crash.software
Projects
Pull Requests
Issues
Builds
afrog
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY afrog Files
🤬
v1.3.5
ROOT /
POCLIST.md
626 lines | UTF-8 | 34 KB

新增 PoC

[CNVD-2020-62853] 360 天擎终端安全管理系统越权访问漏洞
[CNVD-2020-73282] 佑友防火墙弱口令
[CNVD-2021-32799] 天擎终端安全管理系统前台 SQL 注入漏洞
[CNVD-2021-39067] H3C IMC dynamiccontent.properties.xhtm 远程命令执行
[CVE-2007-4556] OpenSymphony XWork/Apache Struts2 - Remote Code Execution S2-001
[CVE-2012-0392] Apache Struts2 S2-008 RCE
[CVE-2013-1965] Apache Struts2 S2-012 RCE
[CVE-2017-12611] Apache Struts2 S2-053 - Remote Code Execution
[CVE-2017-16894] Laravel .env 配置文件泄露
[CVE-2017-5638] Apache Struts 2 - Remote Command Execution S2-045 S2-046
[CVE-2017-8229] Amcrest IP Camera Web Sha1Account1 账号密码泄漏漏洞
[CVE-2018-11776] Apache Struts2 S2-057 - Remote Code Execution
[CVE-2018-1273] Spring Data Commons - Remote Code Execution
[CVE-2018-8715] AppWeb Authentication Bypass vulnerability
[CVE-2019-0230] Apache Struts <=2.5.20 - Remote Code Execution S2-059
[CVE-2019-5418] Rails File Content Disclosure
[CVE-2020-11738] WordPress Duplicator plugin Directory Traversal
[CVE-2020-11991] Apache Cocoon 2.1.12 XML Injection
[CVE-2020-17530] Apache Struts 2.0.0-2.5.25 - Remote Code Execution S2-061
[CVE-2021-1497] Cisco HyperFlex HX Data Platform - Remote Command Execution
[CVE-2021-1499] Cisco HyperFlex HX Data Platform - File Upload Vulnerability
[CVE-2021-30461] VoipMonitor <24.61 - Remote Code Execution
[CVE-2021-3297] Zyxel NBG2105 V1.00(AAGU.2)C0 - Authentication Bypass
[CVE-2021-41381] Payara Micro Community 5.2021.6 Directory Traversal
[CVE-2021-42013] Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution
[CVE-2022-22965] Spring Framework RCE JDK 9+
[CVE-2022-30525] Zyxel Firewall - OS Command Injection
[hue-login-panel] Cloudera Hue Login Panel
[appex-lotwan-login-panel] 华夏创新 LotWan广域网优化系统
[phpmyadmin-panel] phpMyAdmin Panel
[acti-video-read-file] ACTI 视频监控 images 任意文件读取漏洞
[bohuangwanglong-cmd-php-rce] 博华网龙防火墙 cmd.php 远程命令执行漏洞(OEM)
[bohuawanglong-users-xml-password-leak] 博华网龙防火墙 users.xml 未授权访问
[byzoro-smart-importhtml-rce.yaml] 百卓 Smart importhtml.php 远程命令执行漏洞
[clickhouse-api-sql-unauth] ClickHouse API 数据库接口未授权访问漏洞
[dlink-sharecenter-dns-320-rce] D-Link ShareCenter DNS-320 system_mgr.cgi 远程命令执行漏洞
[e-office-v10-sql-inject] 泛微 eoffice v10 前台 SQL 注入
[eyou-mail-moni-detail-rce] 亿邮电子邮件系统 moni_detail.do 远程命令执行漏洞
[feiyuxing-info-leak] 飞鱼星 企业级智能上网行为管理系统 权限绕过信息泄露漏洞
[flix-ax8-download-read-file] FLIR-AX8 download.php 任意文件下载
[mpsec-isg1000-file-read] 迈普 ISG1000安全网关 sys_dia_data_down 任意文件下载漏洞
[haofeng-firewall-setdomain-unauth] 皓峰防火墙 setdomain.php 越权访问漏洞
[hikvision-gateway-data-file-read] HIKVISION 视频编码设备接入网关 $DATA 任意文件读取
[hikvision-showfile-file-read] HIKVISION 视频编码设备接入网关 showFile.php 任意文件下载漏洞
[huiwen-book-config-properties-info-leak] 汇文 图书馆书目检索系统 config.properties 信息泄漏漏洞
[ikuai-login-panel] iKuai 登录爱快流控路由登录页面
[kedacom-gateway-file-read] KEDACOM数字系统接入网关 任意文件读取漏洞
[kedacom-mts-file-read] 科达 MTS转码服务器 任意文件读取漏洞
[kingsoft-v8-get-file-content-file-read] 金山 V8 终端安全系统 get_file_content.php 任意文件读取漏洞
[kyan-network-license-php-rce] Kyan 网络监控设备 license.php 远程命令执行漏洞
[kyan-network-module-php-rce] Kyan 网络监控设备 module.php 远程命令执行漏洞
[kyan-network-time-php-rce] Kyan 网络监控设备 time.php 远程命令执行漏洞
[magicflow-main-xp-file-read] MagicFlow 防火墙网关 main.xp 任意文件读取漏洞
[maike-ras-cookie-bypass] 科迈 RAS系统 Cookie验证越权漏洞
[msa-gateway-read-file] MSA 互联网管理网关 msa 任意文件下载漏洞
[netmizer-log-management-cmd-php-rce] NetMizer 日志管理系统 cmd.php 远程命令执行漏洞
[netmizer-log-management-data-directory-traversal] NetMizer 日志管理系统 data 目录遍历漏洞
[netpower-download-php-file-read] 中科网威 下一代防火墙控制系统 download.php 任意文件读取漏洞
[php-zerodium-backdoor] PHP zerodium后门漏洞
[phpmyadmin-misconfiguration] Sensitive data exposure
[phpmyadmin-server-import] PhpMyAdmin Server Import
[phpmyadmin-setup] Publicly Accessible Phpmyadmin Setup
[sapido-router-rce] Sapido 多款路由器 远程命令执行漏洞
[selea-targa-camera-read-file] Selea OCR-ANPR摄像机 get_file.php 任意文件读取漏洞
[tenda-11n-cookie-unauth-access] Tenda 11N无线路由器 Cookie 越权访问漏洞
[tenda-w15e-routercfm-cfg-config-leak] Tenda W15E企业级路由器 RouterCfm.cfg 配置文件泄漏漏洞
[wholeton-vpn-info-leak] 惠尔顿 e地通 config.xml 信息泄漏漏洞
