1.以下漏洞均为作者收集,请勿用于非法渠道,POC/EXP使用与作者本人无关
2.其中涉及的影响版本都是包含该版本(如1.0.1-2.0.0表示1.0.1和2.0.2版本都受影响)
3.里面的POC/EXP和利用脚本均为作者在网上查找,并没有一一进行验证,不能保证每一个POC/EXP或脚本都没有错误
- Apache Shiro
- Apache Struts2
- Apache Log4j
- Apache CouchDB
- Apache Tomcat
- Apache Calcite
- Apache Kafka
- Nginx
- Microsoft Exchange
- Fastjson
- Spring
- Laravel
- Atlassian Confluence
- Atlassian Jira
- SSH
- Grafana
- GitLab
- WSO2 API Manager
- Jenkins
- Metabase
-
CVE-2023-22602 Apache Shiro权限绕过漏洞
- 漏洞影响版本:Apache Shiro < 1.11.0 与 Spring Boot 2.6+ 一起使用
- 漏洞介绍及修复建议:https://www.secrss.com/articles/51121
- POC/EXP:暂无
- 批量利用脚本:暂无
-
CVE-2022-32532 Apache Shiro权限绕过漏洞
- 漏洞影响版本:Apache Shiro < 1.9.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32532
- POC/EXP:https://github.com/4ra1n/CVE-2022-32532
- 批量利用脚本:暂无
-
CVE-2021-41303 Apache Shiro身份验证绕过漏洞
- 漏洞影响版本:Apache Shiro<1.8.0
- 漏洞介绍及修复建议:https://nosec.org/home/detail/4867.html
- POC/EXP:https://forum.butian.net/share/800
- 批量利用脚本:https://github.com/lockedbyte/CVE-2021-40444
-
CVE-2020-17523 Apache Shiro权限绕过漏洞
- 漏洞影响版本:Apache Shiro<1.7.1
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/9175
- POC/EXP:https://www.anquanke.com/post/id/230935
-
CVE-2020-17510 Apache Shiro身份验证绕过漏洞
- 漏洞影响版本:Apache Shiro<1.7.0
- 漏洞介绍及修复建议:https://www.anquanke.com/post/id/221343
- POC/EXP:暂无
-
CVE-2020-13933 Apache Shiro权限绕过漏洞
- 漏洞影响版本:Apache Shiro<1.6.0
- 漏洞介绍及修复建议:https://www.secrss.com/articles/24851
- POC/EXP:https://github.com/lyy289065406/CVE-2020-13933
-
CVE-2020-11989 Apache Shiro权限绕过漏洞
- 漏洞影响版本:Apache Shiro<1.5.3版本
- 漏洞介绍及修复建议:https://ppfocus.com/cn/0/didbe3e27.html
- POC/EXP:https://www.anquanke.com/post/id/222489
-
CVE-2020-1957 Apache Shiro权限绕过漏洞
- 漏洞影响版本:Apache Shiro<1.5.2
- 漏洞介绍及修复建议:http://www.siweicn.com/newsinfo/44471.html?templateId=17
- POC/EXP:https://www.freebuf.com/vuls/231909.html
-
CVE-2019-12422 Shiro721反序列化远程代码执行漏洞
- 漏洞影响版本:Apache Shiro<1.4.2
- 漏洞介绍及修复建议:https://blog.csdn.net/qq_53264525/article/details/121757496
- POC/EXP:https://yinwc.github.io/2021/06/01/shiro721%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0/
- 批量利用脚本:https://github.com/inspiringz/Shiro-721
-
CVE-2016-6802 Apache Shiro身份验证绕过漏洞复现
- 漏洞影响版本:Apache Shiro<1.3.2
- 漏洞介绍及修复建议:https://www.linuxidc.com/Linux/2016-09/135387.htm
- POC/EXP:https://www.cnblogs.com/backlion/p/14055279.html
-
CVE-2016-4437 Shiro550反序列化远程代码执行漏洞
- 漏洞影响版本:Apache Shiro<=1.2.4
- 漏洞介绍及修复建议:https://zhuanlan.zhihu.com/p/389768500
- POC/EXP:https://zhuanlan.zhihu.com/p/389768500
- 批量利用脚本:https://github.com/SummerSec/ShiroAttack2
-
CVE-2021-31805(Struts2-062) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= 2.5.29
- 漏洞介绍及修复建议:https://cn-sec.com/archives/911097.html
- POC/EXP:https://zhuanlan.zhihu.com/p/500040094
- 批量利用脚本:https://github.com/YanMu2020/s2-062
-
CVE-2020-17530(S2-061) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache struts <= 2.5.25
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2020-17530%EF%BC%89S2-061.md
-
CVE-2019-0230(S2-059) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= 2.5.20
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0230
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2019-0230%EF%BC%89S2-059.md
-
CVE-2018-11776(s2-057) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:Apache Struts <= 2.3.34 | Apache Struts <= 2.5.16
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11776
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2018-11776%EF%BC%89s2-057.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2018-1327(S2-056) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.1.1 <= Apache Struts <= 2.5.14.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1327
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2018-1327%EF%BC%89S2-056.md
-
CVE-2017-12611(S2-053) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.1 <= Apache Struts <= 2.3.33 | 2.5 Apache Struts <= 2.5.10
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12611
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2017-12611%EF%BC%89S2-053.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2017-9805(s2-052) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.1.2 <= Apache Struts <= 2.3.33 | 2.5 <= Apache Struts <= 2.5.12
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9805
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2017-9805%EF%BC%89s2-052.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2017-9791(s2-048) Apache Struts2远程代码执行漏洞
-
CVE-2017-7525(s2-055) Jackson-databind反序列化漏洞
- 漏洞影响版本:2.5 <= Apache Struts <= 2.5.14
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7525
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2017-7525%EF%BC%89s2-055.md
-
CVE-2017-5638(s2-046) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.3.5 <= Apache Struts <= 2.3.31 | 2.5.0 <= Apache Struts <= 2.5.10
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2017-5638%EF%BC%89s2-046.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2017-5638(S2-045) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.3.5 <= Apache Struts <= 2.3.31 | 2.5 <= Apache Struts <= 2.5.10
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5638
