1.以下漏洞均为作者收集,请勿用于非法渠道,POC/EXP使用与作者本人无关
2.其中涉及的影响版本都是包含该版本(如1.0.1-2.0.0表示1.0.1和2.0.2版本都受影响)
3.里面的POC/EXP和利用脚本均为作者在网上查找,并没有一一进行验证,不能保证每一个POC/EXP或脚本都没有错误
-
CVE-2022-30525 Zyxel防火墙命令注入漏洞
- 漏洞影响版本:5.10 <= ATP系列固件 <= 5.21 Patch 1 | 4.60 <= VPN系列固件 <= 5.21 Patch 1 | 5.00 <= USG FLEX 100(W),200,500,700 <= 5.21 Patch 1 | 5.10 <= USG FLEX 50(W)/USG20(W)-VPN <= 5.21 Patch 1
- 漏洞介绍及修复建议:https://mp.weixin.qq.com/s/See-Jge6Gajg5-Kx3hMXew
- POC/EXP:https://github.com/jbaines-r7/victorian_machinery
-
CVE-2022-0342 Zyxel身份验证绕过漏洞
- 漏洞影响版本:USG/ZyWALL < ZLD V4.71 | Zyxel USG FLEX < ZLD V5.21 Patch 1 | Zyxel ATP < ZLD V5.21 Patch 1 | Zyxel VPN < ZLD V5.21 | Zyxel NSG < V1.33p4_WK11
- 漏洞介绍及修复建议:https://cn-sec.com/archives/863121.html
- POC/EXP:暂无
-
CVE-2020-29583 Zyxel多款设备硬编码凭据漏洞
- 漏洞影响版本:**ATP系列固件ZLD = V4.60 | USG固件ZLD = V4.60 | USG FLEX固件ZLD = V4.60 | VPN固件ZLD = V4.60 | 6.00 <= NXC2500固件 <= V6.10 | 6.00 <= NXC5500固件 <= V6.10
- 漏洞介绍及修复建议:https://nosec.org/home/detail/4633.html
- POC/EXP:https://github.com/ruppde/scan_CVE-2020-29583
-
CVE-2021-22941 Citrix ShareFile Storage远程代码执行漏洞
- 漏洞影响版本:ShareFile < 5.11.20
- 漏洞介绍及修复建议:https://www.tenable.com/plugins/nessus/156614
- POC/EXP:https://y4er.com/post/citrix-sharefile-cve-2021-22941-rce/
- 批量利用脚本:https://github.com/hoavt184/CVE-2021-22941
-
CVE-2020-8209 Citrix XenMobile目录遍历漏洞
- 漏洞影响版本:**XenMobile Server < 10.12 RP2 | XenMobile Server < 10.11 RP4 | XenMobile Server < 10.10 RP6 | XenMobile Server < 10.9 RP5 | XenMobile Server < 10.12 RP3 | XenMobile Server < 10.11 RP6 | XenMobile Server < 10.10 RP6 | XenMobile Server < 10.9 RP5
- 漏洞介绍及修复建议:https://nosec.org/home/detail/4609.html
- POC/EXP:https://www.freebuf.com/vuls/255109.html
-
CVE-2020-8198 Citrix储存型XSS漏洞
- 漏洞影响版本:**Citrix ADC and Citrix Gateway < 13.0-58.30 | Citrix ADC and NetScaler Gateway < 12.1-57.18 | Citrix ADC and NetScaler Gateway < 12.0-63.21 | Citrix ADC and NetScaler Gateway < 11.1-64.14 | NetScaler ADC and NetScaler Gateway < 10.5-70.18 | Citrix SD-WAN WANOP < 11.1.1a | Citrix SD-WAN WANOP < 11.0.3d | Citrix SD-WAN WANOP < 10.2.7 | Citrix Gateway Plug-in for Linux < 1.0.0.137
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8198
- POC/EXP:https://www.hacking8.com/bug-product/Citrix/CVE-2020-8198-Citrix-%E5%82%A8%E5%AD%98%E5%9E%8Bxss.html
-
CVE-2020-8196 Citrix Nitro API未授权访问漏洞
- 漏洞影响版本:**Citrix ADC and Citrix Gateway < 13.0-58.30 | Citrix ADC and NetScaler Gateway < 12.1-57.18 | Citrix ADC and NetScaler Gateway < 12.0-63.21 | Citrix ADC and NetScaler Gateway < 11.1-64.14 | NetScaler ADC and NetScaler Gateway < 10.5-70.18 | Citrix SD-WAN WANOP < 11.1.1a | Citrix SD-WAN WANOP < 11.0.3d | Citrix SD-WAN WANOP < 10.2.7 | Citrix Gateway Plug-in for Linux < 1.0.0.137
