2021hvv漏洞汇总

Overview

清单

披露时间 涉及商家/产品 漏洞描述
2021/04/08 启明星辰天清汉马USG防火墙存在逻辑缺陷漏洞(历史漏洞) CNVD-2021-17391 启明星辰 天清汉马USG防火墙 逻辑缺陷漏洞 CNVD-2021-12793
2021/04/08 禅道项目管理软件11.6 禅道 11.6 sql注入漏洞
2021/04/08 金山WPS(历史漏洞CVE-2020-25291) 通过点击触发WPS内置浏览器RCE 金山WPS存在远程堆损坏漏洞
2021/04/08 金山V8/V9终端安全系统 金山 V8 -V9 终端安全系统漏洞合集
2021/04/08 金山V8终端安全系统 金山 V8 终端安全系统 pdf_maker.php 命令执行漏洞
2021/04/08 天擎 天擎越权访问
2021/04/08 致远OA 致远OA ajax.do 任意文件上传漏洞
2021/04/08 致远OA 致远OA 前台getshell 复现 致远OA任意文件上传
2021/04/08 齐治堡垒机 存在命令执行漏洞,POC疑似已流出
2021/04/08 深信服EDR(历史漏洞) 深信服EDR远程命令执行 CNVD-2020-46552
2021/04/08 深信服VPN(历史漏洞) 深信服 SSL VPN 客户端远程文件下载
2021/04/08 jackson 存在反序列化漏洞,POC疑似已流出
2021/04/08 tomcat 存在反序列化命令执行漏洞,POC疑似已流出
2021/04/08 泛微OA9 泛微OA9前台任意文件上传
2021/04/08 泛微OA8 泛微OA8前台SQL注入
2021/04/08 CoreMail Coremail文件上传漏洞POC - 钓鱼
2021/04/08 用友NC6.5 用友NC反序列化 用友 NC 反序列化RCE漏洞
2021/04/08 dubbo 存在反序列化命令执行漏洞,POC疑似已流出
2021/04/08 Weblogic 某weblogic的T3反序列化0day分析 Weblogic T3 反序列化远程代码执行漏洞
2021/04/08 天擎 360天擎-前台sql注入
2021/04/08 和信创天云桌面全版本 和信创天云桌面命令执行 和信创天云桌面系统 远程命令执行 RCE漏洞
2021/04/08 红帆OA 存在任意文件写入漏洞,POC疑似已流出
2021/04/08 Exchange Microsoft Exchange Server远程执行代码漏洞
2021/04/08 Shiro 存在Nday漏洞,POC疑似已流出
2021/04/08 金蝶云K3Cloud全版本 存在命令执行漏洞,,POC疑似已流出
2021/04/08 用友U8Cloud版本 存在命令执行,POC疑似已流出
2021/04/08 H3C计算机管理平台2016年版本 H3C SecPath运维审计系统任意用户登录漏洞 18号获取详细信息
2021/04/08 帆软V9 帆软 V9getshell FineReport V9 帆软 V9 任意文件覆盖文件上传
2021/04/08 天眼 存在0day漏洞,POC疑似已流出
2021/04/08 默安蜜罐管理平台 默安蜜罐管理平台未授权问
2021/04/08 Jellyfin<10.7.1版本(历史漏洞) Jellyfin未授权任意文件读取 - CVE-2021-21402
2021/04/08 用友ERP-NC 存在目录遍历漏洞
2021/04/08 快排CMS 快排CMS 任意文件上传漏洞
2021/04/08 快排CMS 快排CMS 信息泄露漏洞
2021/04/08 快排CMS 快排CMS 后台XSS漏洞
2021/04/09 Apache Solr apache Solr 存在任意文件读取
2021/04/09 亿邮电子邮件系统 亿邮电子邮件系统 远程命令执行漏洞
2021/04/09 天融信DLP 天融信dlp-未授权+越权
221/04/09 奇安信VPN 奇安信VPN前台存在RCE
2021/04/09 DzzOffice≤2.02 DzzOffice最新版RCE(随机数问题)
2021/04/09 蓝凌OA 蓝凌oa任意文件写入
2021/04/09 蓝凌OA 蓝凌OA EKP 后台SQL注入漏洞 CNVD-2021-01363蓝凌OA EKP 后台SQL注入漏洞 CNVD-2021-01363
2021/04/09 致远OA 致远OA远程代码执行漏洞
2021/04/09 浪潮云ClusterEngineV4.0 浪潮 ClusterEngineV4.0 任意命令执行
2021/04/09 OneBlog≤V2.2.1 OneBolg远程命令执行OneBlog 小于v2.2.1 远程命令执行漏洞