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2017-5638%EF%BC%89S2-045.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2016-6795(s2-042) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.3.20 Apache Struts 2.3.31
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6795
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2016-6795%EF%BC%89s2-042.md
-
CVE-2016-4438(s2-037) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.3.20 <= Apache Struts <= 2.3.28(2.3.20.3和2.3.24.3除外)
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4438
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2016-4438%EF%BC%89s2-037.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2016-3087(s2-033) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.3.20 <= Apache Struts <= 2.3.28(2.3.20.3和2.3.24.3除外)
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3087
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2016-3087%EF%BC%89s2-033.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2016-3081(s2-032) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.3.20 <= Apache Struts <= 2.3.28(2.3.20.3和2.3.24.3除外)
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3081
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2016-3081%EF%BC%89s2-032.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2016-0785(S2-029) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= 2.3.24.1(2.3.20.3除外)
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0785
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2016-0785%EF%BC%89S2-029.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2013-4316(s2-019) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= 2.3.15.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4316
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2013-4316%EF%BC%89s2-019.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2013-2251(s2-016) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= Struts2.3.15
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2251
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2013-2251%EF%BC%89s2-016.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2013-2248(s2-017) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= 2.3.15
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2248
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2013-2248%EF%BC%89s2-017.md
-
CVE-2013-2135/CVE-2013-2134(s2-015) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= 2.3.14.2
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2134
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2013-2135%EF%BC%89%EF%BC%88CVE-2013-2134%EF%BC%89s2-015.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2013-1966/CVE-2013-2115(S2-014) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= 2.3.14.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2115
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88%20CVE-2013-1966%EF%BC%89%EF%BC%88CVE-2013-2115%EF%BC%89S2-014.md
-
CVE-2013-1966(s2-013) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= Struts 2.3.14.2
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1966
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2013-1966%EF%BC%89s2-013.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2013-1965(s2-012) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.1.0 <= Apache Struts <= 2.3.13
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1965
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2013-1965%EF%BC%89s2-012.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2012-0838(s2-007) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:*2.0.0 <= Apache Struts <= 2.2.3
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0838
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2012-0838%EF%BC%89s2-007.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2012-0391(s2-008) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.1.0 <= Apache Struts <= 2.3.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0391
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2012-0391%EF%BC%89s2-008.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2011-3923(s2-009) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.1.0 <=Apache Struts <= 2.3.1.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3923
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2011-3923%EF%BC%89s2-009.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2010-1870(s2-005) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= 2.1.8.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2010-1870%EF%BC%89s2-005.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2008-6682(S2-002) Apache Struts2跨站脚本攻击漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= 2.0.11
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6682
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-xxxx-xxxx%EF%BC%89s2-002.md
-
CVE-2008-6504(S2-003) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= Struts 2.0.11.2
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6504
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2008-6504%EF%BC%89S2-003.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2007-4556(S2-001) Apache Struts2远程代码执行漏洞
- 漏洞影响版本:2.0.0 <= Apache Struts <= 2.0.8
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4556