[wisegiga-nas-down-data-php-file-read] WiseGiga NAS down_data.php 任意文件下载漏洞
[wisegiga-nas-group-php-rce] WiseGiga NAS group.php 远程命令执行漏洞

已内置 PoC

[activemq-panel] Apache ActiveMQ Panel
[adminer-panel] Adminer Login Panel
[apisix-panel] Apache APISIX Login Panel
[avtech-avn801-camera-panel] Avtech AVN801 Network Camera Panel Detect
[azure-kubernetes-service] Detect Azure Kubernetes Service
[directadmin-login-panel] DirectAdmin Login Panel Detect
[django-admin-panel] Python Django Admin Panel
[dlink-panel] DLink Panel
[dubbo-detect] Apache dubbo detect
[emessage-panel] Emessage Panel
[fanruanoa-detect] FanRuanOA-detect
[fckeditor] Fckeditor Detect
[gitlab-panel] GitLab Panel
[grafana-panel] Grafana Panel
[huawei-hg532e-panel] Huawei HG532e Detection
[javamelody-detect] JavaMelody Monitoring Exposed
[jenkins-api-panel] Jenkins API Instance Detection Template
[jenkins-login] Jenkins Login Detected
[jira-panel] Jira Panel
[jupyter-notebook-tech] jupyter-notebook-tech
[kubernetes-dashboard] Kubernetes Console Exposure
[kubernetes-enterprise-manager] Detect Kubernetes Enterprise Manager
[kubernetes-metrics] Detect Kubernetes Exposed Metrics
[kubernetes-mirantis] Detect Mirantis Kubernetes Engine
[kubernetes-resource-report] Detect Overview Kubernetes Resource Report
[kubernetes-version] Kubernetes Version Exposure
[landrayoa-panel] LandrayOA Panel Login
[microsoft-exchange-panel] Microsoft Exchange Control Panel
[minio-browser] MinIO Browser
[minio-console] MinIO Console
[mongodb-ops-manager] MongoDB Ops Manager
[openerp-database] OpenERP database instances
[phpmyadmin-panel] phpMyAdmin Panel
[rabbitmq-dashboard] RabbitMQ Dashboard
[rocketmq-console-exposur] Apache RocketMQ Console Exposure
[shiro-detect] Shiro detect
[solarwinds-orion] SolarWinds Orion Panel
[sonicwall-management-panel] SonicWall Management Panel
[sonicwall-sslvpn-panel] SonicWall Virtual Office SSLVPN Panel
[swagger-disclosure] Public Swagger API Desclosure
[terramaster-panel] TerraMaster Login Panel
[thinkphp-detect] ThinkPHP detect
[tomcat-detect] Apache Tomcat Detect
[upupw-tz panel] UPUPW-PHP 探针
[utt-panel] UTT 艾泰网络管理系统
[wayos-panel] WAYOS-智能路由管理系统
[weblogic-panel] Weblogic Login Panel
[wordpress-login] WordPress login
[zabbix-panel] Zabbix Login Panel
[zentao-detect] Zentao detect
[alibaba-canal-info-leak] Alibaba Canal Information Leak
[aspcms-backend-leak] ASPCMS Backend Leak
[avtech-dvr-exposure] Avtech AVC798HA DVR Information Exposure
[avtech-password-disclosure] AVTECH 视频监控设备认证绕过
[dlink-850l-info-leak] Dlink 850l Information Disclosure
[e-office-mysql-config-leak] 泛微OA E-Office mysql_config.ini 数据库信息泄漏
[go-pprof-leak] go-pprof-leak
[hadoop-disclosure] Apache Hadoop Disclosure
[hikvision-info-leak] hikvision-info-leak
[hjtcloud-directory-file-leak] Hjtcloud Directory File Leak
[huawei-dg8045-home-gateway-exposures] Huawei DG8045 deviceinfo 信息泄漏漏洞
[kyan-network-monitoring-account-password-leakage] Kyan Network Monitoring Account Password Leakage
[laravel-debug-info-leak] Laravel Debug Info Leak
[nsfocus-uts-password-leak] Nsfocus uts password leak
[openvpn-monitor-disclosure] OpenVPN Monitor Disclosure
[phpinfo-disclosure] phpinfo Disclosure
[ruijie-eg-info-leak] Ruijie EG Information Disaclosure
[ruijie-nbr1300g-cli-password-leak] ruijie-nbr1300g-cli-password-leak
[ruijie-smartweb-password-disclosure] Ruijie smartweb password information disclosure
[seeyon-a6-employee-info-leak] seeyon-a6-employee-info-leak
[seeyon-oa-cookie-leak] seeyon-oa-cookie-leak
[seeyon-session-leak] seeyon-session-leak
[thinkphp-509-information-disclosure] ThinkPHP 5.0.9 Information Disclosure
[tianqing-info-leak] 天擎 Info Leak
[airflow-unauth] Airflow Unauth
[bt742-pma-unauthorized-access] BT742 PMA Unauthorized Access
[couchdb-unauthorized] CouchDB Unauthorized
[druid-monitor-unauth] Druid Monitor Unauth
[elasticsearch-unauth] Elasticsearch Unauth
[etcd-unauth] ETCD Unauth
[frp-dashboard-unauth] frp dashboard unauth
[h2-database-web-console-unauthorized-access] H2 Database Web Console Unauthorized Access
[hadoop-yarn-unauth] Hadoop Yarn Unauth
[hp-officepro-printer-unauthorized] HP office pro printer Unauthorized
