Webmin RCE Leading to Privilege Escalation Webmin RCE Leading to Privilege Escalation# Exploit Title: Webmin RCE Leading to Privilege Escalat... 2025-3-5 21:1:18 | 阅读: 11 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com webmin occurred ux urllib3 payload

IdoDesigns - Multiple Vulnerabilities @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title > IdoDesigns... 2025-3-5 21:0:14 | 阅读: 5 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com php idodesigns blogadd pwd designs

Crest Engine CMS 1.0 Cross Site Scripting Crest Engine CMS 1.0 Cross Site Scripting# Exploit Title: Crest Engine CMS - Reflected Cross-Site... 2025-3-4 17:56:50 | 阅读: 6 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com crest gate ux php

Teachers Record Management System v2.1 SQLi Teachers Record Management System v2.1 SQLi# Exploit Title: Teachers Record Management System... 2025-3-4 17:55:2 | 阅读: 9 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com subjects php teachers trms editid

Crest Engine CMS - Reflected Cross-Site Scripting (XSS) # Exploit Title: Crest Engine CMS - Reflected Cross-Site Scripting (XSS)# Exploit Author: wa0_3/td... 2025-3-4 17:53:50 | 阅读: 9 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com crest gate wa0 php td9

Adobe Reader CoolType Out-Of-Bounds Read Adobe Reader的CoolType.dll字体库中Type1/CFF字符串解释器代码未检查输入流指针是否超出源缓冲区边界，在三种情况下可能发生无界读取：执行循环开始时读取主操作码、读取'escape'指令的第二个字节以及读取'extendedmbr'参数或数值。这可能导致解析器读取垃圾数据或超出内存页导致AcroRd32.exe崩溃。该漏洞影响Adobe Reader 11.0.10及更早版本，但因严重性较低未开发PoC证明概念。... 2025-2-28 17:2:0 | 阅读: 6 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com cooltype charstring interpreter filed crash

SeedDMS 6.0.29 Cross Site Scripting SeedDMS 6.0.29 存在存储型 XSS 漏洞，允许具备“添加类别”权限的用户或恶意管理员在类别名称字段中注入恶意脚本。当文档与恶意类别关联后，脚本会被存储并渲染，导致任意查看文档的用户浏览器执行恶意代码。... 2025-2-28 16:59:10 | 阅读: 21 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com seeddms payload discoverer malicious 25461

Firefox 135.0.1 bypass Download protections (PoC) 文章描述了如何通过HTML和PHP代码在Firefox 135.0.1版本中绕过下载保护机制，实现强制或隐秘下载文件的功能，并可能导致循环下载填充默认下载文件夹。... 2025-2-28 16:53:47 | 阅读: 6 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com download php fldf fldr brw

Library-Card-System V 1.0 | Add Picture/Signature - signup.php | Unrestricted File Upload | Found By Maloy Roy Orko Library-Card-System V1.0中signup.php存在无限制文件上传漏洞，允许远程攻击者上传恶意脚本并劫持服务器。... 2025-2-27 17:30:51 | 阅读: 7 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com library php signup needyamin

Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko Library-Card-System 1.0 存在 SQL 注入漏洞，在 `card.php?id=` 参数处未受保护，允许远程攻击者通过输入恶意参数dump数据库。... 2025-2-27 17:30:37 | 阅读: 9 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com needyamin library injection database

needyamin Library Card System Registration Page signup.php cross site scripting Library-Card-System 1.0 存在存储型跨站脚本漏洞， signup.php 中的用户输入未验证或清理，允许远程攻击者通过注册携带 XSS 有效载荷，在 admindashboard.php 和 card.php 中执行恶意脚本。... 2025-2-24 21:1:13 | 阅读: 7 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com php library signup needyamin maloy

Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko needyamin image_gallery 1.0 存在关键漏洞，影响 Cover Image Handler 组件。通过操纵 image 参数可实现任意文件上传。该漏洞已公开披露，但厂商未回应修复请求。... 2025-2-24 21:0:42 | 阅读: 6 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com gallery classified needyamin php initiated

Image_Gallery | view.php?username= | Cross Site Scripting (Reflected XSS) | Found By Maloy Roy Orko Image_Gallery应用中的view.php?username=参数存在反射型XSS漏洞，由Maloy Roy Orko发现。攻击者可注入恶意脚本窃取管理员cookie并控制服务器。... 2025-2-24 21:0:26 | 阅读: 7 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com username php gallery needyamin roy

Library-Card-System | SQL Injection Admin Login Bypass In admin.php | Found By Maloy Roy Orko Maloy Roy Orko发现Library-Card-System 1.0的admin.php存在SQL注入漏洞，允许攻击者绕过管理员登录检查并进入后台面板。... 2025-2-24 21:0:1 | 阅读: 8 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com library php bypass injection needyamin

Zabbix SQL Multiple Vulns 本文介绍了一个针对Zabbix服务器的SQL注入漏洞（CVE-2024-42327），通过该漏洞可泄露管理员API认证令牌并创建反向shell以实现远程控制。... 2025-2-19 22:11:39 | 阅读: 12 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com payload proxies endc jsonrpc username

InvokeAI Remote Code Execution 该文章描述了一个针对InvokeAI平台的远程代码执行（RCE）漏洞（CVE-2024-12029），该漏洞存在于`/api/v2/models/install`接口中。攻击者可通过上传恶意模型文件触发服务器端反序列化漏洞，从而在目标服务器上执行任意代码。此漏洞影响InvokeAI版本4.0.0至5.4.2，并已被Metasploit框架集成模块进行利用。... 2025-2-19 22:8:44 | 阅读: 25 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com remote invokeai payload httpdelay stance

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution 这篇文章描述了一个针对BeyondTrust Privileged Remote Access (PRA)和Remote Support (RS)的未认证远程代码执行漏洞（影响版本24.3.1及以下），利用了CVE-2024-12356（参数注入）和CVE-2025-1094（PostgreSQL SQL注入）。该漏洞允许攻击者通过WebSocket协议在目标系统上执行任意代码，并提供了Metasploit模块实现利用。... 2025-2-19 22:7:40 | 阅读: 8 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com remote 12356 download client connector

WordPress Plugin A/B Image Optimizer 3.3 Arbitrary File Download WordPress插件A/B Image Optimizer 3.3及以下版本存在目录遍历漏洞，允许订阅者及以上权限用户下载任意文件，可能导致敏感信息泄露。CVSS评分为6.5。... 2025-2-18 22:26:50 | 阅读: 19 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com wp optimizer 65534 wordpress uucp

OpenSSH 9.9p1 Denial of Service / Man-In-The-Middle OpenSSH 9.9p1 存在两个漏洞：一是当 VerifyHostKeyDNS 启用时，攻击者可伪造服务器身份；二是内存和 CPU 的消耗导致拒绝服务攻击。这两个漏洞分别由历史代码问题和新增功能引入。... 2025-2-18 22:25:39 | 阅读: 8 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com ssh client openssh sshkey sshbuf

ABB Cylon FLXeon 9.3.4 Default Credentials ABB Cylon FLXeon 9.3.4默认凭据存在安全漏洞。该设备用于楼宇自动化系统，支持BACnet/IP协议，默认管理凭据强度弱，易被远程攻击者猜测并完全控制设备。... 2025-2-13 21:10:23 | 阅读: 9 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com abb bacnet flxeon cylon zsl