- POC/EXP:http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/Apache%20Struts/%EF%BC%88CVE-2007-4556%EF%BC%89s2-001.md
- 批量利用脚本:https://github.com/HatBoy/Struts2-Scan
-
CVE-2021-44228 Log4j JNDI远程代码执行漏洞
- 漏洞影响版本:2.0 beta9 <= Apache Log4j <= 2.12.1 | 2.13.0 <= Apache Log4j <= 2.15.0-rc1
- 漏洞介绍及修复建议:https://cert.360.cn/warning/detail?id=d5dd5bbdfbb3d58c3a633e4e105e22bb
- POC/EXP:https://cloud.tencent.com/developer/article/1922132
- 批量利用脚本:https://github.com/fullhunt/log4j-scan
-
CVE-2021-45046 Log4j 2远程代码执行漏洞
- 漏洞影响版本:2.0-beta9 <= Apache Log4j <= 2.12.1 | 2.13.0 <= Apache Log4j <= 2.15.0
- 漏洞介绍及修复建议:https://cert.360.cn/warning/detail?id=fc08131e1735eb44a99798f464f51579
- POC/EXP:https://cloud.tencent.com/developer/article/1924041
- 批量利用脚本:https://github.com/fox-it/log4j-finder
-
CVE-2021-45105 Log4j 2拒绝服务漏洞
- 漏洞影响版本:2.0-alpha1 <= Apache Log4j <= 2.16.0
- 漏洞介绍及修复建议:https://vuldb.com/zh/?id.188709
- POC/EXP:https://bbs.pediy.com/thread-270955.htm
- 批量利用脚本:https://github.com/fox-it/log4j-finder
-
CVE-2021-4104 Log4j权限提升漏洞
- 漏洞影响版本:Apache Log4j 1.x
- 漏洞介绍及修复建议:https://cn-sec.com/archives/680624.html
- POC/EXP:https://avd.aliyun.com/detail?id=AVD-2021-4104
- 批量利用脚本:https://github.com/cckuailong/log4shell_1.x
-
CVE-2019-17571 Apache Log4j反序列化远程代码执行漏洞
- 漏洞影响版本:1.2.4 <= Apache log4j <= 1.2.17
- 漏洞介绍及修复建议:https://mp.weixin.qq.com/s/okU2y0izfnKXXtXG3EfLkQ
- POC/EXP:https://www.freesion.com/article/3312436042
-
CVE-2017-5645 Apache Log4j反序列化远程代码执行漏洞
- 漏洞影响版本:Apache Log4j 2.0 alpha1-Apache Log4j 2.8.1
- 漏洞介绍及修复建议:https://help.aliyun.com/document_detail/52712.html
- POC/EXP:https://cloud.tencent.com/developer/article/1701706
- 批量利用脚本:https://github.com/HynekPetrak/log4shell-finder
-
Apache CouchDB未授权访问漏洞
- 漏洞影响版本:配置有误的全版本
- 漏洞介绍及修复建议:https://cloud.tencent.com/developer/article/1624462
- POC/EXP:https://www.cmdhack.com/archives/214.html
- 批量利用脚本:https://github.com/vulhub/vulhub/blob/master/couchdb/cve-2017-12636/exp.py
-
CVE-2022-24706 Apache CouchDB权限提升漏洞
- 漏洞影响版本:CouchDB < 3.2.2
- 漏洞介绍及修复建议:https://cn-sec.com/archives/953256.html
- POC/EXP:暂无
-
CVE-2021-38295 Apache CouchDB权限许可和访问控制问题漏洞
- 漏洞影响版本:Apache CouchDB < 3.1.2
- 漏洞介绍及修复建议:https://www.sxxdckj.com/cms/a/Apache-CouchDB-quan-xian-xu-ke-he-fang-wen-kong-zhi-wen-ti-lou-dong.html
- POC/EXP:https://github.com/ProfessionallyEvil/CVE-2021-38295-PoC
-
CVE-2020-1955 Apache CouchDB远程权限提升漏洞
- 漏洞影响版本:CouchDB 3.0.0
- 漏洞介绍及修复建议:https://www.sxxdckj.com/cms/a/Apache-CouchDB-an-quan-lou-dong.html
- POC/EXP:暂无
-
CVE-2018-11769 远程代码执行漏洞
- 漏洞影响版本:CouchDB < 2.2.0
- 漏洞介绍及修复建议:http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201808-250
- POC/EXP:暂无
-
CVE-2018-8007 Apache CouchDB任意代码执行漏洞
- 漏洞影响版本:Apache CouchDB < 1.7.2 | Apache CouchDB < 2.1.2
- 漏洞介绍及修复建议:http://www.h3c.com/cn/d_201810/1115308_30003_0.htm
- POC/EXP:暂无
-
CVE-2017-12636 Couchdb任意命令执行漏洞
- 漏洞影响版本:CouchDB < 1.7.0 | 2.x < CouchDB < 2.1.1
- 漏洞介绍及修复建议:https://docs.couchdb.org/en/stable/cve/2017-12636.html
- POC/EXP:https://www.freebuf.com/articles/web/258159.html
- 批量利用脚本:https://github.com/XTeam-Wing/CVE-2017-12636
-
CVE-2017-12635 CouchDB垂直越权漏洞
- 漏洞影响版本:CouchDB < 1.7.0 | 2.x < CouchDB < 2.1.1
- 漏洞介绍及修复建议:https://docs.couchdb.org/en/stable/cve/2017-12635.html
- POC/EXP:https://www.freebuf.com/vuls/266890.html
-
CVE-2016-8742 本地提权漏洞
- 漏洞影响版本:CouchDB 2.0.0(windows)
- 漏洞介绍及修复建议:https://vuldb.com/zh/?id.113146
- POC/EXP:https://www.exploit-db.com/exploits/40865
-
CVE-2020-1938 Tomcat文件包含漏洞
- 漏洞影响版本:Apache Tomcat == 6 | 7.0.0 <= Apache Tomcat < 7.0.100 | 8.0.0 <= Apache Tomcat < 8.5.51 | 9.0.0 <= Apache Tomcat < 9.0.31
- 漏洞介绍及修复建议:https://www.cstis.cn/post/57d1c5fb-e59b-5d14-44b1-b8fd498b52a5
- POC/EXP:https://cloud.tencent.com/developer/article/1933538
- 批量利用脚本:https://github.com/00theway/Ghostcat-CNVD-2020-10487
-
CVE-2019-0232 Apache Tomcat远程代码执行漏洞
- 漏洞影响版本:9.0.0.M1 <= Apache Tomcat <= 9.0.17 | 8.5.0 <= Apache Tomcat <= 8.5.39 | 7.0.0 <= Apache Tomcat <= 7.0.93
- 漏洞介绍及修复建议:https://cloud.tencent.com/developer/article/1526490
- POC/EXP:https://cloud.tencent.com/developer/article/1590031
- 批量利用脚本:https://github.com/jas502n/CVE-2019-0232
-
CVE-2017-12615 Tomcat远程代码执行漏洞
- 漏洞影响版本:7.0.0 <= Apache Tomcat <= 7.0.81
- 漏洞介绍及修复建议:http://blog.nsfocus.net/cve-2017-12615-update/
- POC/EXP:https://www.freebuf.com/column/161349.html
- 批量利用脚本:https://github.com/mefulton/cve-2017-12615
-
CVE-2016-8735 Tomcat反序列化代码执行漏洞
- 漏洞影响版本:9.0.0.M1 <= Apache Tomcat <= 9.0.0.M11 | 8.5.0 <= Apache Tomcat <= 8.5.6 | 8.0.0.RC1 <= Apache Tomcat <= 8.0.38 | 7.0.0 <= Apache Tomcat <= 7.0.72 | 6.0.0 <= Apache Tomcat <= 6.0.47
- 漏洞介绍及修复建议:https://www.anquanke.com/post/id/85043
- POC/EXP:https://www.cnblogs.com/csnd/p/11807623.html
-
CVE-2016-1240 Tomcat本地提权漏洞
- 漏洞影响版本:**8.0.0 <= Tomcat 8 <= 8.0.36-2 | 7.0.0 <= Tomcat 7 <= 7.0.70-2 | 6.0.0 <= Tomcat <= 6.0.45+dfsg-1~deb8u1
- 漏洞介绍及修复建议:https://cloud.tencent.com/developer/article/1090973
- POC/EXP:https://in4k.xyz/37004/cve-2016-1240%EF%BC%88tomcat%E6%9C%AC%E5%9C%B0%E6%8F%90%E6%9D%83%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%B8%8E%E5%A4%8D%E7%8E%B0%EF%BC%89fly
-
Tomcat 部署war包远程代码执行漏洞
- 漏洞影响版本:任意版本
- 漏洞介绍及修复建议:https://www.jianshu.com/p/399ec58bc3ae
- POC/EXP:https://www.jianshu.com/p/399ec58bc3ae
-
Tomcat样例目录session操纵漏洞
