渗透/安全推送中心
4.55K subscribers
14.4K links
第一时间推送github安全相关项目。安全情报 @BlackHatCN
Download Telegram
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2557

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-2594

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-28757

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no authentication (in th CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-30262

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-37769

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-35201

#rce
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-35516

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-36215

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-36216

#CVE_2022
渗透/安全推送中心 @cvebird

创建者:Live-Hack-CVE
项目描述:Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. CVE project by @Sn0wAlice
项目链接:https://github.com/Live-Hack-CVE/CVE-2022-29487

#CVE_2022