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8196
- POC/EXP:https://www.hacking8.com/bug-product/Citrix/CVE-2020-8196-Citrix-Nitro-API-%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E.html
-
CVE-2020-8195 Citrix信息泄露漏洞
- 漏洞影响版本:Citrix ADC < 13.0-58.30 | Citrix ADC < 12.1-57.18 | Citrix ADC < 12.0-63.21 | Citrix ADC < 11.1-64.14 | Citrix Gateway < 10.5-70.18 | Citrix SDWAN WAN-OP < 11.1.1a | Citrix SDWAN WAN-OP < 11.0.3d | Citrix SDWAN WAN-OP < 10.2.7
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8195
- POC/EXP:https://disk.scan.cm/All_wiki/Qingy%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E%E5%BA%9320210715/Web%E5%AE%89%E5%85%A8/Citrix/%EF%BC%88CVE-2020-8195%EF%BC%89Citrix%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E/%EF%BC%88CVE-2020-8195%EF%BC%89Citrix%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%AE%BF%E9%97%AE%E6%BC%8F%E6%B4%9E.md?hash=zE0KEPGJ
-
CVE-2020-8193 Citrix未授权漏洞
- 漏洞影响版本:Citrix ADC and Citrix Gateway: < 13.0-58.30 | Citrix ADC and NetScaler Gateway: < 12.1-57.18 | Citrix ADC and NetScaler Gateway: < 12.0-63.21 | Citrix ADC and NetScaler Gateway: < 11.1-64.14 | NetScaler ADC and NetScaler Gateway: < 10.5-70.18 | Citrix SD-WAN WANOP: < 11.1.1a | Citrix SD-WAN WANOP: < 11.0.3d | Citrix SD-WAN WANOP: < 10.2.7 | Citrix Gateway Plug-in for Linux: < 1.0.0.137
- 漏洞介绍及修复建议:https://www.freebuf.com/vuls/246070.html
- POC/EXP:https://www.anquanke.com/post/id/210407
- 批量利用脚本:https://github.com/PR3R00T/CVE-2020-8193-Citrix-Scanner
-
CVE-2019-19781 Citrix远程代码执行漏洞
- 漏洞影响版本:Citrix NetScaler ADC and NetScaler Gateway version 10.5 | Citrix ADC and NetScaler Gateway version 11.1 , 12.0 , 12.1 | Citrix ADC and Citrix Gateway version 13.0
- 漏洞介绍及修复建议:https://nosec.org/home/detail/4504.html
- POC/EXP:https://www.cnblogs.com/panisme/p/12542721.html
- 批量利用脚本:https://github.com/trustedsec/cve-2019-19781
-
CVE-2022-22954 VMware Workspace ONE Access SSTI漏洞
- 漏洞影响版本:VMware Workspace ONE Access Appliance(20.10.0.0、20.10.0.1、21.08.0.0、21.08.0.1) | VMware Identity Manager Appliance(3.3.3、3.3.4、3.3.5、3.3.6) | VMware Realize Automation(7.6)
- 漏洞介绍及修复建议:http://cn-sec.com/archives/897261.html
- POC/EXP:https://github.com/sherlocksecurity/VMware-CVE-2022-22954
-
CVE-2021-44228 Log4Shell VMware远程代码执行漏洞
- 漏洞影响版本:VMware Horizon(8.x , 7.x) | VMware Vcenter Server(7.x , 6.7.x , 6.5.x)
- 漏洞介绍及修复建议:https://www.pwndefend.com/2022/01/07/log4shell-exploitation-and-hunting-on-vmware-horizon-cve-2021-44228/
- POC/EXP:https://cloud.tencent.com/developer/article/1922132