- 漏洞影响版本:任意版本
- 漏洞介绍及修复建议:https://blog.csdn.net/weixin_44455388/article/details/120900834
- POC/EXP:https://www.freebuf.com/column/189435.html
- CVE-2022-39135 Apache Calcite XML外部实体注入漏洞
- 漏洞影响版本:Apache Calcite < 1.32.0
- 漏洞介绍及修复建议:https://ti.qianxin.com/vulnerability/detail/252758
- POC/EXP:https://issues.apache.org/jira/browse/CALCITE-5263
-
CVE-2023-25194 Apache Kafka Connect JNDI注入漏洞
- 漏洞影响版本:2.3.0 <= Apache Kafka <= 3.3.2
- 漏洞介绍及修复建议:https://www.secrss.com/articles/51728
- POC/EXP:暂无
-
CVE-2022-34917 Apache Kafka Broker拒绝服务攻击
- 漏洞影响版本:2.8.0 <= Apache Kafka <= 2.8.2 | 3.0.0 <= Apache Kafka <= 3.0.2 | 3.1.0 <= Apache Kafka <= 3.1.2 | 3.2.0 <= Apache Kafka <= 3.2.3
- 漏洞介绍及修复建议:https://www.4hou.com/shop/posts/6Vv7
- POC/EXP:暂无
-
CVE-2021-23017 Nginx DNS解析拒绝服务/远程代码执行漏洞
- 漏洞影响版本:0.6.18 <= Nginx <= 1.20.0
- 漏洞介绍及修复建议:https://cn-sec.com/archives/384974.html
- POC/EXP:https://www.freebuf.com/vuls/276543.html
-
CVE-2017-7529 Nginx越界读取缓存漏洞
- 漏洞影响版本:0.5.6 <= Nginx <= 1.13.2
- 漏洞介绍及修复建议:https://developer.aliyun.com/ask/239551
- POC/EXP:https://cloud.tencent.com/developer/article/1680569
-
CVE-2013-4547 Nginx文件名逻辑漏洞
- 漏洞影响版本:0.8.41 <= Nginx <= 1.5.6
- 漏洞介绍及修复建议:https://www.cnblogs.com/yuzly/p/11221564.html
- POC/EXP:https://www.jianshu.com/p/8d8345accd08
-
Nginx解析漏洞
- 漏洞影响版本:与Nginx版本无关,由于用户配置错误导致
- 漏洞介绍及修复建议:https://www.cnblogs.com/yuzly/p/11208742.html
- POC/EXP:https://www.cnblogs.com/yuzly/p/11208742.html
-
CVE-2022-41082 Microsoft Exchange Server 远程代码执行漏洞
- 漏洞影响版本:Microsoft Exchange Server 2013 Cumulative Update 23 | Microsoft Exchange Server 2016 Cumulative Update 22 | Microsoft Exchange Server 2016 Cumulative Update 23 | Microsoft Exchange Server 2019 Cumulative Update 11 | Microsoft Exchange Server 2019 Cumulative Update 12
- 漏洞介绍及修复建议:https://cn-sec.com/archives/1484656.html
- POC/EXP:https://github.com/balki97/OWASSRF-CVE-2022-41082-POC
-
CVE-2022-41080 Exchange Server权限提升漏洞
- 漏洞影响版本:Microsoft Exchange Server 2013 Cumulative Update 23 | Microsoft Exchange Server 2016 Cumulative Update 22 | Microsoft Exchange Server 2016 Cumulative Update 23 | Microsoft Exchange Server 2019 Cumulative Update 11 | Microsoft Exchange Server 2019 Cumulative Update 12
- 漏洞介绍及修复建议:https://cn-sec.com/archives/1484656.html
- POC/EXP:https://github.com/ohnonoyesyes/CVE-2022-41080
-
CVE-2022-41040 Microsoft Exchange Server服务器端请求伪造(SSRF)漏洞
- 漏洞影响版本:Microsoft Exchange Server 2013 Cumulative Update 23 | Microsoft Exchange Server 2016 Cumulative Update 22 | Microsoft Exchange Server 2016 Cumulative Update 23 | Microsoft Exchange Server 2019 Cumulative Update 11 | Microsoft Exchange Server 2019 Cumulative Update 12
- 漏洞介绍及修复建议:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41040
- POC/EXP:https://github.com/testanull/ProxyNotShell-PoC
-
Fastjson 小于1.2.83远程代码执行漏洞
- 漏洞影响版本:1.2.76 <= fastjson < 1.2.83
- 漏洞介绍及修复建议:https://www.hetianlab.com/specialized/20220721143329
- POC/EXP:https://github.com/Lonely-night/fastjsonVul
-
Fastjson 小于等于1.2.68远程代码执行漏洞
- 漏洞影响版本:Fastjson <= 1.2.68
- 漏洞介绍及修复建议:https://cloud.tencent.com/developer/article/1829644
- POC/EXP:https://cloud.tencent.com/developer/article/1829644
-
Fastjson 小于等于1.2.66 CauchoQuercus远程命令执行漏洞
- 漏洞影响版本:Fastjson <= 1.2.66
- 漏洞介绍及修复建议:https://www.freebuf.com/vuls/276812.html
- POC/EXP:https://www.cnblogs.com/0x28/p/14379792.html
-
Fastjson 小于等于1.2.62远程命令执行漏洞
- 漏洞影响版本:Fastjson <= 1.2.62
- 漏洞介绍及修复建议:https://www.freebuf.com/vuls/276812.html
- POC/EXP:https://www.cnblogs.com/tr1ple/p/12348886.html
-
Fastjson 1.2.47远程命令执行漏洞
- 漏洞影响版本:Fastjson <= 1.2.47
- 漏洞介绍及修复建议:https://www.freebuf.com/vuls/276812.html
- POC/EXP:https://cloud.tencent.com/developer/article/1835864
-
Fastjson 小于等于1.2.45远程代码执行漏洞
- 漏洞影响版本:Fastjson <= 1.2.45
- 漏洞介绍及修复建议:https://www.freebuf.com/vuls/276812.html
- POC/EXP:https://www.freebuf.com/vuls/276812.html
-
Fastjson 1.2.42 远程代码执行漏洞
- 漏洞影响版本:Fastjson = 1.2.42
- 漏洞介绍及修复建议:https://www.freebuf.com/vuls/276812.html
- POC/EXP:https://www.cnblogs.com/0x28/p/14378708.html
-
Fastjson 1.2.41 远程代码执行漏洞
- 漏洞影响版本:1.2.25 < Fastjson < 1.2.41
- 漏洞介绍及修复建议:https://www.freebuf.com/vuls/276812.html
- POC/EXP:https://www.cnblogs.com/0x28/p/14378502.html
-
CVE-2017-18349 Fastjson 1.2.24反序列化任意命令执行漏洞
- 漏洞影响版本:Fastjson < 1.2.25
- 漏洞介绍及修复建议:https://blog.csdn.net/HEAVEN569/article/details/125390348
- POC/EXP:https://github.com/h0cksr/Fastjson--CVE-2017-18349-
-
CVE-2022-22965 Spring框架远程代码执行漏洞
- 漏洞影响版本:5.3.0 <= Spring Framework <= 5.3.17 | 5.2.0 <= Spring Framework <= 5.2.19 | Spring Framework 以及更早的版本
- 漏洞介绍及修复建议:https://www.secpulse.com/archives/176181.html
- POC/EXP:https://cn-sec.com/archives/884659.html
- 批量利用脚本:https://github.com/BobTheShoplifter/Spring4Shell-POC
-
CVE-2022-22963 Spring Cloud Function SPEL远程命令执行漏洞
- 漏洞影响版本:3.0.0.RELEASE <= Spring Cloud Function <= 3.2.2(注:3.1.7版本不受影响。部分版本进行特定配置的动态路才会受该漏洞影响)
- 漏洞介绍及修复建议:https://mp.weixin.qq.com/s/U7YJ3FttuWSOgCodVSqemg
- POC/EXP:https://github.com/hktalent/spring-spel-0day-poc
-
CVE-2022-22947 Spring Cloud Gateway远程代码执行漏洞
- 漏洞影响版本:Spring Cloud Gateway<3.1.1、Spring Cloud Gateway<3.0.7、Spring Cloud Gateway 其他已不再更新的版本
- 漏洞介绍及修复建议:https://spring.io/blog/2022/03/01/spring-cloud-gateway-cve-reports-published
