2023-08-30 10:17:32 +02:00
|
|
|
|
# 更新日志
|
|
|
|
|
|
|
2023-11-01 09:00:03 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## 2023.11.1
|
|
|
|
|
|
|
|
|
|
|
|
**同步nuclei引擎至v3.0.2,方便支持nuclei官方最新模板。**
|
|
|
|
|
|
|
|
|
|
|
|
同步nuclei poc v9.6.4
|
|
|
|
|
|
|
|
|
|
|
|
其中以*打头的为从用户自定义模板更换工作流至nuclei官方的模板。
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
CVE-2023-41892 (CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution)
|
|
|
|
|
|
CVE-2023-39677 (PrestaShop MyPrestaModules - PhpInfo Disclosure)
|
|
|
|
|
|
CVE-2023-39676 (PrestaShop fieldpopupnewsletter Module - Cross Site Scripting)
|
|
|
|
|
|
CVE-2023-30943 (Moodle - Cross-Site Scripting/Remote Code Execution)
|
|
|
|
|
|
CVE-2023-25573 (Metersphere - Arbitrary File Read)
|
|
|
|
|
|
CVE-2023-22463 (KubePi JwtSigKey 登陆绕过漏洞)
|
|
|
|
|
|
CVE-2022-0342 (Zyxel - Authentication Bypass)
|
|
|
|
|
|
phpldapadmin-xss
|
|
|
|
|
|
|
|
|
|
|
|
*CNVD-C-2023-76801 (UFIDA NC uapjs - RCE vulnerability)
|
|
|
|
|
|
*CNVD-2022-43245 (Weaver OA XmlRpcServlet - Arbitary File Read)
|
|
|
|
|
|
*CNVD-2021-33202 (Weaver OA E-Cology LoginSSO.jsp - SQL Injection)
|
|
|
|
|
|
*chanjet-tplus-rce (Chanjet TPlus GetStoreWarehouseByStore - Remote Command Execution)
|
|
|
|
|
|
*landray-oa-sysSearchMain-editParam-rce
|
|
|
|
|
|
*landray-oa-treexml-rce
|
|
|
|
|
|
*aic-intelligent-password-exposure
|
|
|
|
|
|
*cloud-oa-system-sqli
|
|
|
|
|
|
*cmseasy-crossall-sqli
|
|
|
|
|
|
*comai-ras-cookie-bypass
|
|
|
|
|
|
*huiwen-bibliographic-info-leak
|
|
|
|
|
|
*sanhui-smg-file-read
|
|
|
|
|
|
*seeyon-oa-log4j
|
|
|
|
|
|
*zhixiang-oa-msglog-sqli
|
|
|
|
|
|
*secsslvpn-auth-bypass(奇xx VPN认证绕过)
|
|
|
|
|
|
*realor-gwt-system-sqli
|
|
|
|
|
|
*ruijie-nbr-fileupload.yaml
|
|
|
|
|
|
*sangfor-login-rce (应用交付)
|
|
|
|
|
|
*secgate-3600-file-upload
|
|
|
|
|
|
*seeyon-config-exposure
|
|
|
|
|
|
*seeyon-createmysql-exposure
|
|
|
|
|
|
*seeyon-initdata-exposure
|
|
|
|
|
|
*seeyon-oa-fastjson-rce
|
|
|
|
|
|
*seeyon-oa-setextno-sqli
|
|
|
|
|
|
*shiziyu-cms-apicontroller-sqli
|
|
|
|
|
|
*seeyon-oa-sp2-file-upload
|
|
|
|
|
|
*smartbi-deserialization
|
|
|
|
|
|
*jolokia-logback-jndi-rce
|
|
|
|
|
|
*tongda-action-uploadfile
|
|
|
|
|
|
*tongda-api-file-upload
|
|
|
|
|
|
*tongda-arbitrary-login
|
|
|
|
|
|
*tongda-contact-list-exposure
|
|
|
|
|
|
*tongda-getdata-rce
|
|
|
|
|
|
*tongda-getway-rfi
|
|
|
|
|
|
*tongda-insert-sqli
|
|
|
|
|
|
*tongda-login-code-authbypass
|
|
|
|
|
|
*tongda-meeting-unauth
|
|
|
|
|
|