- 批量利用脚本:https://github.com/fullhunt/log4j-scan
-
CVE-2021-22056 VMware Workspace ONE Access SSRF漏洞
- 漏洞影响版本:VMware Workspace ONE Access 21.08、20.10.0.1 和 20.10 | Identity Manager 3.3.5、3.3.4 和 3.3.3
- 漏洞介绍及修复建议:https://cn-sec.com/archives/744788.html
- POC/EXP:暂无
-
CVE-2021-22020 VMware vCenter Server Analytics拒绝服务漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7) | VMware Cloud Foundation(4.3 之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22020
- POC/EXP:暂无
-
CVE-2021-22019 VMware vCenter Server拒绝服务漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7和6.5 U3q之前的6.5) | VMware Cloud Foundation(4.3之前的4.x和3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22019
- POC/EXP:暂无
-
CVE-2021-22018 VMware vCenter Server任意文件删除漏洞
- 漏洞影响版本:VMware vCenter Server(7.0.2 U2d之前的7.x) | VMware Cloud Foundation(4.3.1之前的4.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22018
- POC/EXP:暂无
-
CVE-2021-22017 VMware vCenter Server rhttpproxy绕过漏洞
- 漏洞影响版本:VMware vCenter Server(6.7 U3o之前的6.7.x和6.5U3q之前的6.5.x) | VMware Cloud Foundation(3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22017
- POC/EXP:https://xz.aliyun.com/t/10603
-
CVE-2021-22016 VMware vCenter Server XSS漏洞
- 漏洞影响版本:VMware vCenter Server(6.7 U3o之前的6.7) | VMware Cloud Foundation(3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22016
- POC/EXP:暂无
-
CVE-2021-22015 VMware vCenter Server权限提升漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7 , 6.5 U3q之前的6.5) | VMware Cloud Foundation(4.3之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22015
- POC/EXP:暂无
- 批量利用脚本:https://github.com/PenteraIO/vScalation-CVE-2021-22015
-
CVE-2021-22014 VMware vCenter Server后台远程代码执行漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7 , 6.5 U3q之前的6.5) | VMware Cloud Foundation(4.3之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://wxx.olzl.net/21i29t42
- POC/EXP:暂无
-
CVE-2021-22013 VMware vCenter Server 目录遍历漏洞
- 漏洞影响版本:VMware vCenter Server(6.5 U3q之前的6.5)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22013
- POC/EXP:暂无
-
CVE-2021-22012 VMware vCenter Server API敏感信息泄漏漏洞
- 漏洞影响版本:VMware vCenter Server(6.5 U3q之前的6.5)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22012
- POC/EXP:暂无
-
CVE-2021-22011 VMware vCenter ServerAPI未授权访问漏洞
- 漏洞影响版本:VMware vCenter Server(7.0.2 U2d之前的7.x , 6.7 U3o之前的6.7 , 6.5 U3q之前的6.5 | VMware Cloud Foundation(4.3.1之前的4.x和3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22011
- POC/EXP:暂无
-
CVE-2021-22010 VMware vCenter Server VPXD拒绝服务漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7) | VMware Cloud Foundation(4.3之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22010
- POC/EXP:暂无
-