- POC/EXP:https://github.com/vulhub/vulhub/blob/master/spring/CVE-2022-22947/README.zh-cn.md
- 批量利用脚本:https://github.com/chaosec2021/CVE-2022-22947-POC
-
CVE-2022-30778 Laravel 9.1.8反序列化漏洞
- 漏洞影响版本:Laravel = 9.1.8
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/11362
- POC/EXP:https://github.com/kang8/CVE-2022-30778
-
CVE-2021-43503 Laravel远程代码执行漏洞
- 漏洞影响版本:Laravel = 5.8.38
- 漏洞介绍及修复建议:https://mp.weixin.qq.com/s/WI8sKeldDPgYSgFQHHConw
- POC/EXP:暂无
- 批量利用脚本:暂无
-
CVE-2021-3129 Laravel Debug mode远程代码执行漏洞
- 漏洞影响版本:Laravel < 8.4.3 | Facade Ignition < 2.5.2
- 漏洞介绍及修复建议:https://www.huaweicloud.com/notice/2018/20210113190058045.html
- POC/EXP:https://www.anquanke.com/post/id/231459
- 批量利用工具:https://github.com/SNCKER/CVE-2021-3129
-
CVE-2018-15133 laravel API_KEY泄露远程代码执行漏洞
- 漏洞影响版本:5.5.x <= Laravel <= 5.5.40 | 5.6.x <= Laravel <= 5.6.29
- 漏洞介绍及修复建议:https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30
- POC/EXP:http://blog.tuo0.com/2018/12/16/php/laravel-CVE-2018-15133%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/
- 批量利用工具:https://github.com/aljavier/exploit_laravel_cve-2018-15133
-
CVE-2023-22518 - Confluence 数据中心和服务器中的不当授权漏洞
- 漏洞影响版本:Atlassian confluence < 7.19.16 | Atlassian confluence < 8.3.4 | Atlassian confluence < 8.4.4 | Atlassian confluence < 8.5.3 | Atlassian confluence < 8.6.1
- 漏洞介绍及修复建议:https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html
- POC/EXP:https://mp.weixin.qq.com/s/UnhFgWTTQWSJSIzDSxJVMg
-
CVE-2023-22515 - Confluence 数据中心和服务器中的访问控制漏洞
- 漏洞影响版本:Confluence Data Center and Confluence Server == 8.0.0 | Confluence Data Center and Confluence Server == 8.0.1 | Confluence Data Center and Confluence Server == 8.0.2 | Confluence Data Center and Confluence Server == 8.0.3 | Confluence Data Center and Confluence Server == 8.0.4 | Confluence Data Center and Confluence Server == 8.1.0 | Confluence Data Center and Confluence Server == 8.1.1 | Confluence Data Center and Confluence Server == 8.1.3 | Confluence Data Center and Confluence Server == 8.1.4 | Confluence Data Center and Confluence Server == 8.2.0 | Confluence Data Center and Confluence Server == 8.2.1 | Confluence Data Center and Confluence Server == 8.2.2 | Confluence Data Center and Confluence Server == 8.2.3 | Confluence Data Center and Confluence Server == 8.3.0 | Confluence Data Center and Confluence Server == 8.3.1 | Confluence Data Center and Confluence Server == 8.3.2 | Confluence Data Center and Confluence Server == 8.4.0 | Confluence Data Center and Confluence Server == 8.4.1 | Confluence Data Center and Confluence Server == 8.4.2 | Confluence Data Center and Confluence Server == 8.5.0 | Confluence Data Center and Confluence Server == 8.5.1
- 漏洞介绍及修复建议:https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
- POC/EXP:https://github.com/Chocapikk/CVE-2023-22515
-
CVE-2022-26138 Confluence Server硬编码漏洞
- 漏洞影响版本:Questions for Confluence app == 2.7.34 | Questions for Confluence app == 2.7.35 | Questions for Confluence app == 3.0.2
- 漏洞介绍及修复建议:https://www.anquanke.com/post/id/277532
- POC/EXP:https://github.com/alcaparra/CVE-2022-26138
- 批量利用脚本:https://github.com/alcaparra/CVE-2022-26138
-
CVE-2022-26134 Confluence OGNL注入漏洞
- 漏洞影响版本:目前所有未安装最新补丁的 Confluence Server 和 Confluence Data Center 都受到该漏洞影响
- 漏洞介绍及修复建议:https://doc.devpod.cn/conf/confluence-cve-2021-26084-ognl-4980775.html
- POC/EXP:https://github.com/vulhub/vulhub/blob/master/confluence/CVE-2022-26134/README.zh-cn.md
- 批量利用脚本:https://github.com/Nwqda/CVE-2022-26134
-
CVE-2021-26084 Confluence OGNL注入漏洞
- 漏洞影响版本:Confluence < 6.13.23 | 6.14.0 <= Confluence < 7.4.11 | 7.5.0 <= Confluence < 7.11.6 | 7.12.0 <= Confluence < 7.12.5 | Confluence < 7.13.0
- 漏洞介绍及修复建议:https://cn-sec.com/archives/785379.html
- POC/EXP:https://i4k.xyz/article/wangqiao258/120726231
- 批量利用脚本:https://github.com/h3v0x/CVE-2021-26084_Confluence
-
CVE-2019-3398 Confluence路径穿越漏洞
- 漏洞影响版本:Confluence < 6.6.14 | 6.7.x < Confluence < 6.11.x | 6.12.x < Confluence < 6.12.4 | 6.13.x < Confluence < 6.13.4 | 6.14.x < Confluence < 6.14.3 | 6.15.x < Confluence < 6.15.2
- 漏洞介绍及修复建议:https://www.anquanke.com/post/id/176808
- POC/EXP:https://www.cxymm.net/article/qq_40989258/105274370
- 批量利用脚本:https://github.com/superevr/cve-2019-3398
-
CVE-2019-3396 Confluence远程代码执行漏洞
- 漏洞影响版本:6.6.x < Confluence < 6.6.12 | 6.12.x < Confluence < 6.12.3 | 6.13.x < Confluence < 6.13.13 | 6.14.x < Confluence < 6.14.2
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/8836
- POC/EXP:https://www.secpulse.com/archives/156012.html
- 批量利用脚本:https://github.com/Yt1g3r/CVE-2019-3396_EXP
-
CVE-2019-3395 Confluence SSRF漏洞
- 漏洞影响版本:Confluence < 6.6.7 | 6.7.0 <= Confluence < 6.8.5(6.8.x的修复版) | 6.9.0 <= version < 6.9.3(6.9.x的修复版)
- 漏洞介绍及修复建议:https://cloud.tencent.com/developer/article/1526489
- POC/EXP:https://blog.csdn.net/caiqiiqi/article/details/103046274
-
CVE-2019-3394 Confluence文件读取漏洞
- 漏洞影响版本:6.1.0 <= Confluence < 6.6.16 | 6.7.0 <= Confluence < 6.13.7 | 6.14.0 <= Confluence < 6.15.8
- 漏洞介绍及修复建议:https://www.secpulse.com/archives/111659.html
- POC/EXP:https://cloud.tencent.com/developer/article/1553935
-
CVE-2017-7415 Confluence未授权信息泄露漏洞
- 漏洞影响版本:6.0.x < Confluence < 6.0.7
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7415
- POC/EXP:https://codeantenna.com/a/l8UxVWQtSr
