2023-08-30 10:17:32 +02:00
|
|
|
|
# 更新日志
|
|
|
|
|
|
|
2023-09-16 17:58:50 +02:00
|
|
|
|
## 2023.9.16
|
|
|
|
|
|
|
|
|
|
|
|
同步nuclei引擎 **v2.9.14**
|
|
|
|
|
|
|
|
|
|
|
|
现在workflow中填写可以添加.yaml后缀也可以不填了
|
|
|
|
|
|
|
|
|
|
|
|
添加整个程序结束后的提示
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
更新poc
|
|
|
|
|
|
|
|
|
|
|
|
同步nuclei poc至v9.6.3
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
添加Poc
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
CVE-2023-39600 (IceWarp 11.4.6.0 - Cross-Site Scripting)
|
|
|
|
|
|
CVE-2023-39598 (IceWarp Email Client - Cross Site Scripting)
|
|
|
|
|
|
CVE-2023-39361 (Cacti 1.2.24 - SQL Injection)
|
|
|
|
|
|
CVE-2023-36844 (Juniper Devices - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-34192 (Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting)
|
|
|
|
|
|
CVE-2023-34124 (SonicWall GMS and Analytics Web Services - Shell Injection)
|
|
|
|
|
|
CVE-2023-30150 (PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection)
|
|
|
|
|
|
CVE-2023-27034 (Blind SQL injection vulnerability in Jms Blog)
|
|
|
|
|
|
CVE-2023-2648 (Weaver E-Office 9.5 - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-26469 (Jorani 1.0.0 - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-20073 (Cisco VPN Routers - Unauthenticated Arbitrary File Upload)
|
|
|
|
|
|
CVE-2022-22897 (PrestaShop Ap Pagebuilder <= 2.4.4 SQL Injection)
|
|
|
|
|
|
CVE-2021-46107 (Ligeo Archives Ligeo Basics - Server Side Request Forgery)
|
|
|
|
|
|
CVE-2020-11798 (Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal)
|
|
|
|
|
|
CVE-2020-10220 (rConfig 3.9 - SQL injection)
|
|
|
|
|
|
CVE-2018-17153 (Western Digital MyCloud NAS - Authentication Bypass)
|
|
|
|
|
|
CVE-2016-10108 (Western Digital MyCloud NAS - Command Injection)
|
|
|
|
|
|
jorani-benjamin-xss (Jorani v1.0.3-2014-2023 Benjamin BALET - Cross-Site Scripting)
|
|
|
|
|
|
prestashop-apmarketplace-sqli (PrestaShop Ap Marketplace SQL Injection)
|
|
|
|
|
|
ecology-info-leak (Ecology - Information Exposure)
|
|
|
|
|
|
php-debugbar-exposure (Php Debug Bar - Exposure)
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
部分Poc移动至Nuclei官方模版
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
CNVD-2021-32799 (360 Xintianqing - SQL Injection)
|
|
|
|
|
|
hikvision-fastjson-rce (HIKVISION applyCT Fastjson - Remote Command Execution)
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-09-15 02:51:38 +02:00
|
|
|
|
## 2023.9.15
|
|
|
|
|
|
|
|
|
|
|
|
9月13号的更新报告写入有问题,现在修了。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-09-13 04:36:42 +02:00