CVE-2021-22009 VMware vCenter Server VApi多个拒绝服务漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7 , 6.5 U3q之前的6.5) | VMware Cloud Foundation(4.3之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22009
- POC/EXP:暂无
-
CVE-2021-22008 VMware vCenter Server敏感信息泄漏漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7 , 6.5 U3q之前的6.5) | VMware Cloud Foundation(4.3之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22008
- POC/EXP:暂无
-
CVE-2021-22007 VMware vCenter Server本地信息泄漏漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7) | VMware Cloud Foundation(4.3之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22007
- POC/EXP:暂无
-
CVE-2021-22006 VMware vCenter Server反向代理绕过漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7) | VMware Cloud Foundation(4.3之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-22006
- POC/EXP:暂无
-
CVE-2021-22005 VMware vCenter Server任意文件上传漏洞
- 漏洞影响版本:*VMware vCenter Server 7.0系列 < 7.0 U2c | VMware vCenter Server 6.7系列 < 6.7 U3o
- 漏洞介绍及修复建议:https://www.vmware.com/security/advisories/VMSA-2021-0020.html
- POC/EXP:https://cloud.tencent.com/developer/article/1899771
- 批量利用脚本:https://github.com/r0ckysec/CVE-2021-22005
-
CVE-2021-21993 VMware vCenter Server SSRF漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7 , 6.5 U3q之前的6.5.x) | VMware Cloud Foundation(4.3之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-21993
- POC/EXP:暂无
-
CVE-2021-21992 VMware vCenter Server XML拒绝服务漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7 , 6.5 U3q之前的6.5.x) | VMware Cloud Foundation(4.3之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-21992
- POC/EXP:暂无
-
CVE-2021-21991 VMware vCenter Server本地提权漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2c之前的7.x , 6.7 U3o之前的6.7 , 6.5 U3q之前的6.5.x) | VMware Cloud Foundation(4.3之前的4.x , 3.10.2.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-21991
- POC/EXP:暂无
-
CVE-2021-21985 VMware vCenter Server远程代码执行漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U2b之前的7.x , 6.7 U3n之前的6.7.x , 6.5 U3p之前的6.5.x) | VMware Cloud Foundation(4.2.1之前的4.x , 3.10.2.1之前的3.x)
- 漏洞介绍及修复建议:https://www.anquanke.com/post/id/242337
- POC/EXP:https://cloud.tencent.com/developer/article/1851525
- 批量利用脚本:https://github.com/r0ckysec/CVE-2021-21985
-
CVE-2021-21978 VMware View Planner远程代码执行漏洞
- 漏洞影响版本:VMware View Planner <= 4.6
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/9313
- POC/EXP:https://www.freebuf.com/vuls/269744.html
- 批量利用脚本:https://github.com/skytina/CVE-2021-21978
-
CVE-2021-21975 VMware vRealize SSRF漏洞
- 漏洞影响版本:VMware vRealize Operations(8.3.0、8.2.0、8.1.1、8.1.0、7.5.0) | VMware Cloud Foundation(4.x、3.x) | VMware vRealize Suite Lifecycle Manager(8.x)