-
CVE-2023-22501 Atlassian Jira身份认证绕过漏洞
- 漏洞影响版本:5.3.0 <= Jira Service Management Server/Data Center <= 5.3.2 | 5.4.0 <= Jira Service Management Server/Data Center <= 5.4.1 | Jira Service Management Server/Data Center == 5.5.0
- 漏洞介绍及修复建议:https://www.secrss.com/articles/51629
- POC/EXP:暂无
- 批量利用脚本:暂无
-
CVE-2022-36799 Atlassian Jira模板注入漏洞
- 漏洞影响版本:Atlassian Jira Server&Data Center < 8.13.19 | 8.14.0 ≤ Atlassian Jira Server&Data Center < 8.20.7 | 8.21.0 ≤ Atlassian Jira Server&Data Center < 8.22.1
- 漏洞介绍及修复建议:https://cn-sec.com/archives/1221844.html
- POC/EXP:暂无
- 批量利用脚本:暂无
-
CVE-2022-26135 Atlassian Jira服务端请求伪造漏洞(SSRF)
- 漏洞影响版本:8.0 < Jira Core Server/Jira Software Server/Jira Software Data Center < 8.13.22 | Jira Core Server/Jira Software Server/Jira Software Data Center == 8.14.x | Jira Core Server/Jira Software Server/Jira Software Data Center == 8.15.x | Jira Core Server/Jira Software Server/Jira Software Data Center == 8.16.x | Jira Core Server/Jira Software Server/Jira Software Data Center == 8.17.x | Jira Core Server/Jira Software Server/Jira Software Data Center == 8.18.x | Jira Core Server/Jira Software Server/Jira Software Data Center == 8.19.x | 8.20.x < Jira Core Server/Jira Software Server/Jira Software Data Center < 8.20.10 | Jira Core Server/Jira Software Server/Jira Software Data Center == 8.21.x | 8.22.x < Jira Core Server/Jira Software Server/Jira Software Data Center < 8.22.4 | 4.0 < Jira Service Management Server and Data Center < 4.13.22 | Jira Service Management Server and Data Center == 4.14.x | Jira Service Management Server and Data Center == 4.15.x | Jira Service Management Server and Data Center == 4.16.x | Jira Service Management Server and Data Center == 4.17.x | Jira Service Management Server and Data Center == 4.18.x | Jira Service Management Server and Data Center == 4.19.x | 4.20.x < Jira Service Management Server and Data Center < 4.20.10 | Jira Service Management Server and Data Center == 4.21.x | 4.22.x < Jira Service Management Server and Data Center < 4.22.4
- 漏洞介绍及修复建议:https://confluence.atlassian.com/jira/jira-server-security-advisory-29nd-june-2022-1142430667.html
- POC/EXP:https://blog.assetnote.io/2022/06/26/exploiting-ssrf-in-jira/
- 批量利用工具:https://github.com/assetnote/jira-mobile-ssrf-exploit
-
CVE-2022-0540 Atlassian Jira身份验证绕过漏洞
- 漏洞影响版本:Jira所有版本 < 8.13.18 | Jira(8.14.x、8.15.x、8.16.x、8.17.x、8.18.x、8.19.x) | 8.20.x < Jira < 8.20.6 | Jira(8.21.x) | Jira Service Management所有版本 < 4.13.18 | Jira Service Management(4.14.x、4.15.x、4.16.x、4.17.x、4.18.x、4.19.x) | 4.20.x < Jira Service Management < 4.20.6 | Jira Service Management(4.21.x)
- 漏洞介绍及修复建议:https://mp.weixin.qq.com/s/9REi0hc-97-r6j1R-WFIWA
- POC/EXP:https://github.com/Pear1y/CVE-2022-0540-RCE
- 批量利用工具:暂无
-
CVE-2021-26086 Jira文件读取漏洞
- 漏洞影响版本:Jira < 8.5.14 | 8.6.0 ≤ jira < 8.13.6 | 8.14.0 ≤ jira < 8.16.1
- 漏洞介绍及修复建议:https://cn-sec.com/archives/729520.html
- POC/EXP:https://github.com/ColdFusionX/CVE-2021-26086
- 批量利用工具:暂无
-
CVE-2020-14181 Jira用户名枚举漏洞
- 漏洞影响版本:Jira < 7.13.6|8.0.0 <= Jira < 8.5.7 Jira 8.6.0 <= Jira < 8.12.0
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14181
- POC/EXP:https://blog.csdn.net/xuandao_ahfengren/article/details/115003863
- 批量利用工具:暂无
-
CVE-2020-14179 Jira信息泄露漏洞
- 漏洞影响版本:Jira < 8.5.8 | 8.6.0<= Jira <8.11.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14179
- POC/EXP:http://www.nsfocus.net/vulndb/49649
- 批量利用工具:暂无
-
CVE-2019-11589 open redirect漏洞
- 漏洞影响版本:Jira < 7.13.6 | 8.0.0 < Jira < 8.2.3 | 8.3.0 < Jira < 8.3.2
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11589
- POC/EXP:暂无
-
CVE-2019-11584 MigratePriorityScheme XSS漏洞
- 漏洞影响版本:Jira < 8.3.2
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11584
- POC/EXP:暂无
-
CVE-2019-11581 Atlassian Jira未授权模板注入漏洞
- 漏洞影响版本:4.4.0 < Jira < 7.6.14 | 8.2.0 < Jira < 8.2.3 | 7.7.0 < Jira < 7.13.5 | 8.0.0 < Jira < 8.0.3 | 8.1.0 < Jira < 8.1.2
- 漏洞介绍及修复建议:https://cloud.tencent.com/developer/article/1526557
- POC/EXP:http://cn-sec.com/archives/202438.html
- 批量利用脚本:https://github.com/kobs0N/CVE-2019-11581
-
CVE-2019-8451 Atlassian Jira未授权SSRF漏洞
- 漏洞影响版本:Jira < 8.4.0
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8451
- POC/EXP:https://cloud.tencent.com/developer/article/1518348
- 批量利用脚本:https://github.com/jas502n/CVE-2019-8451
-
CVE-2019-8449 Atlassian Jira信息泄露漏洞
- 漏洞影响版本:7.12< Jira <8.4.0
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8449
- POC/EXP:https://www.cnblogs.com/yuzly/p/13754309.html
-
CVE-2019-8444 Atlassian Jira存储型XSS漏洞
- 漏洞影响版本:Jira < 7.13.6 | 8.0.0 <= Jira < 8.3.2
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8444
- POC/EXP:https://blog.csdn.net/caiqiiqi/article/details/100094987
-
CVE-2019-3403 信息泄露(用户名枚举)漏洞
- 漏洞影响版本:Jira < 7.13.3 | 8.0.0 < Jira < 8.0.4| 8.1.0 < Jira < 8.1.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3403
- POC/EXP:https://caiqiqi.github.io/2019/11/03/Atlassian-Jira%E6%BC%8F%E6%B4%9E%E5%A4%A7%E6%9D%82%E7%83%A9/
-
CVE-2018-13404 Atlassian Jira VerifyPopServerConnection功能SSRF漏洞
- 漏洞影响版本:**Jira < 7.6.10 | 7.7.x < Jira < 7.7.5 | 7.8.x < Jira < 7.8.5 | 7.9.x < Jira < 7.9.3 | 7.10.x < Jira < 7.10.3 | 7.11.x < Jira <7.11.3 | 7.12.x < Jira < 7.12.3 | 7.13.x < Jira < 7.13.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13404
