Aggregator

看雪论坛作者ID：Aar0n

随着技术的发展，网络攻击、数据泄露等安全威胁也日益严峻，网络安全问题已经成为全球关注的焦点。在这样的背景下，培养和储备优秀的网络安全人才显得尤为迫切。看雪作为网络安全领域的先行者，一直致力于网络安全人

我们首先使用jeb进行分析，搜索关键词success定位到逻辑。外层函数是一个魔改tea，过了前32字节检测才能进入下一个函数进行判断。#include #include

A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. This vulnerability is traded as CVE-2024-13140. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The identification of this vulnerability is CVE-2024-13139. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. This vulnerability was named CVE-2024-13138. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13137. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-13136. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #468753 / VDB-290214

Submit #468513 / VDB-290213

Submit #468511 / VDB-290212

Submit #468473 / VDB-290211

Submit #468391 / VDB-290210

A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/twitter.php of the component Subpage Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-13135. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #467929 / VDB-290209

A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Affected is the function addTeacher/editTeacher of the file src/main/Java/com/wdd/studentmanager/controller/TeacherController. java. The manipulation of the argument file leads to unrestricted upload. This vulnerability is traded as CVE-2024-13134. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. This issue affects the function addStudent/editStudent of the file src/main/Java/com/wdd/studentmanager/controller/StudentController. java. The manipulation of the argument file leads to unrestricted upload. The identification of this vulnerability is CVE-2024-13133. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #467924 / VDB-247992

Submit #467916 / VDB-290208