*tongda-oa-swfupload-sqli
|
|
|
|
|
|
*tongda-report-func-sqli
|
|
|
|
|
|
*tongda-video-file-read
|
|
|
|
|
|
*topsec-topacm-rce
|
|
|
|
|
|
*topsec-topapplb-auth-bypass
|
|
|
|
|
|
*wanhu-documentedit-sqli
|
|
|
|
|
|
*wanhu-download-ftp-file-read
|
|
|
|
|
|
*wanhu-download-old-file-read
|
|
|
|
|
|
*wanhu-oa-fileupload-controller-arbitrary-file-upload
|
|
|
|
|
|
*wanhu-teleconferenceservice-xxe
|
|
|
|
|
|
*wanhuoa-officeserverservlet-file-upload
|
|
|
|
|
|
*wanhuoa-smartupload-file-upload
|
|
|
|
|
|
*ecology-jqueryfiletree-traversal
|
|
|
|
|
|
*ecology-verifyquicklogin-auth-bypass
|
|
|
|
|
|
*ecology-oa-byxml-xxe
|
|
|
|
|
|
*weaver-checkserver-sqli
|
|
|
|
|
|
*weaver-e-cology-validate-sqli
|
|
|
|
|
|
*weaver-e-mobile-rce
|
|
|
|
|
|
*weaver-ebridge-lfi
|
|
|
|
|
|
*weaver-ecology-bshservlet-rce
|
|
|
|
|
|
*weaver-ecology-getsqldata-sqli
|
|
|
|
|
|
*weaver-ecology-hrmcareer-sqli
|
|
|
|
|
|
*weaver-group-xml-sqli
|
|
|
|
|
|
*weaver-jquery-file-upload
|
|
|
|
|
|
*weaver-ktreeuploadaction-file-upload
|
|
|
|
|
|
*weaver-lazyuploadify-file-upload
|
|
|
|
|
|
*weaver-login-sessionkey
|
|
|
|
|
|
*weaver-mysql-config-info-leak
|
|
|
|
|
|
*weaver-office-server-file-upload
|
|
|
|
|
|
*weaver-officeserver-lfi
|
|
|
|
|
|
*weaver-signaturedownload-lfi
|
|
|
|
|
|
*weaver-sptmforportalthumbnail-lfi
|
|
|
|
|
|
*weaver-uploadify-file-upload
|
|
|
|
|
|
*weaver-uploadoperation-file-upload
|
|
|
|
|
|
*weaver-userselect-unauth
|
|
|
|
|
|
*wechat-info-leak
|
|
|
|
|
|
*chanjet-gnremote-sqli
|
|
|
|
|
|
*chanjet-tplus-checkmutex-sqli
|
|
|
|
|
|
*chanjet-tplus-file-read (Downloadproxy)
|
|
|
|
|
|
*chanjet-tplus-fileupload
|
|
|
|
|
|
*chanjet-tplus-ufida-sqli
|
|
|
|
|
|
*grp-u8-uploadfiledata-fileupload
|
|
|
|
|
|
*yonyou-fe-directory-traversal
|
|
|
|
|
|
*yonyou-filereceiveservlet-fileupload
|
|
|
|
|
|
*yonyou-grp-u8-xxe
|
|
|
|
|
|
*yonyou-nc-accept-fileupload
|
|
|
|
|
|
*yonyou-nc-baseapp-deserialization
|
|
|
|
|
|
*yonyou-nc-dispatcher-fileupload
|
|
|
|
|
|
*yonyou-nc-grouptemplet-fileupload
|
|
|
|
|
|
*yonyou-nc-info-leak
|
|
|
|
|
|
*yonyou-nc-ncmessageservlet-rce
|
|
|
|
|
|
*yonyou-u8-crm-fileupload
|
|
|
|
|
|
*yonyou-u8-crm-lfi
|
|
|
|
|
|
*dlink-centralized-default-login
|
|
|
|
|
|
*o2oa-default-login
|
|
|
|
|
|
*aruba-instant-default-login
|
|
|
|
|
|
*ciphertrust-default-login
|
|
|
|
|
|
*cnzxsoft-default-login
|
|
|
|
|
|
*supershell-default-login
|
|
|
|
|
|
*seeyon-a8-default-login
|
|
|
|
|
|
*seeyon-monitor-default-login