- POC/EXP:https://blog.csdn.net/caiqiiqi/article/details/89923922
-
CVE-2017-9506 Atlassian OAuth插件SSRF漏洞
- 漏洞影响版本:**1.3.0 < Atlassian OAuth插件 < 1.9.12 | 2.0.0 < Atlassian OAuth插件 < 2.0.4(注意:Jira和Confluence中都有这个插件)
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9506
- POC/EXP:https://blog.csdn.net/caiqiiqi/article/details/89512133
-
CVE-2017-5983 Jira Workflow Designer插件XXE/RCE漏洞
- 漏洞影响版本:JIRA < 6.3.0
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5983
- POC/EXP:暂无
-
CVE-2020-15778 OpenSSH命令注入漏洞
- 漏洞影响版本:OpenSSH <= OpenSSH-8.3p1
- 漏洞介绍及修复建议:https://www.daimajiaoliu.com/daima/7b7b72151c14406
- POC/EXP:https://www.freebuf.com/vuls/256997.html
-
CVE-2018-15473 SSH用户名枚举漏洞
- 漏洞影响版本:2.3 <= OpenSSH <= 7.7
- 漏洞介绍及修复建议:http://blog.nsfocus.net/openssh-cve-2018-15919/
- POC/EXP:https://icode.best/i/04965035456700
- 批量利用脚本:https://github.com/epi052/cve-2018-15473
-
CVE–2017–1000117 SSH命令注入漏洞
- 漏洞影响版本:Git < 2.14.1
- 漏洞介绍及修复建议:https://cert.360.cn/warning/detail?id=9ba8d91f9f69c50cae5050196f39bb0c
- POC/EXP:https://blog.csdn.net/yalecaltech/article/details/88975146
- 批量利用脚本:https://github.com/AnonymKing/CVE-2017-1000117
-
CVE-2022-32276 Grafana未经授权任意访问漏洞
- 漏洞影响版本:Grafana == 8.4.3(b7d2911ca 适用于 8.5.5)
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32276
- POC/EXP:https://github.com/BrotherOfJhonny/grafana/blob/main/README.md
-
CVE-2021-39226 快照身份验证绕过漏洞
- 漏洞影响版本:Grafana <= 7.5.11 | 8.0.0<= Grafana <=8.1.6
- 漏洞介绍及修复建议:https://www.wangan.com/p/7fy7472338e6e610
- POC/EXP:https://github.com/grafana/grafana/security/advisories/GHSA-69j6-29vr-p3j9
-
CVE-2021-43798 Grafana文件读取漏洞
- 漏洞影响版本:8.0.0-beta1 <= Grafana <= 8.3.0
- 漏洞介绍及修复建议:https://cloud.tencent.com/developer/article/1973276
- POC/EXP:https://blog.riskivy.com/grafana-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%B8%8E%E6%B1%87%E6%80%BBcve-2021-43798/
-
CVE-2022-32276 Grafana未授权访问漏洞
- 漏洞影响版本:Grafana == 8.4.3
- 漏洞介绍及修复建议:https://vulmon.com/vulnerabilitydetails?qid=CVE-2022-32276&scoretype=cvssv3
- POC/EXP:https://github.com/BrotherOfJhonny/grafana/blob/main/README.md
-
CVE-2022-32275 Grafana任意文件读取漏洞
- 漏洞影响版本:Grafana == 8.4.3
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32275
- POC/EXP:https://github.com/BrotherOfJhonny/grafana/blob/main/README.md
-
CVE-2022-26148 Grafana敏感信息泄露漏洞
- 漏洞影响版本:Grafana <= 7.3.4
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-26148
- POC/EXP:https://mp.weixin.qq.com/s/xubVeiKwmwK4Eiqk1KlTEA
-
CVE-2022-24812 Grafana Enterprise fine-grained access control API Key权限提升漏洞
- 漏洞影响版本:8.1.0-beta1 <= Grafana Enterprise <= 8.4.5
- 漏洞介绍及修复建议:https://github.com/grafana/grafana/security/advisories/GHSA-82gq-xfg3-5j7v
- POC/EXP:暂无
-
CVE-2021-43798 Grafana任意文件读取漏洞
- 漏洞影响版本:8.0.0 <= Grafana <= 8.3.0系列
- 漏洞介绍及修复建议:https://www.wangan.com/p/7fy74775e35b0e9b
- POC/EXP:https://cloud.tencent.com/developer/article/1922065
- 批量利用工具:https://github.com/ScorpionsMAX/CVE-2021-43798-Grafana-POC
-
CVE-2020-24303 Grafana QUERY跨网站脚本漏洞
- 漏洞影响版本:Grafana < 7.1.0-beta 1
- 漏洞介绍及修复建议:https://vuldb.com/zh/?id.164026
- POC/EXP:暂无
-
CVE-2022-2992 GitLab远程代码执行漏洞
- 漏洞影响版本:11.10 <= Gitlab < 15.1.6 | 15.2 <= Gitlab < 15.2.4 | 15.3 <= Gitlab < 15.3.2
- 漏洞介绍及修复建议:https://mp.weixin.qq.com/s/fmCZ1LMuTI1UdVX0QWjqGA
- POC/EXP:暂无
-
CVE-2022-2884 GitLab远程代码执行漏洞
- 漏洞影响版本:11.3.4 <= GitLab CE/EE < 15.1.5 | 15.2 <= GitLab CE/EE < 15.2.3 | 15.3 ≤ GitLab CE/EE < 15.3.1
- 漏洞介绍及修复建议:https://mp.weixin.qq.com/s/8dLLGvpOKh5lk6Os_gGimg
- POC/EXP:暂无
-
CVE-2022-2185 GitLab远程代码执行漏洞
- 漏洞影响版本:14.0 < GitLab(CE/EE) < 14.0.5 | 15.0 < GitLab(CE/EE) < 15.0.4 | 15.1 < GitLab(CE/EE) < 15.1.1
- 漏洞介绍及修复建议:https://www.anquanke.com/post/id/275796
- POC/EXP:https://starlabs.sg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185
- 批量利用脚本:https://github.com/safe3s/CVE-2022-2185-poc
-
CVE-2022-1162 Gitlab OAuth注册默认口令漏洞分析
- 漏洞影响版本:14.7 <= Gitlab CE/EE <14.7.7 | 14.8 <= Gitlab CE/EE < 14.8.5 | 14.9 <= Gitlab CE/EE < 14.9.2
- 漏洞介绍及修复建议:https://cert.360.cn/warning/detail?id=a1e0e3778899b23b80b8ff0ea5992c83
- POC/EXP:https://cn-sec.com/archives/887202.html
-
CVE-2021-22205 GitLab远程代码执行漏洞
- 漏洞影响版本:Gitlab CE/EE 11.9-13.8.8 | 13.9-13.9.6 | 13.10-13.10.3
- 漏洞介绍及修复建议:https://cert.360.cn/warning/detail?id=3a92c000fa976ff46b5e9ce85e165477
- POC/EXP:https://www.ddosi.org/cve-2021-22205
- 批量利用工具:https://github.com/Al1ex/CVE-2021-22205
-
CVE-2021-22214 Gitlab API未授权SSRF漏洞
- 漏洞影响版本:GitLab 13.10.5-10.5 | 13.11.5-13.11 | 13.12.2-13.12
- 漏洞介绍及修复建议:https://nosec.org/home/detail/4772.html
- POC/EXP:https://cloud.tencent.com/developer/article/1851527
- 批量利用工具:https://github.com/r0ckysec/CVE-2021-22214
-
CVE-2020-25104 Gitlab存储型XSS漏洞
- 漏洞影响版本:Gitlab <= eramba Enterprise e2.19.3 | Gitlab <= eramba 社区版c2.8.1
- 漏洞介绍及修复建议:https://nvd.nist.gov/vuln/detail/CVE-2020-25104
- POC/EXP:https://gitlab.com/gitlab-com/gl-security/disclosures/-/blob/master/005_eramba/eramba_persistent_xss.md
-
CVE-2020-10977 任意文件读取漏洞
- 漏洞影响版本:GitLab EE/CE 8.5-12.9
- 漏洞介绍及修复建议:https://www.freebuf.com/vuls/235982.html
- POC/EXP:https://atsud0.me/2021/03/09/CVE-2020-10977%E6%BC%8F%E6%B4%9E%E5%A4%8D%E7%8E%B0
- 批量利用工具:https://github.com/thewhiteh4t/cve-2020-10977
-
CVE-2018-18649 Gitlab Wiki API远程代码执行漏洞
