爬虫实现对漏洞站点的每日监控,订阅后下发至邮箱。

TIP

愿意接受漏洞情报推送,请在评论里留下你的邮件。

# 2019-07-26-vulns

CVE-2019-7839: Adobe ColdFusion 存在代码执行漏洞 (opens new window)

Sahi Pro 8.0.0 远程代码执行漏洞 (opens new window)

Xstream远程代码执行漏洞 (opens new window)

Python Requests库,凭证信息泄露漏洞 (opens new window)

CVE-2019-12384漏洞分析及复现 (opens new window)

CVE-2019-11229 Gitea RCE (opens new window)

Trend Micro Deep Discovery Inspector IDS Security Bypass (opens new window)

Web Ofisi Emlak 3 emlak_durumu SQL Injection (opens new window)

MyT Project Management 1.5.1 User[username] Persistent Cross-Site Scripting (opens new window)

WebKit Universal Cross-Site Scripting due to Synchronous Page Loads (opens new window)

BACnet Stack 0.8.6 Denial Of Service (opens new window)

Sahi Pro 8.0.0 Remote Command Execution (opens new window)

XOO DIGITAL v2.1.0 XSS Vulnerability (opens new window)

Comtrend AR-5310 Restricted Shell Escape (opens new window)

Microsoft Windows Task Scheduler Local Privilege Escalation (opens new window)

Wind Tre S.P.A mobile operator is Vulnerable to Cross Site Scripting Attack https://www.exploitalert.com/view-details.html?id=33596

Coming Soon Page & Maintenance Mode v1.8.0 Unauthenticated Persistent XSS Injection https://www.exploitalert.com/view-details.html?id=33601

Web Ofisi Rent A Car 3 SQL Injection https://www.exploitalert.com/view-details.html?id=33606

Axway SecureTransport 5 Unauthenticated XML Injection https://www.exploitalert.com/view-details.html?id=33603

GigToDo - Freelance Marketplace Script v1.3 Persistent XSS Injection & WebShell Upload https://www.exploitalert.com/view-details.html?id=33597

AirTies Air5341 XSS Reflected JQuery https://www.exploitalert.com/view-details.html?id=33593

Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection https://www.exploitalert.com/view-details.html?id=33598

2019-07-25-vulns 
[CVE-2019-14247:mpg321软件0.3.2版本mad.c文件scan()函数越界写漏洞](http://t.cn/AijyApjm)
[三菱变频器的Mitsubishi FR Configurator2软件存在多个安全漏洞](http://t.cn/AijyApTk)
[Black Hat大会披露波音787安全漏洞](http://t.cn/AijyAp8u)
[利于Electron安全问题由XSS漏洞到远程命令执行](http://t.cn/R9OHSyu)
[SA-CORE-2019-008 Drupal访问绕过漏洞分析](https://xz.aliyun.com/t/5745)
[PHPCMS漏洞分析合集()](https://xz.aliyun.com/t/5730)
2019-07-24-vulns 
Palo Alto Gateways CVE-2019-1579 RCE漏洞
http://t.cn/AilD2w8Z
看我如何发现Bol.com网站的XXE漏洞并成功利用
http://t.cn/AilD2wFB
挖洞经验 | 影响400多万Mac系统的Zoom视频会议软件漏洞
http://t.cn/AilBsBC3
路由器漏洞分析系列(4:CVE-2019-7297 7298 D-Link DIR-823G 命令注入漏洞复现
https://xz.aliyun.com/t/5705
浅谈struts2漏洞防护与绕过-https://xz.aliyun.com/t/5707
CVE-2019-13139—Docker build时的命令注入漏洞
https://xz.aliyun.com/t/5729
2019-07-23-vulns 
CVE-2019-13615VLC播放器存在任意代码执行漏洞
http://t.cn/Ail31aGH
CVE-2019- 12815:ProFTPD存在任意读取和写入文件漏洞,超过100万台服务器未修补
http://t.cn/Ail31aVS
CVE-2019-12384:漏洞剖析——Jackson gadgets
http://t.cn/Ail3dRNY
VirtualBox NAT DHCP / BOOTP服务器漏洞
https://xz.aliyun.com/t/5723
CVE-2019-11580: Atlassian Crowd RCE漏洞分析
https://xz.aliyun.com/t/5737