爬虫实现对漏洞站点的每日监控,订阅后下发至邮箱。

TIP

愿意接受漏洞情报推送,请在评论里留下你的邮件。

2019-07-26-vulns

CVE-2019-7839: Adobe ColdFusion 存在代码执行漏洞

Sahi Pro 8.0.0 远程代码执行漏洞

Xstream远程代码执行漏洞

Python Requests库,凭证信息泄露漏洞

CVE-2019-12384漏洞分析及复现

CVE-2019-11229 Gitea RCE

Trend Micro Deep Discovery Inspector IDS Security Bypass

Web Ofisi Emlak 3 emlak_durumu SQL Injection

MyT Project Management 1.5.1 User[username] Persistent Cross-Site Scripting

WebKit Universal Cross-Site Scripting due to Synchronous Page Loads

BACnet Stack 0.8.6 Denial Of Service

Sahi Pro 8.0.0 Remote Command Execution

XOO DIGITAL v2.1.0 XSS Vulnerability

Comtrend AR-5310 Restricted Shell Escape

Microsoft Windows Task Scheduler Local Privilege Escalation

Wind Tre S.P.A mobile operator is Vulnerable to Cross Site Scripting Attack https://www.exploitalert.com/view-details.html?id=33596

Coming Soon Page & Maintenance Mode v1.8.0 Unauthenticated Persistent XSS Injection https://www.exploitalert.com/view-details.html?id=33601

Web Ofisi Rent A Car 3 SQL Injection https://www.exploitalert.com/view-details.html?id=33606

Axway SecureTransport 5 Unauthenticated XML Injection https://www.exploitalert.com/view-details.html?id=33603

GigToDo - Freelance Marketplace Script v1.3 Persistent XSS Injection & WebShell Upload https://www.exploitalert.com/view-details.html?id=33597

AirTies Air5341 XSS Reflected JQuery https://www.exploitalert.com/view-details.html?id=33593

Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection https://www.exploitalert.com/view-details.html?id=33598

2019-07-25-vulns 
[CVE-2019-14247:mpg321软件0.3.2版本mad.c文件scan()函数越界写漏洞](http://t.cn/AijyApjm)

[三菱变频器的Mitsubishi FR Configurator2软件存在多个安全漏洞](http://t.cn/AijyApTk)

[Black Hat大会披露波音787安全漏洞](http://t.cn/AijyAp8u)

[利于Electron安全问题由XSS漏洞到远程命令执行](http://t.cn/R9OHSyu)

[SA-CORE-2019-008 Drupal访问绕过漏洞分析](https://xz.aliyun.com/t/5745)

[PHPCMS漏洞分析合集()](https://xz.aliyun.com/t/5730)
2019-07-24-vulns 
Palo Alto Gateways CVE-2019-1579 RCE漏洞
http://t.cn/AilD2w8Z

看我如何发现Bol.com网站的XXE漏洞并成功利用
http://t.cn/AilD2wFB

挖洞经验 | 影响400多万Mac系统的Zoom视频会议软件漏洞
http://t.cn/AilBsBC3

路由器漏洞分析系列(4:CVE-2019-7297 7298 D-Link DIR-823G 命令注入漏洞复现
https://xz.aliyun.com/t/5705

浅谈struts2漏洞防护与绕过-中
https://xz.aliyun.com/t/5707

CVE-2019-13139—Docker build时的命令注入漏洞
https://xz.aliyun.com/t/5729
2019-07-23-vulns 
CVE-2019-13615VLC播放器存在任意代码执行漏洞
http://t.cn/Ail31aGH

CVE-2019- 12815:ProFTPD存在任意读取和写入文件漏洞,超过100万台服务器未修补
http://t.cn/Ail31aVS

CVE-2019-12384:漏洞剖析——Jackson gadgets
http://t.cn/Ail3dRNY

VirtualBox NAT DHCP / BOOTP服务器漏洞
https://xz.aliyun.com/t/5723

CVE-2019-11580: Atlassian Crowd RCE漏洞分析
https://xz.aliyun.com/t/5737