|
|
|
|
|
|
*smartbi-default-login
|
|
|
|
|
|
*ac-weak-login (wayos)
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
同步nuclei poc v9.6.5
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
CVE-2023-43261 (Milesight Routers - Information Disclosure)
|
|
|
|
|
|
CVE-2023-42793 (JetBrains TeamCity < 2023.05.4 - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-42442 (JumpServer > 3.6.4 - Information Disclosure)
|
|
|
|
|
|
CVE-2023-37474 (Copyparty <= 1.8.2 - Directory Traversal)
|
|
|
|
|
|
CVE-2023-36845 (Juniper J-Web - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-35813 (Sitecore - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-34259 (Kyocera TASKalfa printer - Path Traversal)
|
|
|
|
|
|
CVE-2023-33831 (FUXA - Unauthenticated Remote Code Execution)
|
|
|
|
|
|
CVE-2023-31465 (TimeKeeper by FSMLabs - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-30013 (TOTOLink - Unauthenticated Command Injection)
|
|
|
|
|
|
CVE-2023-29357 (Microsoft SharePoint - Authentication Bypass)
|
|
|
|
|
|
CVE-2023-22515 (Atlassian Confluence - Privilege Escalation)
|
|
|
|
|
|
CVE-2023-5074 (D-Link D-View 8 v2.0.1.28 - Authentication Bypass)
|
|
|
|
|
|
CVE-2023-4568 (PaperCut NG Unauthenticated XMLRPC Functionality)
|
|
|
|
|
|
CVE-2023-2766 (Weaver OA 9.5 - Information Disclosure)
|
|
|
|
|
|
xploitspy-default-login
|
|
|
|
|
|
mercurial-hgignore
|
|
|
|
|
|
sangfor-nextgen-lfi
|
|
|
|
|
|
yonyou-u8-sqli (Yonyou U8 bx_historyDataCheck - SQL Injection)
|
|
|
|
|
|
|
|
|
|
|
|
*CVE-2022-25568 (MotionEye Config Info Disclosure)
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
同步nuclei poc v9.6.6
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
CVE-2022-47075 (Smart Office Web 20.28 - Information Disclosure)
|
|
|
|
|
|
CVE-2023-40779 (IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect)
|
|
|
|
|
|
CVE-2023-39110 (rConfig 3.9.4 - Server-Side Request Forgery)
|
|
|
|
|
|
CVE-2023-39109 (rConfig 3.9.4 - Server-Side Request Forgery)
|
|
|
|
|
|
CVE-2023-39108 (rConfig 3.9.4 - Server-Side Request Forgery)
|
|
|
|
|
|
CVE-2023-34756 (Bloofox v0.5.2.1 - SQL Injection)
|
|
|
|
|
|
CVE-2023-34755 (bloofoxCMS v0.5.2.1 - SQL Injection)
|
|
|
|
|
|
CVE-2023-34753 (bloofoxCMS v0.5.2.1 - SQL Injection)
|
|
|
|
|
|
CVE-2023-34752 (bloofoxCMS v0.5.2.1 - SQL Injection)
|
|
|
|
|
|
CVE-2023-34751 (bloofoxCMS v0.5.2.1 - SQL Injection)
|
|
|
|
|
|
CVE-2021-29006 (rConfig 3.9.6 - Local File Inclusion)
|
|
|
|
|
|
CVE-2023-4974 (Academy LMS 6.2 - SQL Injection)