[influxdb-unauth] Influxdb Unauth
[jboss-unauth] JBoss Unauth
[jeecg-boot-unauth] Jeecg Boot Unauth
[jenkins-unauthorized-access] jenkins-unauthorized-access
[jira-service-desk-signup] Jira Service Desk Signup
[jira-unauthenticated-adminprojects] Jira Unauthenticated Admin Projects
[jira-unauthenticated-dashboards] Jira Unauthenticated Dashboards
[jira-unauthenticated-installed-gadgets] Jira Unauthenticated Installed gadgets
[jira-unauthenticated-projectcategories] Jira Unauthenticated Project Categories
[jira-unauthenticated-projects] Jira Unauthenticated Projects
[jira-unauthenticated-resolutions] Jira Unauthenticated Resolutions
[jira-unauthenticated-screens] Jira Unauthenticated Access to screens
[jira-unauthenticated-user-picker] Jira Unauthenticated User Picker
[jupyter-notebook-unauthorized-access] Jupyter Notebook Unauthorized Access
[kafka-manager-unauth] Kafka Manager Unauth
[kibana-unauth] Kibana Unauth
[kubernetes-unauth] kubernetes Unauth
[nacos-v1-auth-bypass] Alibaba Nacos V1 Auth Bypass
[nifi-api-unauthorized-access] Apache Nifi Api Unauthorized Access
[pyspider-unauthorized-access] Pyspider Unauthorized Access
[qizhi-fortressaircraft-unauthorized] qizhi fortressaircraft unauthorized
[ruoyi-cms-unauth] 若依管理系统未授权访问
[seeyon-ajax-unauthorized-access] seeyon-ajax-unauthorized-access
[spark-api-unauth] spark Api Unauth
[spark-webui-unauth] Spark WebUI Unauthenticated
[springboot-actuator-unauth] Springboot Actuator Unauth
[storm-unauthorized-access] Apache Storm Unauthorized Access
[tensorboard-unauth] Tensorboard Unauth
[tongda-meeting-unauth] Tongda Meeting Unauthorized Access
[zabbix-authentication-bypass] Zabbix authentication Bypass
[zabbix-dashboards-access] Zabbix Dashboards Access
[activemq-default-password] ActiveMQ Default Password
[alibaba-canal-default-password] Alibaba Canal Default Password
[ambari-default-password] Apache Ambari Default Password
[aolynk-br304-default-password] 华为Aolynk BR304+ 智能安全路由器默认口令
[arl-default-password] ARL Default Login
[axis2-default-password] Axis2 Default Login
[azkaban-default-password] Azkaban Web Client Default Credential
[chinaunicom-default-login] China Unicom Modem Default Login
[datang-ac-default-password-CNVD-2021-04128] datang-ac-default-password-CNVD-2021-04128
[dell-idrac9-default-password] DELL iDRAC9 Default Login
[dlink-default-password] DLink Default Password
[dubbo-admin-default-password] Dubbo Admin Default Password
[exacqvision-default-password] ExacqVision Default Login
[gitlab-weak-login] Gitlab Default Login
[grafana-default-password] Grafana Default Password
[hikvision-intercom-service-default-password] Hikvision Intercom Service Default Password
[ibm-storage-default-password] IBM Storage Management Default Login
[jenkins-default-pwd] Jenkins Default Password
[jinher-oa-c6-default-password] Jinher OA C6 Default Password
[jmx-default-password] JBoss JMX Console Weak Credential
[kafka-center-default-password] Apache Kafka Center Default Password
[kingsoft-v8-default-password] Kingsoft V8 Default Password
[minio-default-password] Minio Default Password
[mofi4500-default-password] MOFI4500-4GXeLTE-V2 Default Login
[netentsec-icg-default-password] Netentsec Icg Default Password
[nexus-default-password] Nexus Default Password
[nps-default-password] Nps Default Password
[nsicg-default-password] Nsicg Default Password
[ofbiz-default-password] Apache OfBiz Default Login
[openerp-default-password] Openerp Default Password
[oracle-business-intelligence-password] Oracle Business Intelligence Default Login
[panabit-gateway-default-password] Panabit Gateway Default Password
[panabit-ixcache-default-password] Panabit Ixcache Default Password
[rabbitmq-default-password] RabbitMQ Default Password
[rancher-default-password] Rancher Default Login
[ricoh-weak-password] Ricoh Weak Password
[rockmongo-default-password] Rockmongo Default Password
[rseenet-default-password] Advantech R-SeeNet Default Login
[secnet-ac-default-password] Secnet AC Default Password
[seeddms-default-password] SeedDMS Default Credential
[showdoc-default-password] Showdoc Default Password