|
|
|
|
## 2023.9.13
|
|
|
|
|
|
|
|
|
|
|
|
根据 **hanbufei**大哥的pr,添加模糊搜索poc,并跳过指纹识别、路径爆破直接打poc的功能。
|
|
|
|
|
|
|
2023-09-13 06:09:01 +02:00
|
|
|
|
同步nuclei引擎 v2.9.14的yaml poc结构。准备同步最新官方nuclei poc
|
|
|
|
|
|
|
2023-09-13 04:36:42 +02:00
|
|
|
|
|
|
|
|
|
|
|
2023-09-04 11:08:49 +02:00
|
|
|
|
## 2023.9.4
|
|
|
|
|
|
|
|
|
|
|
|
修复大量目标进行主动指纹探测时协程调度异常导致资源占用过高的问题。
|
|
|
|
|
|
|
|
|
|
|
|
新增web探针线程、超时命令行参数。
|
|
|
|
|
|
|
|
|
|
|
|
新增跳过Golang Poc的命令行参数。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-09-02 05:52:08 +02:00
|
|
|
|
## 2023.9.2
|
|
|
|
|
|
|
|
|
|
|
|
部分2023 hvv漏洞更新
|
|
|
|
|
|
|
2023-09-15 02:51:38 +02:00
|
|
|
|
```
|
2023-09-02 05:52:08 +02:00
|
|
|
|
renwoxing-crm-smsdatalist-sqli (感谢h0nayuzu)
|
|
|
|
|
|
jeecg-boot-ssti-rce
|
|
|
|
|
|
dahua-smart-park-getfacecapture-sqli(感谢h0nayuzu)
|
|
|
|
|
|
dahua-smart-park-video-upload
|
|
|
|
|
|
dahua-user-getuserinfobyusername-getpassword(感谢h0nayuzu)
|
|
|
|
|
|
cdg-uploadfilefromclientserviceforclient-file-upload (亿赛通文件上传)
|
|
|
|
|
|
officeweb365-file-upload
|
|
|
|
|
|
yonyou-turbocrm-getemaildata-fileread
|
2023-09-15 02:51:38 +02:00
|
|
|
|
```
|
2023-09-02 05:52:08 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-08-30 10:17:32 +02:00
|
|
|
|
## 2023.8.30
|
|
|
|
|
|
|
|
|
|
|
|
同步Nuclei模板至v9.6.2.将部分user目录下的Poc指向Nuclei官方Poc
|
|
|
|
|
|
|
2023-09-15 02:51:38 +02:00
|
|
|
|
```
|
2023-08-30 10:17:32 +02:00
|
|
|
|
CVE-2023-36346
|
|
|
|
|
|
CNVD-2022-86535
|
|
|
|
|
|
leostream-default-login
|
|
|
|
|
|
pyload-default-login
|
|
|
|
|
|
unauth-temporal-web-ui
|
|
|
|
|
|
apache-dubbo-unauth
|
|
|
|
|
|
apache-rocketmq-broker-unauth
|
|
|
|
|
|
collibra-properties
|
|
|
|
|
|
CVE-2023-29300
|
|
|
|
|
|
CVE-2023-29298
|
|
|
|
|
|
CVE-2023-24489
|
|
|
|
|
|
CVE-2022-40127
|
|
|
|
|
|
CVE-2023-37270
|
|
|
|
|
|
CVE-2020-17463
|
|
|
|
|
|
CVE-2017-7925
|
|
|
|
|
|
yealink-default-login
|
|
|
|
|
|
CVE-2023-38646
|
|
|
|
|
|
CVE-2023-37265
|
|
|
|
|
|
CVE-2023-37266
|
|
|
|
|
|
CVE-2023-35885
|
|
|
|
|
|
CVE-2023-37462
|
|
|
|
|
|
CVE-2023-38205
|
|
|
|
|
|
CVE-2023-3836
|
|
|
|
|
|
CVE-2023-3765
|
|
|
|
|
|
CVE-2021-44139
|
|
|
|
|
|
CVE-2021-27670
|
|
|
|
|
|
CVE-2018-20608
|
|
|
|
|
|
elasticsearch-default-login
|
|
|
|
|
|
jupyter-notebook-rce
|
|
|
|
|
|
skype-blind-ssrf
|
|
|
|
|
|
tongda-auth-bypass (Tongda OA 11.7 - Authentication Bypass)
|
|
|
|
|
|
alibaba-anyproxy-lfi
|
|
|
|
|
|
nginxwebui-runcmd-rce
|
|
|
|
|
|
CVE-2023-39143
|
|
|
|
|
|
CVE-2023-26067