|
|
|
|
|
|
CVE-2023-3710 (Honeywell PM43 Printers - Command Injection)
|
|
|
|
|
|
CVE-2023-0947 (Flatpress < 1.3 - Path Traversal)
|
|
|
|
|
|
CVE-2023-0777 (modoboa 2.0.4 - Admin TakeOver)
|
|
|
|
|
|
CVE-2021-41749 (CraftCMS SEOmatic - Server-Side Template Injection)
|
|
|
|
|
|
CVE-2020-13638 (rConfig 3.9 - Authentication Bypass(Admin Login))
|
|
|
|
|
|
CVE-2020-13851 (Artica Pandora FMS 7.44 - Remote Code Execution)
|
|
|
|
|
|
CVE-2020-6950 (Eclipse Mojarra - Local File Read)
|
|
|
|
|
|
CVE-2018-7282 (TITool PrintMonitor - Blind SQL Injection)
|
|
|
|
|
|
joomla-com-booking-component
|
|
|
|
|
|
joomla-iproperty-real-estate-xss
|
|
|
|
|
|
joomla-joombri-careers-xss
|
|
|
|
|
|
joomla-jvtwitter-xss
|
|
|
|
|
|
joomla-marvikshop-sqli
|
|
|
|
|
|
joomla-marvikshop-xss
|
|
|
|
|
|
joomla-solidres-xss
|
|
|
|
|
|
doorgets-info-disclosure
|
|
|
|
|
|
kingsoft-vgm-lfi
|
|
|
|
|
|
sound4-impact-auth-bypass
|
|
|
|
|
|
sound4-impact-password-auth-bypass
|
|
|
|
|
|
stackposts-sqli
|
|
|
|
|
|
servicenow-widget-misconfig
|
|
|
|
|
|
batflat-default-login
|
|
|
|
|
|
etl3100-default-login
|
|
|
|
|
|
rconfig-default-login
|
|
|
|
|
|
timekeeper-default-login
|
|
|
|
|
|
wazuh-default-login
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
nuclei poc v9.6.7 无可同步poc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
同步nuclei poc v9.6.8
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
CVE-2023-46747 (F5 BIG-IP - Unauthenticated RCE via AJP Smuggling)
|
|
|
|
|
|
CVE-2023-45852 (Viessmann Vitogate 300 - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-37679 (NextGen Mirth Connect - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-4966 (Citrix Bleed - Leaking Session Tokens)
|
|
|
|
|
|
CVE-2022-36553 (Hytec Inter HWL-2511-SS - Remote Command Execution)
|
|
|
|
|
|
tiny-file-manager-unauth
|
|
|
|
|
|
opache-control-panel (Opache control Panel - Unauthenticated Access)
|
|
|
|
|
|
cisco-broadworks-log4j-rce
|
|
|
|
|
|
citrix-xenapp-log4j-rce
|
|
|
|
|
|
f-secure-policymanager-log4j-rce
|
|
|
|
|
|
flexnet-log4j-rce
|
|
|
|
|
|
fortiportal-log4j-rce
|
|
|
|
|
|
livebos-file-read
|
|
|
|
|
|
logstash-log4j-rce
|
|
|
|
|
|
okta-log4j-rce
|
|
|
|
|
|
papercut-log4j-rce
|
|
|
|
|
|
openshift-log4j-rce
|
|
|
|
|
|
pega-log4j-rce
|
|
|
|
|
|
splunk-enterprise-log4j-rce
|
|
|
|
|
|
symantec-sepm-log4j-rce
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
嘎了nuclei ignore找不到的报错
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-09-16 17:58:50 +02:00