[spectracom-default-password] Spectracom Default Login
[telecom-gateway-default-password] Telecom Gateway Default Password
[tomcat-default-login] Apahce Tomcat Manager Default Login
[trilithic-viewpoint-default-password] Trilithic Viewpoint Default Login
[utt-default-password] utt-default-password
[versa-default-password] Versa Networks SD-WAN Application Default Login
[wayos-default-password] wayos-default-password
[weblogic-weak-login] WebLogic Default Login
[xerox7-default-password] Xerox WorkCentre 7xxx - Default Login
[zabbix-default-password] Zabbix Default Password
[amtt-hiboss-server-ping-rce] Amtt hiboss Server Ping RCE
[anyproxy-directory-traveral] Anyproxy 目录穿越导致任意文件读取
[cacti-weathermap-file-write] Cacti Weathermap File Write
[consul-rexec-rce] Consul rexec RCE
[consul-service-rce] Consul Service RCE
[couchdb-adminparty] CouchDB Admin Party
[dahua-dss-file-read] 大华 城市安防监控系统平台管理 attachment_downloadByUrlAtt.action 任意文件下载漏洞
[dedecms-carbuyaction-fileinclude] DEDECMS Carbuyaction File Include
[dedecms-guestbook-sqli] DEDECMS Guestbook sqli
[dedecms-membergroup-sqli] DEDECMS Membergroup sqli
[dedecms-url-redirection] DedeCMS URL Redirection
[discuz-v72-sqli] Discuz V72 sqli
[discuz-wechat-plugins-unauth] Discuz Wechat Plugins Unauth
[dlink-dsl-2888a-rce] Dlink dsl 2888a rce
[docker-registry] Docker Registry Listing
[docker-remote-api] Docker Remote API
[dockercfg-config] Detect .dockercfg
[dotnetcms-sqli] DotnetCMS sqli
[duomicms-sqli] Duomicms sqli
[e-bridge-saveyzjfile-file-read] 泛微OA E-Bridge saveYZJFile 任意文件读取
[e-cology-arbitrary-file-upload] Ecology arbitrary file upload
[e-cology-e-office-officeserver-file-read] 泛微OA E-Office officeserver.php 任意文件读取漏洞
[e-cology-filedownload-directory-traversal] ecology filedownload directory traversal
[e-cology-getsqldata-sql-inject] 泛微OA E-Cology getSqlData SQL注入漏洞
[e-cology-springframework-directory-traversal] ecology springframework directory traversal
[e-cology-syncuserinfo-sqli] ecology syncuserinfo sqli
[e-cology-v8-sqli] ecology v8 sqli
[e-cology-validate-sqli] ecology validate sqli
[e-cology-workflowcentertreedata-sqli] ecology workflow center tree data sqli
[ecshop-collection-list-sqli] ECshop Collection List sqli
[ecshop-rce] ECshop RCE
[egroupware-rce] eGroupWare spellchecker.php 远程命令执行
[etouch-v2-sqli] ETouch v2 sqli
[fangweicms-sqli] FangweiCMS sqli
[fanruan-oa-v9-designsavevg-upload-file] 帆软报表 V9 design_save_svg 任意文件覆盖文件上传
[fastjson-1-2-24-rce] Fastjson 1.2.24 Deserialization RCE
[fastjson-1-2-41-rce] Fastjson 1.2.41 Deserialization RCE
[fastjson-1-2-42-rce] Fastjson 1.2.42 Deserialization RCE
[fastjson-1-2-43-rce] Fastjson 1.2.43 Deserialization RCE
[fastjson-1-2-47-rce] Fastjson 1.2.47 Deserialization RCE
[fastjson-1-2-62-rce] Fastjson 1.2.62 Deserialization RCE
[fastjson-1-2-67-rce] Fastjson 1.2.67 Deserialization RCE
[fastjson-1-2-68-rce] Fastjson 1.2.68 Deserialization RCE
[feifeicms-lfr] FeiFeiCMS lfr
[finecms-sqli] FineCMS sqli
[finereport-directory-traversal] Finereport Directory Traversal
[flink-unauth-rce] Apache Flink Unauth RCE
[grafana-file-read] Grafana v8.x Arbitrary File Read
[h3c-imc-rce] H3C imc RCE
[h3c-secparh-any-user-login] H3C Secparh Any User Login
[hanming-video-conferencing-file-read] Hanming Video Conferencing File Read
[hjtcloud-arbitrary-fileread] HjtCloud Arbitrary File Read
[huawei-home-gateway-hg659-fileread] Huawei Home Gateway Hg659 Fileread
[huijietong-cloud-fileread] Huijietong Cloud File Read
[iis-put-getshell] IIS Put Getshell
[ioffice-oa-iofileexport-read-file] 红帆OA ioFileExport.aspx 任意文件读取漏洞
[jeewms-showordownbyurl-fileread] Jeewms Showordownbyurl fileread
[jinher-oa-c6-download-file-read] 金和OA C6 download.jsp 任意文件读取漏洞
[joomla-component-vreview-sql] Joomla Component Vreview sql
[jumpserver-unauth-rce] Jumpserver Unauth RCE
[kingdee-eas-directory-traversal] Kingdee EAS Directory Traversal
[kingsoft-v8-file-read] Kingsoft V8 File Read
[kingsoft-v8-rce] 金山 V8 终端安全系统 pdf_maker.php 命令执行漏洞
[landray-oa-admin-do-jndi-rce] 蓝凌OA admin.do JNDI远程命令执行
[landray-oa-custom-jsp-fileread] landray-oa-custom-jsp-fileread
[landray-oa-syssearchmain-rce] 蓝凌OA sysSearchMain.do 远程命令执行
