Vulnerability Research OA/Middleware/Framework (Index). Open source products, foreign application software
Program List
Apache Airflow
- CVE-2020-11978 Apache Airflow 命令注入
Apache APISIX
- CVE-2021-45232 Apache APISIX Dashboard Pre-Auth RCE
- CVE-2021-43557 Apache APISIX Path traversal
Apache Axis
- CVE-2019-0227 Apache Axis 1.4 RCE
Apache Cocoon
- CVE-2020-11991 Apache Cocoon XXE
Apache Druid
- CVE-2021-44228 Apache Druid RCE via Log4shell
- CVE-2021-36749 Apache Druid 文件读取
- CVE-2020-9496 Apache Druid 代码执行
- CVE-2021-25646 Apache Druid 代码执行
Apache Dubbo
- CVE-2019-17564 Apache Dubbo 反序列化 RCE
- CVE-2020-1948 Apache DubboHessian 反序列化
Apache Flink
- CVE-2020-17518 Apache Flink 目录遍历/文件写入-Upload)
- CVE-2020-17519 Apache Flink 目录遍历/文件读取-jobmanager/logs)
- CVE-2021-44228 Apache Flink RCE via Log4shell
Apache Log4j
- CVE-2017-5645 Log4j 2.x 反序列化
- CVE-2019-17571 Log4j 1.2.x 反序列化
- CVE-2021-44228 Log4j JNDI
Apache HTTP Server
- CVE-2021-41773 Apache HTTP Server Path Traversal/RCE
- CVE-2021-42013 Apache HTTP Server Path Traversal/RCE
Apache JMeter
- CVE-2018-1297 Apache JMeter RMI 反序列化
Apache JSPWiki
- CVE-2021-44140 Apache JSPWiki Arbitrary file deletion on logout
- CVE-2021-44228 Apache JSPWiki RCE via Log4shell
Apache OFBiz
- CVE-2020-9496 Apache Ofbiz 反序列化
- CVE-2021-26295 Apache OFBiz 反序列化
- CVE-2021-44228 Apache OFBiz RCE via Log4shell
Apache ShenYu
- CVE-2021-37580 Apache ShenYu 权限绕过
Apache Shiro
- CVE-2016-4437 反序列化-RememberMe
- CVE-2016-6802 身份认证绕过
- CVE-2019-12422
- CVE-2020-1957 身份认证绕过
- CVE-2020-11989 身份认证绕过
- CVE-2020-13933 身份认证绕过
- CVE-2020-17510 身份认证绕过
- CVE-2020-17523 身份认证绕过
- CVE-2021-41303 身份认证绕过
Apache SkyWalking
- CVE-2021-44228 Apache SkyWalking RCE via Log4shell
- CVE-2020-9483 Apache Skywalking SQL注入
- CVE-2020-13921 Apache Skywalking SQL注入
Apache Solr
- CVE-2021-44228 Apache Solr RCE via Log4shell
Apache Storm
- CVE-2021-38294 Apache Storm 反序列化
- CVE-2021-40865 Apache Storm 命令注入
Apache Struts2
- CVE-2021-44228 Apache Struts2 RCE via Log4Shell
Atlassian Confluence
- CVE-2019-3394 Atlassian Confluence 文件读取
- CVE-2019-3395 Atlassian Confluence SSRF
- CVE-2019-3396 Atlassian Confluence 路径穿越/代码执行
- CVE-2020-4027 Atlassian Confluence SSTI
- CVE-2021-26084 Atlassian Confluence OGNL注入
- CVE-2021-26085 Atlassian Confluence 文件读取
Atlassian Crowd
- CVE-2019-11580 Atlassian Crowd RCE
Atlassian Jira
- CVE-2017-9506 Jira URL跳转
- CVE-2019-8451 Jira SSRF
- CVE-2019-8442 Jira 未授权/信息泄露
- CVE-2019-3402 Jira XSS
- CVE-2019-8444 Jira XSS
- CVE-2019-11581 Jira SSTI
- CVE-2020-29453 Jira 文件读取
- CVE-2020-14181 Jira 用户名枚举
- CVE-2021-26086 Jira 文件读取
- CVE-2021-39115 Jira SSTI
Citrix
- CVE-2020-8209 Citrix XenMobile 目录遍历/文件读取
- CVE-2021-44228 Citrix XenMobile RCE via Log4shell
Cisco
- CVE-2020-3452 Cisco ASAFTD 任意文件读取
Django
- CVE-2021-35042 Django SQL注入
Docker
- CVE-2020-15257 Docker 容器逃逸
ECShop
- CVE-20xx-xxxxx ECShop v2.x/3.x 远程代码执行
- CVE-20xx-xxxxx ECShop v3.0 SQL注入-flow.php
- CVE-20xx-xxxxx ECShop v2.6.1 SQL注入-uc.php
- CVE-20xx-xxxxx ECShop v4.1.0 SQL注入-/ecshop/delete_cart_goods.php
- CVE-2021-43679 ECShop v2.7.3 SQL注入
Exchange
- CVE-2021-26855 + CVE-2021-27065 ProxyLogon
- CVE-2021-31195 + CVE-2021-31196 ProxyOracle
- CVE-2021-34473 + CVE-2021-34523 + CVE-2021-31207 ProxyShell
- CVE-2021-41349 Exchange XSS
F5 BIG-IP
- CVE-2020-5902 F5 BIG-IP 远程代码执行