|
|
|
|
## 2023.9.16
|
|
|
|
|
|
|
|
|
|
|
|
同步nuclei引擎 **v2.9.14**
|
|
|
|
|
|
|
|
|
|
|
|
现在workflow中填写可以添加.yaml后缀也可以不填了
|
|
|
|
|
|
|
|
|
|
|
|
添加整个程序结束后的提示
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
更新poc
|
|
|
|
|
|
|
|
|
|
|
|
同步nuclei poc至v9.6.3
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
添加Poc
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
CVE-2023-39600 (IceWarp 11.4.6.0 - Cross-Site Scripting)
|
|
|
|
|
|
CVE-2023-39598 (IceWarp Email Client - Cross Site Scripting)
|
|
|
|
|
|
CVE-2023-39361 (Cacti 1.2.24 - SQL Injection)
|
|
|
|
|
|
CVE-2023-36844 (Juniper Devices - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-34192 (Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting)
|
|
|
|
|
|
CVE-2023-34124 (SonicWall GMS and Analytics Web Services - Shell Injection)
|
|
|
|
|
|
CVE-2023-30150 (PrestaShop leocustomajax 1.0 & 1.0.0 - SQL Injection)
|
|
|
|
|
|
CVE-2023-27034 (Blind SQL injection vulnerability in Jms Blog)
|
|
|
|
|
|
CVE-2023-2648 (Weaver E-Office 9.5 - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-26469 (Jorani 1.0.0 - Remote Code Execution)
|
|
|
|
|
|
CVE-2023-20073 (Cisco VPN Routers - Unauthenticated Arbitrary File Upload)
|
|
|
|
|
|
CVE-2022-22897 (PrestaShop Ap Pagebuilder <= 2.4.4 SQL Injection)
|
|
|
|
|
|
CVE-2021-46107 (Ligeo Archives Ligeo Basics - Server Side Request Forgery)
|
|
|
|
|
|
CVE-2020-11798 (Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal)
|
|
|
|
|
|
CVE-2020-10220 (rConfig 3.9 - SQL injection)
|
|
|
|
|
|
CVE-2018-17153 (Western Digital MyCloud NAS - Authentication Bypass)
|
|
|
|
|
|
CVE-2016-10108 (Western Digital MyCloud NAS - Command Injection)
|
|
|
|
|
|
jorani-benjamin-xss (Jorani v1.0.3-2014-2023 Benjamin BALET - Cross-Site Scripting)
|
|
|
|
|
|
prestashop-apmarketplace-sqli (PrestaShop Ap Marketplace SQL Injection)
|
|
|
|
|
|
ecology-info-leak (Ecology - Information Exposure)
|
|
|
|
|
|
php-debugbar-exposure (Php Debug Bar - Exposure)
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
部分Poc移动至Nuclei官方模版
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
CNVD-2021-32799 (360 Xintianqing - SQL Injection)
|
|
|
|
|
|
hikvision-fastjson-rce (HIKVISION applyCT Fastjson - Remote Command Execution)
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-09-15 02:51:38 +02:00
|
|
|
|
## 2023.9.15
|
|
|
|
|
|
|
|
|
|
|
|
9月13号的更新报告写入有问题,现在修了。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-09-13 04:36:42 +02:00