- 漏洞影响版本:Gitlab CE/EE 11.3及之后的版本
- 漏洞介绍及修复建议:https://xz.aliyun.com/t/8818
- POC/EXP:http://blog.leanote.com/post/snowming/b1a0b71e55c7
- 批量利用工具:https://github.com/Snowming04/CVE-2018-18649
-
CVE-2018-14364 Gitlab远程代码执行漏洞
- 漏洞影响版本:GitLab CE/EE 8.9.0-9.5.10、10.0.0-10.1.5、10.2.0-10.2.5、10.3.0-10.3.3
- 漏洞介绍及修复建议:https://www.its203.com/article/YouthBelief/121279641?2022-03-04
- POC/EXP:https://www.codetd.com/article/13363173
-
CVE-2017-0882 Gitlab敏感信息泄露漏洞
- 漏洞影响版本:GitLab 8.7.0-8.15.7、8.16.0-8.16.7、8.17.0-8.17.3
- 漏洞介绍及修复建议:https://help.aliyun.com/document_detail/51855.html
- POC/EXP:https://www.daimajiaoliu.com/daima/481c4066610041c
-
CVE-2016-9086 Gitlab任意文件读取漏洞
- 漏洞影响版本:Gitlab 8.9、8.10、8.11、8.12 and 8.13
- 漏洞介绍及修复建议:https://github.com/vulhub/vulhub/blob/master/gitlab/CVE-2016-9086/README.zh-cn.md
- POC/EXP:https://cloud.tencent.com/developer/article/1078507
- CVE-2022-29464 WSO2 API Manager任意文件上传漏洞
- 漏洞影响版本:WSO2 API Manager >= 2.2.0 | WSO2 Identity Server >= 5.2.0 | WSO2 Identity Server Analytics 5.4.0、5.4.1、5.5.0、5.6.0 | WSO2 Identity Server as Key Manager >= 5.3.0 | WSO2 Enterprise Integrator >= 6.2.0
- 漏洞介绍及修复建议:http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202204-3737
- POC/EXP:https://cn-sec.com/archives/931506.html
- 批量利用脚本:https://github.com/hakivvi/CVE-2022-29464
-
Jenkins 未授权远程代码执行漏洞
- 漏洞影响版本:全版本
- 漏洞介绍及修复建议:https://blog.51cto.com/u_12343119/5850959
- POC/EXP:https://blog.csdn.net/m0_49577923/article/details/121265159
-
CVE-2019-10392 Jenkins Git插件命令执行漏洞
- 漏洞影响版本:Jenkins Git client Plugin <= 2.8.4
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10392
- POC/EXP:https://blog.csdn.net/sycamorelg/article/details/117745553
-
CVE-2019-10352 Jenkins任意文件写入漏洞
- 漏洞影响版本:Jenkins <= 2.185 | Jenkins LTS <= 2.176.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10352
- POC/EXP:https://misakikata.github.io/2020/03/Jenkins%E6%BC%8F%E6%B4%9E%E9%9B%86%E5%90%88%E5%A4%8D%E7%8E%B0/
-
CVE-2019-1003029/CVE-2019-1003040 Jenkins Script Security Plugin沙箱绕过漏洞
- 漏洞影响版本:Jenkins Script Security Plugin <= 1.55
- 漏洞介绍及修复建议:https://blog.csdn.net/caiqiiqi/article/details/90563960
- POC/EXP:https://github.com/orangetw/awesome-jenkins-rce-2019
-
CVE-2019-1003005 Jenkins远程代码执行漏洞
- 漏洞影响版本:Jenkins Script Security Plugin <= 1.50
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1003005
- POC/EXP:https://github.com/orangetw/awesome-jenkins-rce-2019
-
CVE-2019-1003000 Jenkins远程代码执行漏洞(CVE-2019-1003000-Script Security | CVE-2019-1003001-Pipeline: Groovy | CVE-2019-1003002-Pipeline: Declarative)
- 漏洞影响版本:Jenkins Declarative <= 1.3.4 | Jenkins Pipeline:Groovy <= 2.61 | Jenkins Script Security <= 1.49
- 漏洞介绍及修复建议:https://misakikata.github.io/2020/03/Jenkins%E6%BC%8F%E6%B4%9E%E9%9B%86%E5%90%88%E5%A4%8D%E7%8E%B0/
- POC/EXP:https://github.com/adamyordan/cve-2019-1003000-jenkins-rce-poc
-
CVE-2019-10300 GitLab插件信息泄露漏洞
- 漏洞影响版本:Jenkins GitLab == 1.5.11
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-10300
- POC/EXP:https://talosintelligence.com/vulnerability_reports/TALOS-2019-0788
-
CVE-2018-1999002 Jenkins任意文件读取漏洞
- 漏洞影响版本:Jenkins weekly <= 2.132 |Jenkins LTS <= 2.121.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999002
- POC/EXP:https://misakikata.github.io/2020/03/Jenkins%E6%BC%8F%E6%B4%9E%E9%9B%86%E5%90%88%E5%A4%8D%E7%8E%B0/
-
CVE-2018-1000861 Jenkins远程命令执行漏洞
- 漏洞影响版本:Jenkins <= 2.153 | Jenkins <= LTS 2.138.3
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000861
- POC/EXP:https://www.cnblogs.com/cute-puli/p/15378440.html
- 批量利用脚本:https://github.com/orangetw/awesome-jenkins-rce-2019
-
CVE-2018-1000600 Jenkins GitHub信息泄露漏洞
- 漏洞影响版本:enkins GitHub < 1.29.1
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000600
- POC/EXP:https://misakikata.github.io/2020/03/Jenkins%E6%BC%8F%E6%B4%9E%E9%9B%86%E5%90%88%E5%A4%8D%E7%8E%B0/
-
CVE-2018-1000110 Jenkins Git Plugin信息泄露漏洞
- 漏洞影响版本:Jenkins Git Plugin <= 3.7.0
- 漏洞介绍及修复建议:https://avd.aliyun.com/detail?id=AVD-2018-1000110
- POC/EXP:https://misakikata.github.io/2020/03/Jenkins%E6%BC%8F%E6%B4%9E%E9%9B%86%E5%90%88%E5%A4%8D%E7%8E%B0/
-
CVE-2017-1000353 Jenkins-CI远程代码执行漏洞
- 漏洞影响版本:Jenkins <= 2.5 | Jenkins LTS <= 2.46.1
- 漏洞介绍及修复建议:https://blog.csdn.net/weixin_43486390/article/details/111358623
- POC/EXP:https://github.com/vulhub/CVE-2017-1000353
-
CVE-2016-9299 Jenkins未授权远程代码执行漏洞
- 漏洞影响版本:Jenkins LTS <= 1.625.1 | Jenkins <= 1.637
- 漏洞介绍及修复建议:https://mp.weixin.qq.com/s/1Ku3A7ixlyfk4EquHHr-kg?
- POC/EXP:http://www.hackdig.com/01/hack-42737.htm
-
CVE-2016-0792 低权限用户命令执行漏洞
- 漏洞影响版本:Jenkins < 1.650
- 漏洞介绍及修复建议:https://nvd.nist.gov/vuln/detail/CVE-2016-0792
- POC/EXP:https://www.exploit-db.com/exploits/42394
- 批量利用脚本:https://github.com/jpiechowka/jenkins-cve-2016-0792
-
CVE-2016-0788 Jenkins CI和LTS远程代码执行漏洞
- 漏洞影响版本:JenkinsCI < 1.650 | Jenkins LTS < 1.642.2
- 漏洞介绍及修复建议:https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-0788
- POC/EXP:https://blog.csdn.net/u011721501/article/details/78548997
- 批量利用脚本:https://github.com/foxglovesec/JavaUnserializeExploits/blob/master/jenkins.py
- CVE-2021-41277 Metabase信息泄露漏洞
- 漏洞影响版本:Metabase < 0.40.5 | 1.0.0 <= Metabase < 1.40.5
- 漏洞介绍及修复建议:https://developer.aliyun.com/article/824722
- POC/EXP:https://www.freebuf.com/vuls/306858.html