2021/04/10 浪潮云ClusterEngineV4.0 浪潮ClusterEngineV4.0 sysShell 任意命令执行漏洞
2021/04/10 浪潮云ClusterEngineV4.0 浪潮ClusterEngineV4.0 任意用户登录漏洞
2021/04/10 齐治堡垒机 齐治堡垒机任意用户登录漏洞
2021/04/10 山终端安全系统 V8/V9 金山终端安全系统 V8/V9存在文件上传漏洞
2021/04/10 奇安信NS-NGFW 网康防火墙 奇安信 网康下一代防火墙 RCE
2021/04/10 云尚在线客服系统 存在任意文件上传
2021/04/10 泛微OA8 e-mobile 泛微OA  e-mobile4.0-6.6 SQL注入漏洞
2021/04/10 泛微OA8 e-mobile 泛微e-mobile 0day
2021/04/11 FOFA指纹 title="流媒体管理服务器" HIKVISION 流媒体管理服务器 后台任意文件读取漏洞 CNVD-2021-14544
2021/04/11 Fastjson 0day 疑似0day,视频确认存在
2021/04/11 Apache Solr Apache Solr 任意文件下载/SSRF POC
2021/04/12 Google Chrome≤89.0.4389.114 Chrome 远程代码执行0Day漏洞
2021/04/12 Nagios Network Analyzer Nagios Network Analyzer SQL 注入漏洞- CVE-2021-28925
2021/04/12 蓝凌OA 蓝凌OA密码重置漏洞
2021/04/12 瑞捷 锐捷RG-UAC统一上网行为管理审计系统存在账号密码信息泄露 锐捷 RG-UAC 统一上网行为管理审计系统 账户硬编码漏洞
2021/04/13 IBOS数据库模块 IBOS 数据库模块 任意文件上传漏洞
2021/04/13 PHP zerodium PHP zerodium后门漏洞
2021/04/13 迅雷 迅雷11存在二进制漏洞 - CNVD-2021-18274
2021/04/13 Apache Solr Apache Solr服务器端请求伪造漏洞 - CVE-2021-27905
2021/04/13 Apache Solr Apache Solr数据集读写漏洞 - CVE-2021-29943
2021/04/13 Apache Solr Apache Solr敏感信息泄漏漏洞 - CVE-2021-29262
2021/04/14 Apache OFBiz反序列化漏洞 Apache OFBiz RMI反序列化漏洞 CVE-2021-26295
2021/04/14 EMP平台 EMP平台任意文件上传漏洞
2021/04/14 JD-FreeFuck后台命令执行 JD-FreeFuck 后台命令执行漏洞
2021/04/14 Microsoft Exchange Microsoft Exchange Server远程执行代码漏洞
2021/04/14 天融信(历史漏洞) 天融信接入网关系统存在弱口令 - CNVD-2021-08407
2021/04/14 奇安信天擎终端安全管理系统 存在任意文件上传
2021/04/14 Google Chrome V8引擎 Google ChromeV8引擎远程代码执行0day漏洞
2021/04/15 通达OA 通达OA存在命令执行漏洞 - CNVD-2021-21890
2021/04/15 Joomla Joomla XSS漏洞
2021/04/15 TongWeb tongweb文件上传漏洞
2021/04/16 Weblogic Weblogic T3 反序列化远程代码执行漏洞
2021/04/16 微信 青藤捕获在野微信0day漏洞(chrome 0day利用)利用微信内置浏览器Chrome漏洞实现远控
2021/04/16 浪潮ERP 浪潮ERP系统远程代码执行漏洞
2021/04/17 深信服 深信服安全感知平台存在存储型跨站脚本漏洞
2021/04/17 泛微 泛微某系统疑似存在文件上传漏洞
2021/04/17 TP-COUPON TP-COUPON存在SQL注入漏洞 - CNVD-2021-21889
2021/04/18 小鱼易连视频会议系统 小鱼易连视频会议系统存在0day
2021/04/18 H3C SecPath运维审计系统 H3C SecPath运维审计系统任意用户登录漏洞
2021/04/18 Coremail Coremail 邮箱系统路径穿越漏洞
2021/04/20 微信 微信最新版本3.2.11.151 Google内核poc利用上线cs方式