|
|
|
|
## 2023.9.13
|
|
|
|
|
|
|
|
|
|
|
|
根据 **hanbufei**大哥的pr,添加模糊搜索poc,并跳过指纹识别、路径爆破直接打poc的功能。
|
|
|
|
|
|
|
2023-09-13 06:09:01 +02:00
|
|
|
|
同步nuclei引擎 v2.9.14的yaml poc结构。准备同步最新官方nuclei poc
|
|
|
|
|
|
|
2023-09-13 04:36:42 +02:00
|
|
|
|
|
|
|
|
|
|
|
2023-09-04 11:08:49 +02:00
|
|
|
|
## 2023.9.4
|
|
|
|
|
|
|
|
|
|
|
|
修复大量目标进行主动指纹探测时协程调度异常导致资源占用过高的问题。
|
|
|
|
|
|
|
|
|
|
|
|
新增web探针线程、超时命令行参数。
|
|
|
|
|
|
|
|
|
|
|
|
新增跳过Golang Poc的命令行参数。
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-09-02 05:52:08 +02:00
|
|
|
|
## 2023.9.2
|
|
|
|
|
|
|
|
|
|
|
|
部分2023 hvv漏洞更新
|
|
|
|
|
|
|
2023-09-15 02:51:38 +02:00
|
|
|
|
```
|
2023-09-02 05:52:08 +02:00
|
|
|
|
renwoxing-crm-smsdatalist-sqli (感谢h0nayuzu)
|
|
|
|
|
|
jeecg-boot-ssti-rce
|
|
|
|
|
|
dahua-smart-park-getfacecapture-sqli(感谢h0nayuzu)
|
|
|
|
|
|
dahua-smart-park-video-upload
|
|
|
|
|
|
dahua-user-getuserinfobyusername-getpassword(感谢h0nayuzu)
|
|
|
|
|
|
cdg-uploadfilefromclientserviceforclient-file-upload (亿赛通文件上传)
|
|
|
|
|
|
officeweb365-file-upload
|
|
|
|
|
|
yonyou-turbocrm-getemaildata-fileread
|
2023-09-15 02:51:38 +02:00
|
|
|
|
```
|
2023-09-02 05:52:08 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-08-30 10:17:32 +02:00
|
|
|
|
## 2023.8.30
|
|
|
|
|
|
|
|
|
|
|
|
同步Nuclei模板至v9.6.2.将部分user目录下的Poc指向Nuclei官方Poc
|
|
|
|
|
|
|
2023-09-15 02:51:38 +02:00
|
|
|
|
```
|
2023-08-30 10:17:32 +02:00
|
|
|
|
CVE-2023-36346
|
|
|
|
|
|
CNVD-2022-86535
|
|
|
|
|
|
leostream-default-login
|
|
|
|
|
|
pyload-default-login
|
|
|
|
|
|
unauth-temporal-web-ui
|
|
|
|
|
|
apache-dubbo-unauth
|
|
|
|
|
|
apache-rocketmq-broker-unauth
|
|
|
|
|
|
collibra-properties
|
|
|
|
|
|
CVE-2023-29300
|
|
|
|
|
|
CVE-2023-29298
|
|
|
|
|
|
CVE-2023-24489
|
|
|
|
|
|
CVE-2022-40127
|
|
|
|
|
|
CVE-2023-37270
|
|
|
|
|
|
CVE-2020-17463
|
|
|
|
|
|
CVE-2017-7925
|
|
|
|
|
|
yealink-default-login
|
|
|
|
|
|
CVE-2023-38646
|
|
|
|
|
|
CVE-2023-37265
|
|
|
|
|
|
CVE-2023-37266
|
|
|
|
|
|
CVE-2023-35885
|
|
|
|
|
|
CVE-2023-37462
|
|
|
|
|
|
CVE-2023-38205
|
|
|
|
|
|
CVE-2023-3836
|
|
|
|
|
|
CVE-2023-3765
|
|
|
|
|
|
CVE-2021-44139
|
|
|
|
|
|
CVE-2021-27670
|
|
|
|
|
|
CVE-2018-20608
|
|
|
|
|
|
elasticsearch-default-login
|
|
|
|
|
|
jupyter-notebook-rce
|
|
|
|
|
|
skype-blind-ssrf
|
|
|
|
|
|
tongda-auth-bypass (Tongda OA 11.7 - Authentication Bypass)
|
|
|
|
|
|
alibaba-anyproxy-lfi
|
|
|
|
|
|
nginxwebui-runcmd-rce
|
|
|
|
|
|
CVE-2023-39143
|
|
|
|
|
|
CVE-2023-26067
|
|
|
|
|
|
