2021hvv漏洞汇总

Overview

清单

披露时间 涉及商家/产品 漏洞描述
2021/04/08 启明星辰天清汉马USG防火墙存在逻辑缺陷漏洞(历史漏洞) CNVD-2021-17391 启明星辰 天清汉马USG防火墙 逻辑缺陷漏洞 CNVD-2021-12793
2021/04/08 禅道项目管理软件11.6 禅道 11.6 sql注入漏洞
2021/04/08 金山WPS(历史漏洞CVE-2020-25291) 通过点击触发WPS内置浏览器RCE 金山WPS存在远程堆损坏漏洞
2021/04/08 金山V8/V9终端安全系统 金山 V8 -V9 终端安全系统漏洞合集
2021/04/08 金山V8终端安全系统 金山 V8 终端安全系统 pdf_maker.php 命令执行漏洞
2021/04/08 天擎 天擎越权访问
2021/04/08 致远OA 致远OA ajax.do 任意文件上传漏洞
2021/04/08 致远OA 致远OA 前台getshell 复现 致远OA任意文件上传
2021/04/08 齐治堡垒机 存在命令执行漏洞,POC疑似已流出
2021/04/08 深信服EDR(历史漏洞) 深信服EDR远程命令执行 CNVD-2020-46552
2021/04/08 深信服VPN(历史漏洞) 深信服 SSL VPN 客户端远程文件下载
2021/04/08 jackson 存在反序列化漏洞,POC疑似已流出
2021/04/08 tomcat 存在反序列化命令执行漏洞,POC疑似已流出
2021/04/08 泛微OA9 泛微OA9前台任意文件上传
2021/04/08 泛微OA8 泛微OA8前台SQL注入
2021/04/08 CoreMail Coremail文件上传漏洞POC - 钓鱼
2021/04/08 用友NC6.5 用友NC反序列化 用友 NC 反序列化RCE漏洞
2021/04/08 dubbo 存在反序列化命令执行漏洞,POC疑似已流出
2021/04/08 Weblogic 某weblogic的T3反序列化0day分析 Weblogic T3 反序列化远程代码执行漏洞
2021/04/08 天擎 360天擎-前台sql注入
2021/04/08 和信创天云桌面全版本 和信创天云桌面命令执行 和信创天云桌面系统 远程命令执行 RCE漏洞
2021/04/08 红帆OA 存在任意文件写入漏洞,POC疑似已流出
2021/04/08 Exchange Microsoft Exchange Server远程执行代码漏洞
2021/04/08 Shiro 存在Nday漏洞,POC疑似已流出
2021/04/08 金蝶云K3Cloud全版本 存在命令执行漏洞,,POC疑似已流出
2021/04/08 用友U8Cloud版本 存在命令执行,POC疑似已流出
2021/04/08 H3C计算机管理平台2016年版本 H3C SecPath运维审计系统任意用户登录漏洞 18号获取详细信息
2021/04/08 帆软V9 帆软 V9getshell FineReport V9 帆软 V9 任意文件覆盖文件上传
2021/04/08 天眼 存在0day漏洞,POC疑似已流出
2021/04/08 默安蜜罐管理平台 默安蜜罐管理平台未授权问
2021/04/08 Jellyfin<10.7.1版本(历史漏洞) Jellyfin未授权任意文件读取 - CVE-2021-21402
2021/04/08 用友ERP-NC 存在目录遍历漏洞
2021/04/08 快排CMS 快排CMS 任意文件上传漏洞
2021/04/08 快排CMS 快排CMS 信息泄露漏洞
2021/04/08 快排CMS 快排CMS 后台XSS漏洞
2021/04/09 Apache Solr apache Solr 存在任意文件读取
2021/04/09 亿邮电子邮件系统 亿邮电子邮件系统 远程命令执行漏洞
2021/04/09 天融信DLP 天融信dlp-未授权+越权
221/04/09 奇安信VPN 奇安信VPN前台存在RCE
2021/04/09 DzzOffice≤2.02 DzzOffice最新版RCE(随机数问题)
2021/04/09 蓝凌OA 蓝凌oa任意文件写入
2021/04/09 蓝凌OA 蓝凌OA EKP 后台SQL注入漏洞 CNVD-2021-01363蓝凌OA EKP 后台SQL注入漏洞 CNVD-2021-01363
2021/04/09 致远OA 致远OA远程代码执行漏洞
2021/04/09 浪潮云ClusterEngineV4.0 浪潮 ClusterEngineV4.0 任意命令执行
2021/04/09 OneBlog≤V2.2.1 OneBolg远程命令执行OneBlog 小于v2.2.1 远程命令执行漏洞