- 漏洞介绍及修复建议:https://www.wangan.com/articles/4147
- POC/EXP:https://cloud.tencent.com/developer/article/1824833
- 批量利用脚本:https://github.com/GuayoyoCyber/CVE-2021-21975
-
CVE-2021-21974 VMware ESXI堆溢出漏洞
- 漏洞影响版本:VMware ESXi(ESXi70U1c-17325551之前的7.0.x , ESXi670-202102401-SG之前的6.7.x , ESXi650-202102101-SG之前的6.5.x) | VMware Cloud Foundation(4.2之前的4.0.x , 3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-21974
- POC/EXP:https://github.com/Shadow0ps/CVE-2021-21974
-
CVE-2021-21973 VMware vCenter Server SSRF漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U1c之前的7.x , 6.7 U3l之前的6.7.x , 6.5 U3n之前的6.5.x) | VMware Cloud Foundation(4.2之前的4.x , 3.10.1.2之前的3.x)
- 漏洞介绍及修复建议:https://www.cve.org/CVERecord?id=CVE-2021-21973
- POC/EXP:https://cloud.tencent.com/developer/article/1940072
- 批量利用脚本:https://github.com/freakanonymous/CVE-2021-21973-Automateme
-
CVE-2021-21972 Vmware vCenter未授权任意文件上传漏洞
- 漏洞影响版本:VMware vCenter Server(7.0 U1c之前的7.x , 6.7之前6.7 U3l , 6.5之前的6.5 U3n) | VMware Cloud Foundation(4.2之前的4.x , 3.10.1.2之前的3.x)
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/9238
- POC/EXP:https://www.freebuf.com/vuls/264293.html
- 批量利用脚本:https://github.com/NS-Sp4ce/CVE-2021-21972
-
CVE-2020-4006 VMware Workspace ONE Access命令注入漏洞
- 漏洞影响版本:VMware Workspace ONE Access 20.01、20.10 | 3.3.1 <= VMware Identity Manager <= 3.3.3 | 3.3.1 <= VMware Identity Manager Connector <= 3.3.3 | 19.03.0.0 <= VMware Identity Manager Connector <= 19.03.0.1
- 漏洞介绍及修复建议:http://www.hackdig.com/12/hack-221724.htm
- POC/EXP:https://github.com/tzwlhack/Vulnerability/blob/main/VMware%20Workspace%20ONE%20Access%20%E5%91%BD%E4%BB%A4%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2020-4006%EF%BC%89.md
-
CVE-2022-23131 Zabbix登录绕过漏洞
- 漏洞影响版本:zabbix 5.4.0-5.4.8 | 6.0.0alpha1
- 漏洞介绍及修复建议:https://support.zabbix.com/browse/ZBX-20350
- POC/EXP:https://forum.90sec.com/t/topic/2045
- 批量利用工具:https://github.com/Mr-xn/cve-2022-23131
-
CVE-2022-23134 Zabbix未授权访问到接管后台
- 漏洞影响版本:zabbix 5.4.0-5.4.8 | 6.0.0-6.0.0beta1
- 漏洞介绍及修复建议:https://support.zabbix.com/browse/ZBX-20384
- POC/EXP:https://www.ctfiot.com/27130.html
-
CVE-2020-11800 Zabbix远程代码执行漏洞
- 漏洞影响版本:Zabbix 3.2 | 3.0.x <= Zabbix <= 3.0.30 | 2.2.x <= Zabbix <= 2.2.18
- 漏洞介绍及修复建议:https://nosec.org/home/detail/4586.html
- POC/EXP:https://www.cnblogs.com/cute-puli/p/14651583.html
-
CVE-2022-1388 F5 BIG-IP iControl REST身份验证绕过漏洞
- 漏洞影响版本:16.1.0 <= BIG-IP <= 16.1.2 | 15.1.0 <= BIG-IP <= 15.1.5 | 14.1.0 <= BIG-IP <= 14.1.4 | 13.1.0 <= BIG-IP <= 13.1.4 | 12.1.0 <= BIG-IP <= 12.1.6 | 11.6.1 <= BIG-IP <= 11.6.5
- 漏洞介绍及修复建议:https://mp.weixin.qq.com/s/m8CCUl03fxmTsuxSBAn61Q