[laravel-improper-webdir] Laravel Improper Webdir
[maccms-rce] Maccms RCE
[maccmsv10-backdoor] Maccmsv10 Backdoor
[metinfo-file-read] Metinfo file read
[mpsec-isg1000-file-read] Mpsec isg1000 file read
[msvod-sqli] msvod sqli
[myucms-lfr] myucms lfr
[natshell-arbitrary-file-read] Natshell Arbitrary File Read
[netentsec-ngfw-rce] Netentsec Ngfw RCE
[ns-asg-file-read] Ns Asg file read
[nuuo-file-inclusion] Nuuo file inclusion
[oa8000-workflowservice-sql-inject] 华天动力OA 8000版 workFlowService SQL注入漏洞
[odoo-file-read] Odoo file read
[pbootcms-database-file-download] Pbootcms Database File Download
[phpmyadmin-setup-deserialization] Phpmyadmin Setup Deserialization
[phpok-sqli] phpok sqli
[phpshe-sqli] phpshe sqli
[phpstudy-backdoor-rce] Phpstudy backdoor rce
[phpstudy-nginx-wrong-resolve] Phpstudy Nginx Wrong Resolve
[powercreator-arbitrary-file-upload] Powercreator Arbitrary file upload
[qibocms-sqli] qibocms sqli
[qilin-bastion-host-rce] qilin bastion host rce
[resin-inputfile-fileread-or-ssrf] resin inputfile fileread
[resin-viewfile-fileread] resin viewfile fileread
[ruijie-eg-cli-rce] ruijie-eg-cli-rce
[ruijie-eg-file-read] ruijie-eg-file-read
[ruoyi-management-fileread] Ruoyi Management Fileread
[samsung-wea453e-default-pwd] Samsung Wea453e Default Password
[samsung-wea453e-rce] Samsung Wea453e RCE
[samsung-wlan-ap-wea453e-rce] Samsung Wlan AP Wea453e RCE
[sangfor-ba-rce] sangfor-ba-rce
[sangfor-edr-arbitrary-admin-login] sangfor-edr-arbitrary-admin-login
[sangfor-edr-cssp-rce] sangfor-edr-cssp-rce
[sangfor-edr-tool-rce] sangfor-edr-tool-rce
[seacms-before-v992-rce] Seacms Before V992 RCE
[seacms-rce] SeaCMS RCE
[seacms-sqli] SeaCMS sqli
[seacms-v654-rce] SeaCMS V654 RCE
[seacmsv645-command-exec] SeaCMS V645 RCE
[seeyon-a6-config-disclosure] 致远OA A6 config.jsp 敏感信息泄漏漏洞
[seeyon-a6-createmysql-disclosure] 致远OA A6 createMysql.jsp 数据库敏感信息泄露
[seeyon-a6-setextno-sql-inject] 致远OA A6 setextno.jsp SQL注入漏洞
[seeyon-a8-status-disclosure] 致远OA A8 status.jsp 信息泄露漏洞
[seeyon-session-upload-webshell] seeyon session upload webshell
[seeyon-wooyun-2015-0108235-sqli] seeyon wooyun 2015 0108235 sqli
[seeyon-wooyun-2015-148227] Seeyon WooYun LFR
[shiziyu-cms-apicontroller-sqli] shiziyu cms apicontroller sqli
[showdoc-uploadfile] Showdoc Uploadfile
[smartoa-emaildownload-file-read] 智明 SmartOA EmailDownload.ashx 任意文件下载漏洞
[solr-admin-query] Solr Admin Query Page
[solr-file-read] Apache Solr <= 8.8.1 Arbitrary File Read
[solr-log4j-rce] Apache Solr Log4j RCE
[sonicwall-ssl-vpn-rce] Sonicwall SSL VPN RCE
[spon-ip-intercom-file-read] Spon Ip Intercom File Read
[spon-ip-intercom-ping-rce] Spon Ip Intercom Ping RCE
[spring-cloud-function-spel-rce] Spring Cloud Function SPEL 远程命令执行漏洞
[springboot-h2-db-rce] Spring Boot H2 Database RCE
[tamronos-iptv-rce] Tamronos iptv rce
[targa-camera-lfi] Selea Targa IP OCR-ANPR Camera - Unauthenticated Directory Traversal
[thinkadmin-v6-readfile] Thinkadmin v6 readfile
[thinkcmf-lfi] Thinkcmf lfi
[thinkcmf-write-shell] Thinkcmf write shell
[thinkphp-2-rce] ThinkPHP 2 3 's' Parameter RCE
[thinkphp-501-rce] ThinkPHP 5.0.1 RCE
[thinkphp-5022-rce] ThinkPHP 5.0.22 RCE
[thinkphp-5023-rce] ThinkPHP 5.0.23 RCE
[thinkphp-v6-file-write] thinkphp-v6-file-write
[tongda-insert-sql-inject] 通达OA v11.6 insert SQL注入漏洞
[tongda-logincheck-code-getcookie] 通达OA v11.5 logincheck_code.php 登陆绕过漏洞
[tongda-path-traversal] Office Anywhere TongDa - Path Traversal
[tongda-report_bi-func-sql-inject] 通达OA v11.6 report_bi.func.php SQL注入漏洞
[tongda-swfupload-new-sql-inject] 通达OA v11.5 swfupload_new.php SQL注入漏洞
[tongda-user-session-disclosure] 通达OA User Session Disclosure
[tongda-v2014-disclosure] 通达OA v2014 get_contactlist.php 敏感信息泄漏漏洞
[tongda-v2017-uploadfile] 通达OA v2017 action_upload.php 任意文件上传漏洞
[tpshop-directory-traversal] Tpshop Directory Traversal
[tpshop-sqli] Tpshop sqli
[typecho-rce] Typecho rce
[unifi-network-log4j-rce] UniFi Network Log4j JNDI RCE
[vesystem-upload-file] 和信云桌面未授权任意文件上传
[vmware-vcenter-arbitrary-file-read] Vmware Vcenter Arbitrary file read
[vrealize-operations-log4j-rce] VMware vRealize Operations Tenant App Log4j JNDI Remote Code Execution
