-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48335 2021-11-08 08:58:19+00:00...

CVE-2018-18955

creationtimestamp| type| source ---|---|--- 2018-11-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45886 2018-11-20 07:03:47+00:00| published-proof-of-concept| https://t.me/antichat/2692 2018-11-27 22:33:29+00:00| seen|...

某门户网站系统存在两处任意文件下载漏洞

简要描述： 两处。 详细说明： 看样式对比，应该是官网这个产品： http://www.threeoa.com/product/501.html 案例应该还是不少的！ 第一处下载： http://www.jmsyz.net/eeoaftp/downloadFile.action?path=WEB-INF/web.xml http://jdyz.ijd.cn/eeoaftp/downloadFile.action?path=WEB-INF/web.xml http://www.wxxqml.com/eeoaftp/downloadFile.action?path=WEB-INF/web.x...