Just 互联网的搬运工,来自某公众号,如有侵权及时和我联系

Owner
Keep learning,Stay foolish,Continue thinking.
Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray3

Mark Hedrick 246 Dec 28, 2022
Use scrapli to retrieve security zone information from a Juniper SRX firewall

Get Security Zones with Scrapli Overview This example will show how to retrieve security zone information on Juniper's SRX firewalls. In addition to t

Calvin Remsburg 2 Jun 19, 2022
Zero-attacker is an multipurpose hacking tool with over 12 tools

Zero Attacker Zero Attacker is bunch of tools which we made for people.These all tools are for purpose of ethical hacking and discord tools. Who is th

Asjad 300 Dec 28, 2022
Passphrase-wordlist - Shameless clone of passphrase wordlist

This repository is NOT official -- the original repository is located on GitLab

Jeff McJunkin 2 Feb 05, 2022
MainCoon - an automated recon framework

MainCoon is an automated recon framework meant for gathering information during penetration testing of web applications.

Md. Nur habib 8 Aug 26, 2022
🔐 A simple command-line password manager.

PassVault What Is It? It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in

5 Aug 15, 2022
VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read

vcenter_fileread_exploit VMware vCenter earlier v(7.0.2.00100) unauthorized arbitrary file read Usage python3 vCenter_fileread.py http(s)://ip Referen

Ashish Kunwar 4 Sep 23, 2022
𝙾𝚙𝚎𝚗 𝚂𝚘𝚞𝚛𝚌𝚎 𝚂𝚌𝚛𝚒𝚙𝚝 - 𝙽𝚘 𝙲𝚘𝚙𝚢𝚛𝚒𝚐𝚑𝚝 - 𝚃𝚎𝚊𝚖 𝚆𝚘𝚛𝚔 - 𝚂𝚒𝚖𝚙𝚕𝚎 𝙿𝚢𝚝𝚑𝚘𝚗 𝙿𝚛𝚘𝚓𝚎𝚌𝚝 - 𝙲𝚛𝚎𝚊𝚝𝚎𝚍 𝙱𝚢 : 𝙰𝚕𝚕 𝚃𝚎𝚊𝚖 - 𝙲𝚘𝚙𝚢𝙿𝚊𝚜𝚝 𝙲𝚊𝚗 𝙽𝚘𝚝 𝙼𝚊𝚔𝚎 𝚈𝚘𝚞 𝚁𝚎𝚊𝚕 𝙿𝚛𝚘𝚐𝚛𝚊𝚖𝚖𝚎𝚛

𝙾𝚙𝚎𝚗 𝚂𝚘𝚞𝚛𝚌𝚎 𝚂𝚌𝚛𝚒𝚙𝚝 - 𝙽𝚘 𝙲𝚘𝚙𝚢𝚛𝚒𝚐𝚑𝚝 - 𝚃𝚎𝚊𝚖 𝚆𝚘𝚛𝚔 - 𝚂𝚒𝚖𝚙𝚕𝚎 𝙿𝚢𝚝𝚑𝚘𝚗 𝙿𝚛𝚘𝚓𝚎𝚌𝚝 - 𝙲𝚛𝚎𝚊𝚝𝚎𝚍 𝙱𝚢 : 𝙰𝚕𝚕 𝚃𝚎𝚊𝚖 - 𝙲𝚘𝚙𝚢𝙿𝚊𝚜𝚝 𝙲𝚊𝚗 𝙽𝚘𝚝 𝙼𝚊𝚔𝚎 𝚈𝚘𝚞 𝚁𝚎𝚊𝚕 𝙿𝚛𝚘𝚐𝚛𝚊𝚖𝚖𝚎𝚛

CodeX-ID 2 Oct 27, 2022
Python Library For Ethical Hacker

Python Library For Ethical Hacker

11 Nov 03, 2022
Hammer-DDos - Hammer DDos With Python

Hammer-DDos $ apt update $ apt upgrade $ apt install python $ apt install git $

1 Jan 24, 2022
"KeyLogger-WebService" Is a Keylogger Write In python.

KeyLogger-WebService "KeyLogger-WebService" Is a Keylogger Write In python. When you Inject the file on a computer once the file is opened on the comp

Freddox 21 Dec 16, 2022
A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3

arp_spoof_detector A repository to detect the ARP spoofing in any devices and prevent Man in the Middle(MITM) attack using Python3 Usage: git clone ht

Surya Das N 1 Oct 30, 2021
This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798).

CVE-2021-43798 – Grafana Exploit About This is a proof-of-concept exploit for Grafana's Unauthorized Arbitrary File Read Vulnerability (CVE-2021-43798

Pedro Havay 12 Nov 18, 2022
This is a js front-end encryption blasting account and password tools

Author:0xAXSDD By Gamma安全实验室 version:1.0 explain:这是一款用户绕过前端js加密进行密码爆破的工具,你无需在意js加密的细节,只需要输入你想要爆破url,以及username输入框的classname,password输入框的clas

75 Nov 25, 2022
Linus-png.github.io - Versionsverwaltung & Open Source Hausaufgabe

Let's Git - Versionsverwaltung & Open Source Hausaufgabe Herzlich Willkommen zu

1 Jan 24, 2022
Volunteer & Campaign Management System

Cleansweep Requirements A Linux (or Mac OS X) node with the following software installed. Ubuntu 14.04 is preferred. PostgreSQL 9.3 database server Py

Aam Aadmi Party 39 May 24, 2022
Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints.

jolokia-exploitation-toolkit Jolokia Exploitation Toolkit (JET) helps exploitation of exposed jolokia endpoints. Core concept Jolokia is a protocol br

Laluka 194 Jan 01, 2023
Malware-analysis-writeups - Some of my Malware Analysis writeups

About This repo contains some malware analysis writeups i've created over time m

Itay Migdal 14 Jun 22, 2022
🐎🖥《赛马娘》(ウマ娘: Pretty Derby)辅助脚本

auto-derby 自动化养马 育成结果 Nurturing result 功能 支持客户端 DMM (前台) 实验性 安卓 ADB 连接(后台)开发基于 1080x1920 分辨率 团队赛 (Team race) 有胜利确定奖励时吃帕菲 日常赛 (Daily race) PvP 活动赛 (Cha

NateScarlet 376 Jan 01, 2023
Simple python script for generating custom high-secure passwords for securing your social-apps ❤️

Opensource Project Simple Python Password Generator This repository is just for peoples who want to generate strong-passwords for there social-account

K A R T H I K 15 Dec 01, 2022