[wanhu-oa-download-ftp-file-read] 万户OA download_ftp.jsp 任意文件下载漏洞
[wanhu-oa-download-old-file-read] 万户OA download_old.jsp 任意文件下载漏洞
[wanhu-oa-downloadhttp-file-read] 万户OA downloadhttp.jsp 任意文件下载漏洞
[wanhu-oa-fileupload-controller-upload] 万户 OA Upload RCE
[wanhu-oa-smartupload-upload-file] 万户OA smartUpload.jsp 任意文件上传漏洞
[weblogic-ssrf] weblogic ssrf
[weiphp-path-traversal] Weiphp Path Traversal
[weiphp-sql] weiphp sql
[WOOYUN-2010-080723] Discuz Command Execution
[wordpress-ext-adaptive-images-lfi] Wordpress Ext Adaptive Images lfi
[wordpress-ext-mailpress-rce] Wordpress Ext Mailpress RCE
[wuzhicms-v410-sqli] WuzhiCMS V410 sqli
[xdcms-sql] Xdcms sql
[yapi-rce] Yapi RCE
[yccms-rce] YcCMS RCE
[yimi-oa-getfile-file-read] 一米OA getfile.jsp 任意文件读取漏洞
[yongyou-fe-templateoftaohong-manager-path-traversal] 用友 FE协作办公平台 templateOfTaohong_manager.jsp 目录遍历漏洞
[yongyou-u8-oa-sqli] Yongyou U8 OA sqli
[yonyou-grp-u8-sqli-to-rce] Yonyou Grp U8 sqli to rce
[yonyou-grp-u8-sqli] Yonyou Grp U8 sqli
[yonyou-nc-arbitrary-file-upload] Yonyou NC Arbitrary file upload
[yonyou-nc-bsh-servlet-bshservlet-rce] yonyou-nc-bsh-servlet-bshservlet-rce
[yungoucms-sqli] YungouCMS sqli
[zcms-v3-sqli] zcms v3 sqli
[zzcms-zsmanage-sqli] ZzCMS zsmanage sqli
[CNNVD-200705-315] Caucho Resin Information Disclosure
[CNNVD-201610-923] 用友 GRP-U8 Proxy SQL注入
[CNVD-2017-20077] Ueditor编辑器.net版本存在文件上传漏洞
[CNVD-2018-04757] 帆软报表 V8 get_geo_json 任意文件读取漏洞
[CNVD-2018-13393] Metinfo file read
[CNVD-2019-01348] Xiuno BBS CNVD-2019-01348
[CNVD-2019-16798] Coremail Information Disclosure
[CNVD-2019-22239] Discuz!ML 3.x 任意代码执行
[CNVD-2019-32204] 泛微OA E-Cology BshServlet 远程代码执行漏洞
[CNVD-2019-34135] Joomla configuration.php RCE
[CNVD-2020-23735] Xxunchi Local File read
[CNVD-2020-57264] e-zkeco-CNVD-2020-57264-read-file
[CNVD-2020-58823] ecshop-CNVD-2020-58823-sqli
[CNVD-2020-62422] 致远oa系统存在任意文件读取漏洞
[CNVD-2020-67113] H5S CONSOLE 存在未授权访问
[CNVD-2021-04128] Datang AC Default Password
[CNVD-2021-09650] 锐捷网络股份有限公司NBR路由器EWEB网管系统存在命令执行漏洞
[CNVD-2021-10543] EEA Information Disclosure
[CNVD-2021-14536] Ruijie RG-UAC Information Disclosure
[CNVD-2021-15822] ShopXO File Read
[CNVD-2021-15824] EmpireCMS DOM Cross Site-Scripting
[CNVD-2021-33202] 泛微OA E-Cology LoginSSO.jsp SQL注入漏洞
[CNVD-2021-39012] Wifisky Default Password
[CNVD-2021-49104] 泛微OA E-Office UploadFile.php 任意文件上传漏洞
[CVE-2010-1871] JBoss CVE-2010-1871
[CVE-2010-2861] Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI
[CVE-2012-1823] PHP CGI v5.3.12/5.4.2 RCE
[CVE-2013-2251] Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (S2-016)
[CVE-2014-3120] Elasticsearch CVE-2014-3120
[CVE-2014-3704] Drupal SQL Injection
[CVE-2014-6271] ShellShock - Remote Code Execution
[CVE-2015-1427] Elasticsearch CVE-2015-1427
[CVE-2015-3337] Elasticsearch CVE-2015-3337
[CVE-2015-5531] Elasticsearch CVE-2015-5531
[CVE-2015-7297] Joomla Core SQL Injection
[CVE-2015-8399] Atlassian Confluence configuration files read
[CVE-2016-10134] Zabbix CVE-2016-10134
[CVE-2016-3081] Apache S2-032 Struts RCE
[CVE-2016-3088] ActiveMQ Arbitrary File Write Vulnerability (CVE-2016-3088)
[CVE-2016-4977] Spring Security OAuth2 Remote Command Execution
[CVE-2017-1000028] GlassFish LFI
[CVE-2017-10271] WebLogic XMLDecoder 反序列化漏洞 CVE-2017-10271
[CVE-2017-11610] Supervisor XMLRPC Exec
[CVE-2017-12149] Java/Jboss Deserialization [RCE]
[CVE-2017-12615] Apache Tomcat RCE
[CVE-2017-12629] Apache Solr <= 7.1 XML entity injection
[CVE-2017-12635] CouchDB CVE-2017-12635
[CVE-2017-16877] Nextjs v2.4.1 LFI
[CVE-2017-5521] Bypassing Authentication on NETGEAR Routers
[CVE-2017-7504] JBoss 4.x JBossMQ JMS 反序列化漏洞
[CVE-2017-7921] Hikvision CVE-2017-7921
[CVE-2017-8917] Joomla SQL Injection
[CVE-2017-9791] Apache Struts2 S2-053 RCE
[CVE-2017-9841] phpunit rce
[CVE-2018-1000533] GitList < 0.6.0 RCE
[CVE-2018-1000600] Pre-auth Fully-responded SSRF
[CVE-2018-1000861] Jenkins 2.138 Remote Command Execution
[CVE-2018-10735] Nagios XI commandline.php SQL Inject
[CVE-2018-10736] Nagios XI SQL Inject
[CVE-2018-10737] Nagios XI SQL Inject
[CVE-2018-10738] Nagios XI before 5.4.13 SQL Inject
[CVE-2018-11686] FlexPaper PHP Publish Service RCE