2021-01
- CVE-2021-22986 F5 BIG-IP 远程代码执行
2021-03
Gitlab
- CVE-2021-22214 Gitlab CI Lint API SSRF
- CVE-2021-22205 Gitlab RCE
Grafana
- CVE-2021-xxxx Grafana 文件读取-/public/plugins/grafana-clock-panel/
Harbor
- CVE-2019-16097 任意管理员注册
H2Database
- CVE-2021-42392 H2 Database Console JNDI Injection
Lanproxy
- CVE-2020-3019 Lanproxy 目录遍历/文件读取
Laravel
- CVE-2018-15133 RCE
- CVE-2021-3129 Laravel Debug RCE
Linux
- CVE-2021-3156 Linux 本地提权
- CVE-2021-4034 Linux 本地提权
Moodle
- CVE-2022-0332 Moodle SQL injection
Metabase
- CVE-2021-41277 Metabase文件读取
MeterSphere
- CVE-2021-45789 MeterSphere Post-auth 文件读取
- CVE-2021-45790 MeterSphere Pre-auth 文件上传
- CVE-2021-xxxxx MeterSphere Plugin Pre-auth RCE
Jboss
- CVE-2006-5750
- CVE-2007-1036
- CVE-2010-0738
- CVE-2010-1871 JBoss Seam Framework远程代码执行
- CVE-2015-7501 JBoss JMXInvokerServlet 反序列化
- CVE-2013-4810
- CVE-2017-7504 JBoss 4.x JBossMQ JMS 反序列化
- CVE-2017-12149 JBOSS AS 5.x/6.x 反序列化
Jellyfin
- CVE-2021-21402 Jellyfin 文件读取
Jetty
- CVE-2021-28169 Jetty URI路径限制绕过
- CVE-2021-28164 Jetty URI路径限制绕过
Spring
- CVE-xxxx-xxxx SpringBoot Actuator 未授权访问
- CVE-2018-1271 Spring MVC Directory Traversal
- CVE-2019-3799 Spring Cloud Config Server Directory Traversal/文件读取
- CVE-2020-5405 Spring Cloud Config Server Directory Traversal
- CVE-2020-5410 Spring Cloud Config Directory Traversal
- CVE-2020-5412 Spring Cloud Netflix Hystrix Dashboard SSRF
- CVE-2021-21234 Spring Boot Actuator Logview Directory Traversal
- CVE-2010-1622 Spring Framework RCE
Tomcat
- CVE-2020-9484 Tomcat RCE via Session Persistence
- CVE-2022-23181 Tomcat 权限提升(TOCTOU)
Typecho
- CVE-xxxx-xxxxx Typecho v1.0 SSRF
- CVE-2018-18753 Typecho v1.1 反序列化
ThinkPHP 3.x
- ThinkPHP3.2.x 文件包含->RCE
Thinkadmin
- CVE-2020-25540 目录遍历/文件读取
- CNVD-2020-33163
VMware
- CVE-2021-44228 VMware Product RCE via Log4Shell
- CVE-2021-22017 VMware vCenter rhttpproxy Bypass
- CVE-2021-22005 VMware vCenter 文件上传
- CVE-2021-21985 VMware vCenter 远程代码执行
- CVE-2021-21972 VMware vCenter 远程命令执行
- CVE-2021-21973 VMware vCenter SSRF – /sdk
- CVE-2021-21975 VMware vRealize Operations Manager SSRF
- CVE-2021-22056 VMware Workspace ONE Access SSRF
- CVE-2020-4006 VMware Workspace ONE Access 命令注入(post-auth)-/cfg/ssl/installSelfSignedCertificate
- CVE-2021-21978 VMware View Planner 远程代码执行
- CVE-2021-00000 VMware vCenter 文件读取 – /eam/vib?id=
- CVE-2021-00000 VMware vCenter SSRF/文件读取 – /ui/vcav-bootstrap/rest/vcav-providers/provider-logo?url=
Weblogic
- CVE-2020-14882+CVE-2020-14883 Weblogic 权限绕过+ 命令执行 = RCE
- CVE-2020-14750 Weblogic 权限绕过
- CVE-2022-21350 Weblogic 反序列化
Application List
Billion Mail
- Billion Mail Remote Command Execution (CNVD-2021-26422)-/webadm/?q=moni_detail.do&action=gragh
Fan Ruan
- FanRuan Report 2012 Information Leakage
2021-05
- FanRuan report SSRF/file reading
2021-05
- FanRuan report v8 file reading (CNVD-2018-04757)
2021-05
- FanRuan report v8 directory traversal
2021-08
- FanRuan report v9 file upload (CNVD-2021-34467)
2021-05
New H3C
- H3C IMC dynamiccontent.properties.xhtm remote command execution
2021-05
- H3C Next Generation Firewall Arbitrary File Read
2021-05
- H3C SecPath operation and maintenance audit system login by any user
2021-05
Kingdee
- Kingdee EAS server_file directory traversal
Kingsoft Terminal Security System