2021/04/10 浪潮云ClusterEngineV4.0 浪潮ClusterEngineV4.0 sysShell 任意命令执行漏洞
2021/04/10 浪潮云ClusterEngineV4.0 浪潮ClusterEngineV4.0 任意用户登录漏洞
2021/04/10 齐治堡垒机 齐治堡垒机任意用户登录漏洞
2021/04/10 山终端安全系统 V8/V9 金山终端安全系统 V8/V9存在文件上传漏洞
2021/04/10 奇安信NS-NGFW 网康防火墙 奇安信 网康下一代防火墙 RCE
2021/04/10 云尚在线客服系统 存在任意文件上传
2021/04/10 泛微OA8 e-mobile 泛微OA  e-mobile4.0-6.6 SQL注入漏洞
2021/04/10 泛微OA8 e-mobile 泛微e-mobile 0day
2021/04/11 FOFA指纹 title="流媒体管理服务器" HIKVISION 流媒体管理服务器 后台任意文件读取漏洞 CNVD-2021-14544
2021/04/11 Fastjson 0day 疑似0day,视频确认存在
2021/04/11 Apache Solr Apache Solr 任意文件下载/SSRF POC
2021/04/12 Google Chrome≤89.0.4389.114 Chrome 远程代码执行0Day漏洞
2021/04/12 Nagios Network Analyzer Nagios Network Analyzer SQL 注入漏洞- CVE-2021-28925
2021/04/12 蓝凌OA 蓝凌OA密码重置漏洞
2021/04/12 瑞捷 锐捷RG-UAC统一上网行为管理审计系统存在账号密码信息泄露 锐捷 RG-UAC 统一上网行为管理审计系统 账户硬编码漏洞
2021/04/13 IBOS数据库模块 IBOS 数据库模块 任意文件上传漏洞
2021/04/13 PHP zerodium PHP zerodium后门漏洞
2021/04/13 迅雷 迅雷11存在二进制漏洞 - CNVD-2021-18274
2021/04/13 Apache Solr Apache Solr服务器端请求伪造漏洞 - CVE-2021-27905
2021/04/13 Apache Solr Apache Solr数据集读写漏洞 - CVE-2021-29943
2021/04/13 Apache Solr Apache Solr敏感信息泄漏漏洞 - CVE-2021-29262
2021/04/14 Apache OFBiz反序列化漏洞 Apache OFBiz RMI反序列化漏洞 CVE-2021-26295
2021/04/14 EMP平台 EMP平台任意文件上传漏洞
2021/04/14 JD-FreeFuck后台命令执行 JD-FreeFuck 后台命令执行漏洞
2021/04/14 Microsoft Exchange Microsoft Exchange Server远程执行代码漏洞
2021/04/14 天融信(历史漏洞) 天融信接入网关系统存在弱口令 - CNVD-2021-08407
2021/04/14 奇安信天擎终端安全管理系统 存在任意文件上传
2021/04/14 Google Chrome V8引擎 Google ChromeV8引擎远程代码执行0day漏洞
2021/04/15 通达OA 通达OA存在命令执行漏洞 - CNVD-2021-21890
2021/04/15 Joomla Joomla XSS漏洞
2021/04/15 TongWeb tongweb文件上传漏洞
2021/04/16 Weblogic Weblogic T3 反序列化远程代码执行漏洞
2021/04/16 微信 青藤捕获在野微信0day漏洞(chrome 0day利用)利用微信内置浏览器Chrome漏洞实现远控
2021/04/16 浪潮ERP 浪潮ERP系统远程代码执行漏洞
2021/04/17 深信服 深信服安全感知平台存在存储型跨站脚本漏洞
2021/04/17 泛微 泛微某系统疑似存在文件上传漏洞
2021/04/17 TP-COUPON TP-COUPON存在SQL注入漏洞 - CNVD-2021-21889
2021/04/18 小鱼易连视频会议系统 小鱼易连视频会议系统存在0day
2021/04/18 H3C SecPath运维审计系统 H3C SecPath运维审计系统任意用户登录漏洞
2021/04/18 Coremail Coremail 邮箱系统路径穿越漏洞
2021/04/20 微信 微信最新版本3.2.11.151 Google内核poc利用上线cs方式