[CVE-2018-11759] Apache Tomcat JK Status Manager Access
[CVE-2018-12613] PhpMyAdmin 4.8.1 Remote File Inclusion
[CVE-2018-13379] FortiOS - Credentials Disclosure
[CVE-2018-17246] Kibana Local File Inclusion
[CVE-2018-19127] PHPCMS 2008 Remote Code Execution
[CVE-2018-3760] Ruby On Rails Path Traversal
[CVE-2018-6605] Joomla Ext zhbaidumap sql inject
[CVE-2018-6910] DedeCMS 5.7 Web Path Disclosure
[CVE-2018-7314] Joomla SQL Inject
[CVE-2018-7490] uWSGI PHP Plugin Directory Traversal
[CVE-2018-7600] Drupal Drupalgeddon 2 RCE
[CVE-2018-7662] Couchcms 2.0 Dictionary Disclosure
[CVE-2018-7700] Dedecms V5.7 后台任意代码执行
[CVE-2018-8033] Apache OFBiz XXE
[CVE-2018-8770] Cobub Razor 0.8.0 Physical path Leakage Vulnerability
[CVE-2018-9995] DVR Authentication Bypass
[CNVD-2019-19299] 致远OA A8 htmlofficeservlet 任意文件上传漏洞
[CVE-2019-0193] Apache Solr Remote Code Execution
[CVE-2019-10758(unreviewed)] Mongo-Express Remote Code Execution - CVE-2019-10758
[CVE-2019-11510] Pulse Connect Secure SSL VPN Arbitrary File Read
[CVE-2019-11581] Jira 未授权服务端模板注入
[CVE-2019-12725] Zeroshell 3.9.0 Remote Command Execution
[CVE-2019-15107] Webmin <= 1.920 Unauthenticated Remote Command Execution
[CVE-2019-16097] Harbor Enables Privilege Escalation From Zero to admin
[CVE-2019-16278] Nostromo 1.9.6 - Remote Code Execution
[CVE-2019-16313] ifw8 Router ROM v4.31 Credential Discovery
[CVE-2019-16663] rConfig v3.9.2 RCE
[CVE-2019-16759] vBulletin v5.0.0-v5.5.4 Remote Command Execution
[CVE-2019-16920] D-Link Unauthenticated remote code
[CVE-2019-16996] Metinfo 7.0.0beta SQL Inject
[CVE-2019-16997] Metinfo sql inject
[CVE-2019-17418] Metinfo sql inject
[CVE-2019-17506] D-Link authentication
[CVE-2019-17558] Apache Solr Velocity Template RCE
[CVE-2019-18394] Openfire Full Read SSRF
[CVE-2019-19781] Citrix Application Delivery Controller (ADC) and Gateway Directory Traversal.
[CVE-2019-19985] WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
[CVE-2019-20085] TVT NVMS 1000 - Directory Traversal
[CVE-2019-20224] Pandora v7.0NG Post-auth Remote Code Execution
[CVE-2019-2725] Oracle WebLogic Remote Code Execution
[CVE-2019-2729] Oracle WebLogic Remote Code Execution
[CVE-2019-3396] Atlassian Confluence Path Traversal
[CVE-2019-3799] Spring Cloud Config Server Directory Traversal
[CVE-2019-5128] youphptube-encoder-cve-2019-5128
[CVE-2019-6340] Drupal 8 core RESTful Web Services RCE
[CVE-2019-7192] QNAP PhotoStation Unauthorizated File Read
[CVE-2019-7238] NEXUS < 3.14.0 Remote Code Execution
[CVE-2019-8442] Atlassian Jira webroot leak
[CVE-2019-8449] Jira Information Disclosure
[CVE-2019-8451] Jira SSRF
[CVE-2019-9670] Zimbra Collaboration XXE
[CVE-2020-10148] SolarWinds Orion Platform Authentication Bypass
[CVE-2020-10199] Nexus Repository before 3.21.2 allows JavaEL Injection
[CVE-2020-10204] Nexus Repository before 3.21.2 Remote Code Execution
[CVE-2020-11455] LimeSurvey 4.1.11 - Path Traversal
[CVE-2020-11710] Kong API Gateway Unauthorized
[CVE-2020-13937] Apache Kylin Exposed Configuration File
[CVE-2020-13945] Apache APISIX 默认密钥漏洞
[CVE-2020-14179] Jira Information Disclosure
[CVE-2020-14181] Jira Unauthorized User Enumeration
[CVE-2020-14750] Oracle Weblogic Remote Command Execution
[CVE-2020-15568] TerraMaster TOS v4.1.24 RCE
[CVE-2020-16846] SaltStack Shell Injection
[CVE-2020-17519] Apache Flink RESTful API Arbitrary File Read
[CVE-2020-21224] Inspur ClusterEngine V4.0 Remote Code Execution
[CVE-2020-24571] NexusDB v4.50.22 Path Traversal
[CVE-2020-25078] DLink Account Disclosure
[CVE-2020-26413] GitLab Information Disclosure
[CVE-2020-27986] SonarQube unauth
[CVE-2020-28185] TerraMaster TOS 用户枚举漏洞
[CVE-2020-28187] TerraMaster TOS 后台任意文件读取漏洞 CVE-2020-28187
[CVE-2020-28188] TerraMaster TOS Unauthenticated Remote Command Execution
[CVE-2020-3452] Cisco Read-Only Path Traversal
[CVE-2020-35476] OpenTSDB 2.4.0 Remote Code Execution
[CVE-2020-35736] GateOne Arbitrary File Download
[CVE-2020-5284] Next.js .next limited path traversal
[CVE-2020-5405] Spring Cloud Directory Traversal
[CVE-2020-5410] Spring Cloud Config Server Directory Traversal
[CVE-2020-5515] Gila CMS 1.11.8 SQL Injection.
