Aggregator

前言本次环境涉及反序列化漏洞、命令执行漏洞、Tomcat漏洞、MS系列漏洞、端口转发漏洞、以及域渗透等多种组合漏洞。环境搭建机器密码网络配置111网段是web的网卡，183网段是内网DC主机（Windows 2008）开机，提示密码过期，改为：Itchen123‍‍WEB主机（Ubuntu）docker启动服务：（这里有3个服务）查看是否启动成功：win7：‍web打点信息收集端口扫描：nmap扫

Submit #570814 / VDB-309038

A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/product.php. The manipulation of the argument Picture leads to unrestricted upload. This vulnerability is known as CVE-2025-4735. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ci_update.php. The manipulation of the argument Name leads to sql injection. This vulnerability is traded as CVE-2025-4734. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

人类对知识的征途，或许才刚刚开始。

A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The identification of this vulnerability is CVE-2025-4733. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. This vulnerability was named CVE-2025-4732. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-4731. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer overflow. This vulnerability is handled as CVE-2025-4730. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to command injection. This vulnerability is known as CVE-2025-4729. The attack can be launched remotely. Furthermore, there is an exploit available.

Это как если бы у полиции был доступ к твоему телефону, кредитной истории и спальне одновременно.

Submit #570715 / VDB-309037

Submit #570714 / VDB-309036

Submit #570703 / VDB-309035

Submit #570690 / VDB-309034

Submit #570688 / VDB-309033

Submit #570687 / VDB-309032

Submit #570686 / VDB-309031

ESET researchers uncover a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities

A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. This vulnerability is traded as CVE-2025-4728. It is possible to launch the attack remotely. Furthermore, there is an exploit available.