CVE-2025-5485

User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequenc...

Exploit for SQL Injection in Ultimatemember Ultimate_Member

CVE-2024-1071 Exploit Script 🚀 🌟 Disclaimer This Proof o...

The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames

Summary The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. Details When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the allowedCredentials property i...

Exploit for Improper Input Validation in Paloaltonetworks Pan-Os

CVE-2024-3400 !POChttps://github.com/schooldropout1337/CVE...

Jenkins 低权限用户 API 服务调用 可致远程命令执行

漏洞演示 将 Jenkins 跑起来后，在低权限用户下构造 XML 文档： hashCode open /Applications/Calculator.app false 0 0 0 start 1 发送 Payload 至接口 http://...:8080/jenkins/createItem?name=knownsec： 成功后服务端会运行 计算器 程序。 漏洞影响 影响版本： 1.650 （1.650版本已修复该问题） 从zoomeye.org上搜索设备指纹“Jenkins” 从搜索的结果来看，约存在20000个潜在受到影响的目标。 相关链接...

DNS Zone Transfer (AXFR) Test - Active Check

The remote name server allows DNS zone transfers to be performed. SPDX-FileCopyrightText: 2005 [email protected] Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...