unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
Github CVE
Github Tools
编码/解码
文件传输
管理
Twitter Bot
Telegram Bot
Search
Rss
黑夜模式
增加标签
Tags (allow clear + 0 threshold)
Choose a tag...
Please select a valid tag.
Live-Hack-CVE/CVE-2020-14946
downloadFile.ashx in the Administrator section of the Surveillance module in Global RADAR BSA Radar 1.6.7234.24750 and earlier allows users to download transaction files. When downloading the files, a user is able to view local files on the web server by manipulating the FileName and FilePath parameters in the URL, or CVE project by @Sn0wAlice
Create: 2023-01-31 05:53:57 +0800 CST Push: 2023-01-31 05:54:00 +0800 CST |
Live-Hack-CVE/CVE-2019-19726
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but f CVE project by @Sn0wAlice
Create: 2023-01-31 05:53:54 +0800 CST Push: 2023-01-31 05:53:56 +0800 CST |
Live-Hack-CVE/CVE-2019-19650
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function. CVE project by @Sn0wAlice
Create: 2023-01-31 05:53:50 +0800 CST Push: 2023-01-31 05:53:53 +0800 CST |
Live-Hack-CVE/CVE-2022-4673
The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice
Create: 2023-01-31 05:53:46 +0800 CST Push: 2023-01-31 05:53:49 +0800 CST |
Live-Hack-CVE/CVE-2022-4627
The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. CVE project by @Sn0wAlice
Create: 2023-01-31 05:53:42 +0800 CST Push: 2023-01-31 05:53:45 +0800 CST |
Live-Hack-CVE/CVE-2021-24837
The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. CVE project by @Sn0wAlice
Create: 2023-01-31 05:53:39 +0800 CST Push: 2023-01-31 05:53:41 +0800 CST |
Live-Hack-CVE/CVE-2022-4675
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. CVE project by @Sn0wAlice
Create: 2023-01-31 05:53:35 +0800 CST Push: 2023-01-31 05:53:37 +0800 CST |
abbisQQ/CVE-2023-24610
This is a proof of concept for CVE-2023-24610
Create: 2023-01-31 05:33:46 +0800 CST Push: 2023-01-31 05:34:34 +0800 CST |
Live-Hack-CVE/CVE-2019-10349
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins. CVE project by @Sn0wAlice
Create: 2023-01-31 03:43:14 +0800 CST Push: 2023-01-31 03:43:16 +0800 CST |
Live-Hack-CVE/CVE-2019-10346
A reflected cross site scripting vulnerability in Jenkins Embeddable Build Status Plugin 2.0.1 and earlier allowed attackers inject arbitrary HTML and JavaScript into the response of this plugin. CVE project by @Sn0wAlice
Create: 2023-01-31 03:43:10 +0800 CST Push: 2023-01-31 03:43:12 +0800 CST |
Live-Hack-CVE/CVE-2019-10340
A cross-site request forgery vulnerability in Jenkins Docker Plugin 1.1.6 and earlier in DockerAPI.DescriptorImpl#doTestConnection allowed users with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenk CVE project by @Sn0wAlice
Create: 2023-01-31 03:43:06 +0800 CST Push: 2023-01-31 03:43:09 +0800 CST |
Live-Hack-CVE/CVE-2019-11821
SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. CVE project by @Sn0wAlice
Create: 2023-01-31 03:43:03 +0800 CST Push: 2023-01-31 03:43:05 +0800 CST |
Live-Hack-CVE/CVE-2019-13564
XSS exists in Ping Identity Agentless Integration Kit before 1.5. CVE project by @Sn0wAlice
Create: 2023-01-31 03:42:59 +0800 CST Push: 2023-01-31 03:43:01 +0800 CST |
Live-Hack-CVE/CVE-2022-43975
An issue was discovered in FC46-WebBridge on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. A vulnerability in the web server allows arbitrary files and configurations to be read via directory traversal over TCP port 8888. CVE project by @Sn0wAlice
Create: 2023-01-31 03:42:55 +0800 CST Push: 2023-01-31 03:42:58 +0800 CST |
Live-Hack-CVE/CVE-2019-11822
Relative path traversal vulnerability in SYNO.PhotoStation.File in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to upload arbitrary files via the uploadphoto parameter. CVE project by @Sn0wAlice
Create: 2023-01-31 03:42:51 +0800 CST Push: 2023-01-31 03:42:53 +0800 CST |
Live-Hack-CVE/CVE-2018-1893
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152 CVE project by @Sn0wAlice
Create: 2023-01-31 03:42:47 +0800 CST Push: 2023-01-31 03:42:49 +0800 CST |
Live-Hack-CVE/CVE-2018-1828
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150 CVE project by @Sn0wAlice
Create: 2023-01-31 03:42:43 +0800 CST Push: 2023-01-31 03:42:46 +0800 CST |
Live-Hack-CVE/CVE-2018-1892
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152 CVE project by @Sn0wAlice
Create: 2023-01-31 03:42:39 +0800 CST Push: 2023-01-31 03:42:42 +0800 CST |
Live-Hack-CVE/CVE-2018-1827
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150 CVE project by @Sn0wAlice
Create: 2023-01-31 03:42:35 +0800 CST Push: 2023-01-31 03:42:37 +0800 CST |
Live-Hack-CVE/CVE-2018-1826
IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150 CVE project by @Sn0wAlice
Create: 2023-01-31 03:42:31 +0800 CST Push: 2023-01-31 03:42:33 +0800 CST |
Previous
9
10
11
12
13
14
15
16
Next