|
|
|
|
|
|
CVE-2023-22480
|
|
|
|
|
|
CVE-2022-40843
|
|
|
|
|
|
CVE-2021-22707
|
|
|
|
|
|
CVE-2020-28185
|
|
|
|
|
|
CVE-2019-7192
|
|
|
|
|
|
CVE-2019-15642
|
|
|
|
|
|
CVE-2018-18809
|
|
|
|
|
|
CVE-2018-12909
|
|
|
|
|
|
CVE-2017-8229
|
|
|
|
|
|
CNVD-2021-43984
|
|
|
|
|
|
CNVD-2021-41972
|
|
|
|
|
|
bsphp-info (BSPHP - Information Disclosure)
|
|
|
|
|
|
discuz-api-pathinfo (Discuz! X2.5 - Path Disclosure)
|
|
|
|
|
|
joomla-department-sqli
|
|
|
|
|
|
netmizer-cmd-rce
|
|
|
|
|
|
netmizer-data-listing
|
|
|
|
|
|
acti-video-lfi
|
|
|
|
|
|
avcon6-execl-lfi
|
|
|
|
|
|
eaa-app-lfi (EAA Application Access System - Arbitary File Read)
|
|
|
|
|
|
easyimage-downphp-lfi
|
|
|
|
|
|
ecology-oa-file-sqli (E-cology FileDownloadForOutDocSQL - SQL Injection)
|
|
|
|
|
|
kedacom-network-lfi
|
|
|
|
|
|
panabit-ixcache-rce
|
|
|
|
|
|
sangfor-cphp-rce
|
|
|
|
|
|
sangfor-download-lfi
|
|
|
|
|
|
sangfor-sysuser-conf
|
|
|
|
|
|
tamronos-user-creation
|
|
|
|
|
|
wisegiga-nas-lfi
|
|
|
|
|
|
zzzcms-info-disclosure
|
|
|
|
|
|
zzzcms-ssrf
|
|
|
|
|
|
apache-solr-rce
|
|
|
|
|
|
bloofoxcms-default-login
|
|
|
|
|
|
openmediavault-default-login
|
|
|
|
|
|
webmin-default-login
|
|
|
|
|
|
socks5-vpn-config (惠尔顿-e地通VPN Socks5 VPN - Sensitive File Disclosure)
|
|
|
|
|
|
bitbucket-auth-bypass
|
|
|
|
|
|
casdoor-users-password
|
|
|
|
|
|
yzmcms-installer
|
|
|
|
|
|
mobsf-framework-exposure
|
|
|
|
|
|
openstack-config
|
|
|
|
|
|
sonarqube-projects-disclosure
|
|
|
|
|
|
CVE-2023-39141
|
|
|
|
|
|
CVE-2023-38035
|
|
|
|
|
|
CVE-2022-46463
|
|
|
|
|
|
CVE-2022-39986
|
|
|
|
|
|
CVE-2021-41460
|
|
|
|
|
|
CVE-2019-17662
|
|
|
|
|
|
CVE-2019-1898
|
|
|
|
|
|
CNVD-2023-08743
|
|
|
|
|
|
74cms-weixin-sqli
|
|
|
|
|
|
fine-report-v9-file-upload
|
|
|
|
|
|
jinhe-oa-c6-lfi
|
|
|
|
|
|
apache-druid-log4j
|
|
|
|
|
|
aspcms-commentlist-sqli
|
|
|
|
|
|
caimore-gateway-rce
|
|
|
|
|
|
h3c-cvm-arbitrary-file-upload
|
|
|
|
|
|
hanta-rce
|
|
|
|
|
|
hongfan-ioffice-lfi
|
|
|
|
|
|
hongfan-ioffice-rce
|
|
|
|
|
|
hongfan-ioffice-sqli
|
|
|
|
|
|
landray-oa-erp-data-rce
|
|
|
|
|
|
maltrail-rce
|
|
|
|
|
|
ruijie-excu-shell
|
|
|
|
|
|
apache-couchdb-unauth
|
|
|
|
|
|
chatgpt-web-unauth
|
|
|
|
|
|
feiyuxing-info-leak
|
|
|
|
|
|
hikivision-env
|
|
|
|
|
|
unauth-redis-insight
|
|
|
|
|
|
kylin-default-login
|
|
|
|
|
|
caimore-default-login
|
|
|
|
|
|
easyreport-default-login
|
2023-09-15 02:51:38 +02:00
|
|
|
|
nacos-default-login
|
|
|
|
|
|
```
|
2023-08-30 10:17:32 +02:00
|
|
|
|
|
