CVE-2025-34290 Versa SASE Client for Windows < 7.9.5 Arbitrary Folder Deletion Leading to Local Privilege Escalation

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

Discuz推广功能任意刷分

简要描述： DZ的访问加分的推广功能存在缺陷 详细说明： 这里是定义IP的地方 当XFORWARDEDFOR头存在并且不为那几种情况时使用这个作为IP地址 因为推广积分是跟访问IP有关的，所以只要修改XFORWARDEDFOR就可以任意刷积分了 漏洞证明： array'method' = "GET",'ignoreerrors'=true, 'header' = "XFORWARDEDFOR: $ip"; $url = "http://www.xxx.com/forum.php?fromuid=3007"; $contents =...

部分Discuz!论坛 用户可以任意刷积分！

简要描述： 有些Discuz!论坛 用户可以任意刷积分 详细说明： 对于有些Discuz!论坛对推广访问这个地方不重视从而可以使用户能够任意的刷论坛的用户积分和等级 先点击推广访问 可以看到这个界面 “如果您的朋友通过下面任意一个链接访问站点，您将获得积分奖励 金钱+1”我们可以复制一个推广链接 用流量精灵挂着 不一会儿 我们的积分就会上去。论坛等级也会提高！ 漏洞证明：...

CVE-2008-0571

The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks and manipulate points...

SetCMS 3.6.5 (setcms.org) Remote Command Execution Exploit

Exploit for unknown platform in category web applications ========================================================== SetCMS 3.6.5 setcms.org Remote Command Execution Exploit ========================================================== !/usr/bin/perl SetCMS v3.6.5 setcms.org remote commands executio...