CVE-2023-22480
|
|
|
|
|
|
CVE-2022-40843
|
|
|
|
|
|
CVE-2021-22707
|
|
|
|
|
|
CVE-2020-28185
|
|
|
|
|
|
CVE-2019-7192
|
|
|
|
|
|
CVE-2019-15642
|
|
|
|
|
|
CVE-2018-18809
|
|
|
|
|
|
CVE-2018-12909
|
|
|
|
|
|
CVE-2017-8229
|
|
|
|
|
|
CNVD-2021-43984
|
|
|
|
|
|
CNVD-2021-41972
|
|
|
|
|
|
bsphp-info (BSPHP - Information Disclosure)
|
|
|
|
|
|
discuz-api-pathinfo (Discuz! X2.5 - Path Disclosure)
|
|
|
|
|
|
joomla-department-sqli
|
|
|
|
|
|
netmizer-cmd-rce
|
|
|
|
|
|
netmizer-data-listing
|
|
|
|
|
|
acti-video-lfi
|
|
|
|
|
|
avcon6-execl-lfi
|
|
|
|
|
|
eaa-app-lfi (EAA Application Access System - Arbitary File Read)
|
|
|
|
|
|
easyimage-downphp-lfi
|
|
|
|
|
|
ecology-oa-file-sqli (E-cology FileDownloadForOutDocSQL - SQL Injection)
|
|
|
|
|
|
kedacom-network-lfi
|
|
|
|
|
|
panabit-ixcache-rce
|
|
|
|
|
|
sangfor-cphp-rce
|
|
|
|
|
|
sangfor-download-lfi
|
|
|
|
|
|
sangfor-sysuser-conf
|
|
|
|
|
|
tamronos-user-creation
|
|
|
|
|
|
wisegiga-nas-lfi
|
|
|
|
|
|
zzzcms-info-disclosure
|
|
|
|
|
|
zzzcms-ssrf
|
|
|
|
|
|
apache-solr-rce
|
|
|
|
|
|
bloofoxcms-default-login
|
|
|
|
|
|
openmediavault-default-login
|
|
|
|
|
|
webmin-default-login
|
|
|
|
|
|
socks5-vpn-config (惠尔顿-e地通VPN Socks5 VPN - Sensitive File Disclosure)
|
|
|
|
|
|
bitbucket-auth-bypass
|
|
|
|
|
|
casdoor-users-password
|
|
|
|
|
|
yzmcms-installer
|
|
|
|
|
|
mobsf-framework-exposure
|
|
|
|
|
|
openstack-config
|
|
|
|
|
|
sonarqube-projects-disclosure
|
|
|
|
|
|
CVE-2023-39141
|
|
|
|
|
|
CVE-2023-38035
|
|
|
|
|
|
CVE-2022-46463
|
|
|
|
|
|
CVE-2022-39986
|
|
|
|
|
|
CVE-2021-41460
|
|
|
|
|
|
CVE-2019-17662
|
|
|
|
|
|
CVE-2019-1898
|
|
|
|
|
|
CNVD-2023-08743
|
|
|
|
|
|
74cms-weixin-sqli
|
|
|
|
|
|
fine-report-v9-file-upload
|
|
|
|
|
|
jinhe-oa-c6-lfi
|
|
|
|
|
|
apache-druid-log4j
|
|
|
|
|
|
aspcms-commentlist-sqli
|
|
|
|
|
|
caimore-gateway-rce
|
|
|
|
|
|
h3c-cvm-arbitrary-file-upload
|
|
|
|
|
|
hanta-rce
|
|
|
|
|
|
hongfan-ioffice-lfi
|
|
|
|
|
|
hongfan-ioffice-rce
|
|
|
|
|
|
hongfan-ioffice-sqli
|
|
|
|
|
|
landray-oa-erp-data-rce
|
|
|
|
|
|
maltrail-rce
|
|
|
|
|
|
ruijie-excu-shell
|
|
|
|
|
|
apache-couchdb-unauth
|
|
|
|
|
|
chatgpt-web-unauth
|
|
|
|
|
|
feiyuxing-info-leak
|
|
|
|
|
|
hikivision-env
|
|
|
|
|
|
unauth-redis-insight
|
|
|
|
|
|
kylin-default-login
|
|
|
|
|
|
caimore-default-login
|
|
|
|
|
|
easyreport-default-login
|
2023-09-15 02:51:38 +02:00
|
|
|
|
nacos-default-login
|
|
|
|
|
|
```
|
2023-08-30 10:17:32 +02:00
|
|
|
|
|