Just 互联网的搬运工,来自某公众号,如有侵权及时和我联系

Owner
Keep learning,Stay foolish,Continue thinking.
DoSer.py - Simple DoSer in Python

DoSer.py - Simple DoSer in Python What is DoSer? DoSer is basically an HTTP Denial of Service attack that affects threaded servers. It works like this

8 Sep 02, 2022
AnonStress-Stored-XSS-Exploit - An exploit and demonstration on how to exploit a Stored XSS vulnerability in anonstress

AnonStress Stored XSS Exploit An exploit and demonstration on how to exploit a S

صلى الله على محمد وآله 3 Jun 22, 2022
Scan your logs for CVE-2021-44228 related activity and report the attackers

jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

js-on 2 Nov 24, 2022
macOS persistence tool

PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

Cyborg Security, Inc 212 Dec 29, 2022
Yet another web fuzzer

yafuzz Yet another web fuzzer Usage This script can run in two modes of operation. Supplying a wordlist -W argument will initiate a multithreaded fuzz

FooBallZ 5 Feb 02, 2022
Log4j-Scanner with Bind-Receipt and custom hostnames

Hrafna - Log4j-Scanner for the masses Features Scanning-system designed to check your own infra for vulnerable log4j-installations start and stop scan

18 Jan 23, 2022
Uma ferramenta de segurança da informação escrita em python3,capaz de dar acesso total ao computador de alguém!

shell-reverse Uma ferramenta de segurança da informação escrita em python3, capaz de dar acesso total ao computador de alguém! A cybersecurity tool wr

Marcus Vinícius Ribeiro Andrade 1 Nov 03, 2021
SonicWall SMA-100 Unauth RCE Exploit (CVE-2021-20038)

Bad Blood Bad Blood is an exploit for CVE-2021-20038, a stack-based buffer overflow in the httpd binary of SMA-100 series systems using firmware versi

Jake Baines 80 Dec 29, 2022
Searches through git repositories for high entropy strings and secrets, digging deep into commit history

truffleHog Searches through git repositories for secrets, digging deep into commit history and branches. This is effective at finding secrets accident

Truffle Security 10.1k Jan 09, 2023
Installation of hacking tools

Tools-Spartan This is a program that makes it easy for you to download and install tools used in Kali Linux, there are tons of tools available.

1 Nov 10, 2021
Tool to check if your DNS comply to Polish Ministry of Finance gambling domains restrictions

dns-mf-hazard Tool to check if your DNS comply to Polish Ministry of Finance gambling domains restrictions How to use it? Installation You need python

Marek Wajdzik 2 Jan 01, 2022
Local File Inclusion Scanner and Exploiter

LFI-Paradise Local File Inclusion Scanner and Exploiter Features 1- Scanner 2- E

11 Sep 04, 2022
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

O365DevicePhish Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script t

Trewis [work] Scotch 4 Sep 23, 2022
Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile.

Orthrus is a macOS agent that uses Apple's MDM to backdoor a device using a malicious profile. It effectively runs its own MDM server and allows the operator to interface with it using Mythic.

Mythic Agents 37 Dec 06, 2022
A python implementation of the windows 95 product key check.

Windows 95 Product Key Check Info: This is a python implementation of the windows 95 product key check. This was just a bit of fun and a massive 5 hou

11 Aug 07, 2022
Auerswald COMpact 8.0B Backdoors exploit

CVE-2021-40859 Auerswald COMpact 8.0B Backdoors exploit About Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow a

6 Sep 22, 2022
This tool help you to check if your Windows machine has hidden miner.

Hidden Miner Detector This tool help you to check if your Windows machine has hidden miner. Miners track when you open antivirus software or task mana

Николай Борщёв 2 Oct 05, 2022
this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows and macos

Keylogger this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows a

Titan_Exodous 1 Nov 04, 2021
Trustme: #1 quality TLS certs while you wait

trustme: #1 quality TLS certs while you wait You wrote a cool network client or server. It encrypts connections using TLS. Your test suite needs to ma

479 Dec 27, 2022