| .. | |||
| cnvd | Loading last commit info... | ||
| cve | |||
| exposures | |||
| fingerprinting | |||
| login/default-pwd | |||
| unauthorized | |||
| unreviewed | |||
| vulnerability | |||
| README.md | |||
README.md
afrog-pocs
POC,全称 Proof of Concept,指一段漏洞证明的说明或攻击样例
❤️POC 欢迎投递
cnvd
- 2020
- CNVD-2020-62422
- 2021
- CNVD-2021-09650
- ruijie-uac-cnvd-2021-14536
cve
- 2010
- jboss-cve-2010-1871
- 2014
- elasticsearch-cve-2014-3120
- 2015
- elasticsearch-cve-2015-1427
- elasticsearch-cve-2015-3337-lfi
- elasticsearch-cve-2015-5531
- CVE-2015-7450 (已删除)
- 2016
- CVE-2016-3088
- zabbix-cve-2016-10134-sqli
- 2017
- hikvision-cve-2017-7921
- CVE-2017-12149
- couchdb-cve-2017-12635
- weblogic-cve-2017-10271
- 2018
- CVE-2018-7490
- CVE-2018-8033
- CVE-2018-1000600
- CVE-2018-1000861
- CVE-2018-11759
- dedecms-cve-2018-6910
- 2019
- citrix-cve-2019-19781-path-traversal
- solr-cve-2019-0193
- dlink-cve-2019-17506
- dlink-cve-2019-16920-rce
- CVE-2019-10758
- jira-cve-2019-8442
- jira-cve-2019-8449
- jira-cve-2019-11581
- jira-ssrf-cve-2019-8451
- weblogic-cve-2019-2725
- weblogic-cve-2019-2729
- 2020
- CVE-2020-26413
- dlink-cve-2020-9376-dump-credentials
- dlink-cve-2020-25078-account-disclosure
- apache-kylin-unauth-cve-2020-13937
- jira-cve-2020-14179
- jira-cve-2020-14181
- kong-cve-2020-11710-unauth
- solarwinds-cve-2020-10148
- weblogic-cve-2020-14750
- CVE-2020-28185
- 2021
- CVE-2021-41773
- CVE-2021-22214
- CVE-2021-22205
- CVE-2021-33044(未验证)
- CVE-2021-36749
- CVE-2021-44228(未验证)
- CVE-2021-36260
- CVE-2021-40438
- CVE-2021-29490
- CVE-2020-28188
- CVE-2021-27905 -2022
- CVE-2022-24990
- Spring-Cloud-Gateway-Code-Injection-CVE-2022-22947
- CVE-2022-23131
- CVE-2022-24112(未验证)
- CVE-2022-23134
- CVE-2022-23178(未验证)
- CVE-2022-24124
- CVE-2022-24260(未验证)
- CVE-2022-25369(未验证)
- CVE-2022-25568
exposures 信息泄露
- alibaba-canal-info-leak
- phpinfo
- ruijie-eg-info-leak
- avtech-dvr-exposure
- directory-display
fingerprinting 指纹识别
- swagger-api
- dahua(未验证)
- dlink-web
- wayos
- atlassian-jira
- shiro
- thinkphp
- gitlab
- jenkins-api-panel
- jenkins-login
- emessage-panel
- openerp-database
- utt-panel
- terramaster-login
- CVE-2020-15568
- CVE-2020-28187
- zabbix-server-login
- apache-dubbo-detect
- jupyter-notebook-tech
- kubernetes-dashboard
- kubernetes-resource-report
- kubernetes-metrics
- kubernetes-enterprise-manager
- kubernetes-mirantis
- kubernetes-version
- azure-kubernetes-service
- weblogic-login
- activemq-panel
- avtech-avn801-camera-panel
- directadmin-login-panel
- public-tomcat-manager
- apache-apisix-panel
- upupw-tz
- huawei-hg532e-panel
- grafana-detect
login 登录
- default-pwd 默认密码
- grafana-default-password
- minio-default-password
- datang-ac-default-password-cnvd-2021-04128
- dlink-default-password
- wayos-default-password
- openerp-default-password
- utt-default-password
- gitlab-weak-login
- activemq-default-password
- alibaba-canal-default-password
- zabbix-default-password
- hikvision-intercom-service-default-password
- apache-ambari-default-password
- rabbitmq-default-password
- weblogic-weak-login
unauthorized 未授权访问
- springboot-actuator-unauth
- druid-monitor-unauth
- elasticsearch-unauth
- zabbix-authentication-bypass
- alibaba-nacos-v1-auth-bypass
- jboss-unauth
- apache-nifi-api-unauthorized-access
- apache-storm-unauth
- apache-storm-unauthorized-access
- jenkins-unauthorized-access
- zabbix-dashboards-access
- jira-unauthenticated-resolutions
- jira-unauthenticated-screens
- jira-unauthenticated-user-picker
- jira-unauthenticated-dashboards
- jira-unauthenticated-installed-gadgets
- jira-unauthenticated-projectcategories
- jira-unauthenticated-adminprojects
- jira-unauthenticated-projects
- jira-service-desk-signup
- couchdb-unauth
- docker-api-unauthorized
- docker-registry-api-unauth
- hadoop-yarn-unauth
- jupyter-notebook-unauthorized-access
- kubernetes-unauth
- spark-api-unauth
- spark-webui-unauth
- unauthorized-hp-officepro-printer
- jeecg-boot-unauth
vulnerability 漏洞
- landray-oa-custom-jsp-fileread
- yonyou-nc-bsh-servlet-bshservlet-rce
- springboot-h2-db-rce
- huijietong-cloud-fileread
- ruijie-eg-cli-rce
- ruijie-eg-file-read
- dlink-850l-info-leak
- dlink-dsl-2888a-rce
- sangfor-ba-rce
- sangfor-edr-cssp-rce
- sangfor-edr-tool-rce
- sangfor-edr-arbitrary-admin-login
- hikvision-info-leak
- seeyon-a6-employee-info-leak
- seeyon-ajax-unauthorized-access
- seeyon-oa-cookie-leak
- seeyon-session-leak
- seeyon-wooyun-2015-0108235-sqli
- seeyon-wooyun-2015-148227
- apache-flink-upload-rce
- dahua-dss-file-read
- ruijie-smartweb-password-disclosure
- thinkphp-2-rce
- thinkphp-501-rce
- thinkphp-509-information-disclosure
- thinkphp-5022-rce
- thinkphp-v6-file-write
- thinkphp-5023-rce
- couchdb-adminparty
- solr-velocity-template-rce
- solr-fileread
- solr-admin-query
- weblogic-ssrf
- e-cology-getsqldata-sql-inject
- e-cology-arbitrary-file-upload
- e-cology-filedownload-directory-traversal
- e-cology-javabeanshell-rce
- e-cology-springframework-directory-traversal
- e-cology-syncuserinfo-sqli
- e-cology-v8-sqli
- e-cology-validate-sqli
- e-cology-workflowcentertreedata-sqli
- e-office-mysql-config-leak
- e-bridge-saveyzjfile-file-read
- dedecms-url-redirection
- targa-camera-lfi
- egroupware-rce
- grafana-file-read
- unifi-network-log4j-rce