- POC/EXP:https://github.com/sherlocksecurity/CVE-2022-1388_F5_BIG-IP
- 批量利用脚本:https://github.com/bytecaps/CVE-2022-1388-EXP
-
CVE-2021-22992 Advanced WAF/ASM缓冲区溢出漏洞
- 漏洞影响版本:BIG-IP(All Modules):16.0.0-16.0.1、15.1.0-15.1.2、14.1.0-14.1.3.1、13.1.0-13.1.3.5、12.1.0-12.1.5.2
- 漏洞介绍及修复建议:https://www.venustech.com.cn/new_type/aqtg/20210311/22484.html
- POC/EXP:暂无
-
CVE-2021-22991 BIG-IP 缓冲区溢出漏洞
- 漏洞影响版本:BIG-IP(All Modules):16.0.0-16.0.1、15.1.0-15.1.2、14.1.0-14.1.3.1、13.1.0-13.1.3.5、12.1.0-12.1.5.2
- 漏洞介绍及修复建议:https://www.venustech.com.cn/new_type/aqtg/20210311/22484.html
- POC/EXP:https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/BIG-IP%20%E7%BC%93%E5%86%B2%E5%8C%BA%E6%BA%A2%E5%87%BA%E6%BC%8F%E6%B4%9E%20(CVE-2021-22991).md
-
CVE-2021-22990 Advanced WAF/ASM TMUI后台远程代码执行漏洞
- 漏洞影响版本:F5 BIG-IP 16.0.0-16.0.1、15.1.0-15.1.2、14.1.0-14.1.3.1、13.1.0-13.1.3.5、12.1.0-12.1.5.2、11.6.1-11.6.5.2
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/9312
- POC/EXP:暂无
-
CVE-2021-22989 Advanced WAF/ASM TMUI后台远程代码执行漏洞
- 漏洞影响版本:F5 BIG-IP 16.0.0-16.0.1、15.1.0-15.1.2、14.1.0-14.1.3.1、13.1.0-13.1.3.5、12.1.0-12.1.5.2、11.6.1-11.6.5.2
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/9312
- POC/EXP:暂无
-
CVE-2021-22988 BIG-IP TMUI后台远程代码执行漏洞
- 漏洞影响版本:F5 BIG-IP 16.0.0-16.0.1、15.1.0-15.1.2、14.1.0-14.1.3.1、13.1.0-13.1.3.5、12.1.0-12.1.5.2、11.6.1-11.6.5.2
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/9312
- POC/EXP:暂无
-
CVE-2021-22987 BIG-IP TMUI后台远程代码执行漏洞
- 漏洞影响版本:F5 BIG-IP 16.0.0-16.0.1、15.1.0-15.1.2、14.1.0-14.1.3.1、13.1.0-13.1.3.5、12.1.0-12.1.5.2、11.6.1-11.6.5.2
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/9312
- POC/EXP:暂无
-
CVE-2021-22986 BIG-IP/BIG-IQ iControl REST未授权远程代码执行漏洞
- 漏洞影响版本:F5 BIG-IP 16.0.0-16.0.1、15.1.0-15.1.2、14.1.0-14.1.3.1、13.1.0-13.1.3.5、12.1.0-12.1.5.2 | F5 BIG-IQ 7.1.0-7.1.0.2、7.0.0-7.0.0.1、6.0.0-6.1.0
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/9312
- POC/EXP:https://www.freebuf.com/vuls/266971.html
- 批量利用脚本:https://github.com/Al1ex/CVE-2021-22986
-
CVE-2020-5902 F5 BIG-IP远程代码执行漏洞
- 漏洞影响版本:F5 BIG‐IP 15.1.0、15.0.0、14.1.0‐14.1.2、13.1.0‐13.1.3、12.1.0‐12.1.5、11.6.1‐11.6.5
- 漏洞介绍及修复建议:https://www.anquanke.com/post/id/209767
- POC/EXP:https://github.com/yassineaboukir/CVE-2020-5902
- 批量利用脚本:https://github.com/jas502n/CVE-2020-5902
-
MPS-2022-60494 YApi远程代码执行漏洞
- 漏洞影响版本:YApi <= 1.12.0
- 漏洞介绍及修复建议:https://www.oscs1024.com/hd/MPS-2022-60494
- POC/EXP:https://github.com/KingBridgeSS/MPS-2022-60494
-
YApi Mock 远程代码执行漏洞
- 漏洞影响版本:Yapi <= 1.9.2
- 漏洞介绍及修复建议:https://paper.seebug.org/1639
- POC/EXP:https://cloud.tencent.com/developer/article/1851526