[CVE-2020-5902] F5 BIG-IP TMUI RCE
[CVE-2020-7980] Satellian 1.12 Remote Code Execution
[CVE-2020-8191] citrix-cve-2020-8191-xss
[CVE-2020-8193] Citrix unauthenticated LFI
[CVE-2020-8209] Citrix XenMobile Server Path Traversal
[CVE-2020-8515] DrayTek pre-auth RCE
[CVE-2020-9376] DLink dir610 credentials dump
[CVE-2020-9483] SSkyWalking SQLI
[CVE-2020-9496] Apache OFBiz XML-RPC Java Deserialization
[CVE-2020-9757] SEOmatic < 3.3.0 Server-Side Template Injection
[CNVD-2021-42372] Finetree 5MP 摄像机 user_pop.php 任意用户添加漏洞
[CVE-2021-21234] Spring Boot Actuator Logview Directory Traversal
[CVE-2021-21402] Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read
[CVE-2021-21972] VMware vCenter Unauthenticated RCE
[CVE-2021-21975] vRealize Operations Manager API SSRF (VMWare Operations)
[CVE-2021-21985] VMware vSphere Client (HTML5) RCE
[CVE-2021-22205] Fingerprinting GitLab CE/EE Unauthenticated RCE using ExifTool - Passive Detection
[CVE-2021-22214] Unauthenticated Gitlab SSRF - CI Lint API
[CVE-2021-22986] F5 BIG-IP iControl REST unauthenticated RCE
[CVE-2021-25282] SaltStack Salt Unautherenticated Remote Command Execution
[CVE-2021-26084] Confluence Server OGNL injection - RCE
[CVE-2021-26085] Confluence Pre-Authorization Arbitrary File Read
[CVE-2021-26855] Microsoft Exchange Server SSRF Vulnerability
[CVE-2021-27905] Apache Solr <= 8.8.1 SSRF
[CVE-2021-28164] Jetty Authorization Before Parsing and Canonicalization
[CVE-2021-29622] Prometheus v2.23.0 to v2.26.0, and v2.27.0 Open Redirect
[CVE-2021-3019] Lanproxy Directory Traversal
[CVE-2021-3129] LARAVEL <= V8.4.2 DEBUG MODE - REMOTE CODE EXECUTION
[CVE-2021-31602] Pentahoa uthentication bypass
[CVE-2021-31805] Apache Struts2 S2-062 RCE
[CVE-2021-3223] Node RED Dashboard - Directory Traversal
[CVE-2021-33044] Dahua IPC/VTH/VTO devices Authentication Bypass
[CVE-2021-36260] Hikvision IP camera/NVR - Unauthenticated RCE
[CVE-2021-3654] noVNC Open Redirect
[CVE-2021-36749] Apache Druid Authentication Restrictions Bypass
[CVE-2021-37580] Apache ShenYu Admin JWT authentication bypass
[CVE-2021-40438] Apache <= 2.4.48 Mod_Proxy SSRF
[CVE-2021-41349] Microsoft Exchange Server Pre-Auth POST Based Reflected Cross-Site Scripting
[CVE-2021-41773] Apache 2.4.49 - Path Traversal and Remote Code Execution
[CVE-2021-43287] Pre-Auth Takeover of Build Pipelines in GoCD
[CVE-2021-43734] kkFileView getCorsFile 任意文件读取漏洞
[CVE-2021-44451] Apache Superset Default Password
[CVE-2021-46422] Telesquare SDT-CW3B1 admin.cgi 远程命令执行漏洞
[CVE-2022-0540] Atlassian Jira - Authentication bypass in Seraph
[CVE-2022-1388] F5 BIG-IP iControl REST Auth Bypass RCE
[CVE-2022-21371] Oracle WebLogic Server Local File Inclusion
[CVE-2022-22947] Spring Cloud Gateway Code Injection
[CVE-2022-22954] VMware Workspace ONE Access SSTI
[CVE-2022-23131] Zabbix - SAML SSO Authentication Bypass
[CVE-2022-23134] Zabbix Setup Configuration Authentication Bypass
[CVE-2022-23178] Crestron Device - Credentials Disclosure
[CVE-2022-24112] Apache APISIX apisix/batch-requests RCE
[CVE-2022-24124] Casdoor 1.13.0 - Unauthenticated SQL Injection
[CVE-2022-24260] VoipMonitor - Pre-Auth SQL Injection
[CVE-2022-24990] TerraMaster TOS 信息泄漏漏洞 CVE-2022-24990
[CVE-2022-25084] TOTOLink T6 V5.9c.4085_B20190428 Command Injection
[CVE-2022-25369] Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation
[CVE-2022-25568] MotionEye 视频监控组件 list 信息泄漏
[CVE-2022-26134] Atlassian Confluence OGNL注入漏洞
[CVE-2022-26352] DotCMS Arbitrary File Upload
[CVE-2022-29303] SolarView Compact conf_mail.php 远程命令执行漏洞
[CVE-2022-29464] WSO2 fileupload 任意文件上传漏洞
[CVE-2022-30525] Zyxel Firewall - OS Command Injection
[apache-ofbiz-log4j-rce] Apache OFBiz Log4j JNDI RCE
[mobileiron-log4j-jndi-rce] Ivanti MobileIron Log4J JNDI RCE
[springboot-log4j-rce] Spring Boot Log4j Remote Code Injection
[CVE-2022-22965] Spring Framework RCE JDK 9+
[CNVD-2020-62853] 360 天擎终端安全管理系统越权访问漏洞
[CNVD-2021-32799] 天擎终端安全管理系统前台 SQL 注入漏洞
[e-office-v10-sql-inject] 泛微 eoffice v10 前台 SQL 注入
Please wait...
Page is in error, reload to recover