Image_Gallery | view.php?username= | Cross Site Scripting (Reflected XSS) | Found By Maloy Roy Orko Image_Gallery应用中的view.php?username=参数存在反射型XSS漏洞，由Maloy Roy Orko发现。攻击者可注入恶意脚本窃取管理员cookie并控制服务器。... 2025-2-24 21:0:26 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com username php gallery needyamin roy

Library-Card-System | SQL Injection Admin Login Bypass In admin.php | Found By Maloy Roy Orko Maloy Roy Orko发现Library-Card-System 1.0的admin.php存在SQL注入漏洞，允许攻击者绕过管理员登录检查并进入后台面板。... 2025-2-24 21:0:1 | 阅读: 5 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com library php bypass injection needyamin

Zabbix SQL Multiple Vulns 本文介绍了一个针对Zabbix服务器的SQL注入漏洞（CVE-2024-42327），通过该漏洞可泄露管理员API认证令牌并创建反向shell以实现远程控制。... 2025-2-19 22:11:39 | 阅读: 10 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com payload proxies endc jsonrpc username

InvokeAI Remote Code Execution 该文章描述了一个针对InvokeAI平台的远程代码执行（RCE）漏洞（CVE-2024-12029），该漏洞存在于`/api/v2/models/install`接口中。攻击者可通过上传恶意模型文件触发服务器端反序列化漏洞，从而在目标服务器上执行任意代码。此漏洞影响InvokeAI版本4.0.0至5.4.2，并已被Metasploit框架集成模块进行利用。... 2025-2-19 22:8:44 | 阅读: 21 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com remote invokeai payload httpdelay stance

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution 这篇文章描述了一个针对BeyondTrust Privileged Remote Access (PRA)和Remote Support (RS)的未认证远程代码执行漏洞（影响版本24.3.1及以下），利用了CVE-2024-12356（参数注入）和CVE-2025-1094（PostgreSQL SQL注入）。该漏洞允许攻击者通过WebSocket协议在目标系统上执行任意代码，并提供了Metasploit模块实现利用。... 2025-2-19 22:7:40 | 阅读: 6 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com remote 12356 download client connector

WordPress Plugin A/B Image Optimizer 3.3 Arbitrary File Download WordPress插件A/B Image Optimizer 3.3及以下版本存在目录遍历漏洞，允许订阅者及以上权限用户下载任意文件，可能导致敏感信息泄露。CVSS评分为6.5。... 2025-2-18 22:26:50 | 阅读: 16 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com wp optimizer 65534 wordpress uucp

OpenSSH 9.9p1 Denial of Service / Man-In-The-Middle OpenSSH 9.9p1 存在两个漏洞：一是当 VerifyHostKeyDNS 启用时，攻击者可伪造服务器身份；二是内存和 CPU 的消耗导致拒绝服务攻击。这两个漏洞分别由历史代码问题和新增功能引入。... 2025-2-18 22:25:39 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com ssh client openssh sshkey sshbuf

ABB Cylon FLXeon 9.3.4 Default Credentials ABB Cylon FLXeon 9.3.4默认凭据存在安全漏洞。该设备用于楼宇自动化系统，支持BACnet/IP协议，默认管理凭据强度弱，易被远程攻击者猜测并完全控制设备。... 2025-2-13 21:10:23 | 阅读: 6 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com abb bacnet flxeon cylon zsl

Wattsense Bridge 6.x Remote Root / Information Disclosure Wattsense Bridge 6.x版本存在四个高危漏洞（CVE-2025-26408至26411），包括JTAG访问、串口登录、弱密码及插件上传等，可导致远程根权限获取或设备操控。建议用户立即更新至修复版本（如6.4.1及以上），并进行全面安全审查。... 2025-2-13 21:9:28 | 阅读: 53 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com wattsense attacker bootloader firmware security

SolarView Compact 6.00 - Command Injection 这篇文章介绍了SolarView Compact 6.00版本中存在的命令注入漏洞。攻击者可通过构造恶意请求实现远程命令执行，并绕过身份验证。该漏洞影响Windows、Linux和Android（Termux）环境。... 2025-2-13 21:7:55 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com injection solarview php solar attacker

ABB Cylon FLXeon 9.3.4 (serialConfig.js) JSON Object Flooding DoS ABB Cylon FLXeon 9.3.4版本中存在一个JSON对象洪水攻击漏洞，影响多个系列控制器。攻击者可通过构造特定请求利用该漏洞引发内存和CPU资源耗尽，导致拒绝服务（DoS）。此漏洞由Gjoko Krstic发现。... 2025-2-10 20:10:43 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com abb bacnet flxeon newports

MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@... 2025-2-1 09:40:45 | 阅读: 14 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com php myschool injection forgot

Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting[+] Credits: Shahnawaz Shaikh, Security Researcher... 2025-2-1 09:39:16 | 阅读: 8 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com quorum 2064 onq attacker ux

Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit UpdateCVSS Base Score: 7.5/1... 2025-2-1 09:37:10 | 阅读: 9 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com injects elegant loginform injection napc

OpenPanel 0.3.4 Command Injection OpenPanel 0.3.4 Command Injection# Exploit Title: OpenPanel 0.3.4 - OS Command Injection via The T... 2025-1-29 22:13:13 | 阅读: 9 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com openpanel timezone 2083 injection ux

MySchool System - Multiple Vulnerabilities MySchool System - Multiple Vulnerabilities@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@... 2025-1-29 22:12:2 | 阅读: 14 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com php myschool forgot educational

NEXT-EMP v1.0-Copyright © 2024. All rights reserved. File Upload-FU and Remote Code Execution-RCE NEXT-EMP v1.0-Copyright © 2024. All rights reserved. File Upload-FU and Remote Code Execution-... 2025-1-29 22:11:37 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com php remote mayurik

SpagoBI 3.5.1 Cross Site Scripting # CVE-2024-54795**Severity :** **Medium** (**5.4**)**CVSS score :** `CVSS:3.1/AV:N/AC:L/PR:L/UI:... 2025-1-28 21:10:7 | 阅读: 17 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com designer worksheet 54795 inserting malicious

SpagoBI 3.5.1 Cross Site Request Forgery # CVE-2024-54792**Severity :** **Medium** (**6.1**)**CVSS score :** `CVSS:3.1/AV:N/AC:L/PR:N/UI:... 2025-1-28 21:9:4 | 阅读: 9 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com username 54792 victim 2fspagobi 2fadmin

AutoLib Software Systems OPAC 20.10 Secret Disclosure [+] Credits: Shahnawaz Shaikh, Security Researcher at Cybergate Defense LLC[+] twitter.com/_striv3r... 2025-1-28 21:7:19 | 阅读: 6 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com autolib security opac software india