- Kingsoft Terminal Security Management System v8 file upload-upload.php
- Kingsoft Terminal Security Management System v8 file read-downfile.php
- Kingsoft Terminal Security Management System v8 command execution-pdf_maker.php
Gold and OA
- Gold and OA C6 administrator default passwords
- Jinhe OA C6 download.asp file download
Lanling OA
- Bluelink OA EKP background SQL injection (CNVD-2021-01363)
- Bluelink OA SSRF/File Read-custom.jsp
- Lanling OA SSRF+XMLDecoder=RCE
- Lanling OA SSRF+JNDI=RCE
- Bluelink OA SQL Injection (CNVD-2020-62240)-/admin/list/list.aspx
Pan micro OA
- Panwei e-mobile expression injection (CNVD-2017-03561)-login.do
- Fanwei OA file download (CNVD-2019-29900)
- Panwei OA file reading (CNVD-2019-29902)
- Panwei OA remote command execution (CNVD-2019-32204)
- Panwei OA SQL Injection (CNVD-2019-34241)-WorkflowCenterTreeData.jsp
- Panwei OA SQL Injection (CNVD-2019-40989)-SyncUserInfo.jsp
- Panwei OA SQL Injection (CNVD-2019-40989)-WorkflowCenterTreeData.jsp
- Panwei OA SQL Injection (CNVD-2019-41610)-validate.jsp
- Panwei e-bridge directory traversal/file reading (CNVD-2020-59520)
- Panwei OA Information Disclosure-DBconfigReader.jsp
- Panwei OA Information Disclosure-gethrmkq.jsp
- Pan Micro OA SSRF
- Fanwei Eoffice information disclosure – mysql_config.ini
- Panwei OA SQL injection-/js/hrm/getdata.jsp
- Panwei e-mobile6.6 RCE
- Fanwei OA file upload-sysinterface/codeEdit.jsp
- Fanwei OA V9 file upload-uploadOperation.jsp
- Panwei OA XStream deserialization
- Fanwei OA file upload – cloudstore
- Fanwei OA v8 file download
- Fanwei OA file upload – KtreeUploadAction
- Fanwei OA file upload – ExcelUploadServlet
- Panwei Eoffice v10 SQL Injection-leave_record.php
- Fanwei Eoffice v9 file upload (CNVD-2021-49104)-UploadFile.php
- Panwei OA SQL injection-/Api/portal/elementEcodeAddon/getSqlData
However, collaborative OA
- However, the synergy system v4.6.1 SQL injection
- However, the collaborative system v4.6.1 SQL injection -> file deletion
- However, the collaborative system v4.6.1 SQL injection -> file download
- However, the collaborative system v4.6.1 SQL injection – file deletion -> RCE
- Ranzhi Collaboration System v4.6.1 Noise Chat System RCE
Zhiyuan OA
- Zhiyuan OA Session leaked-/yyoa/ext/https/getSessionList.jsp
- Zhiyuan OA Fanruan report component XXE
- Zhiyuan OA FanRuan report v8.0 background file upload
- Zhiyuan OA A6 Information Disclosure-createMysql
- Zhiyuan OA A6 Information Disclosure-DownExcelBeanServlet
- Zhiyuan OA A6 Information Disclosure-initDataAssess
- Zhiyuan OA A6 SQL Injection-setextno.jsp
- Zhiyuan OA A6 SQL Injection-test.jsp
- Zhiyuan OA A6 SQL Injection-search_result.jsp
- Zhiyuan OA A6 file download-webmail.do
- Zhiyuan OA A8 user password modification
- Zhiyuan OA A8 Username & Password Enumeration-/seeyon/getAjaxDataServlet
- Zhiyuan OA A8 file read-/seeyon/management/status.jsp
- Zhiyuan OA A8 Remote Code Execution-htmlofficeservlet
- Zhiyuan OA unauthorized access + file upload – ajax.do
- Zhiyuan OA Cookie Leak + File Upload
- Zhiyuan OA Fastjson deserialization
Wanhu OA
- Wanhu OA file upload-/defaultroot/upload/fileUpload.controller
- Wanhu OA file upload-/defaultroot/officeserverservlet
call OA
- Call OA v2.1.7 background SQL injection-typeid
- Call OA v2.2.8 Background file operation -> RCE
- Call OA v2.2.8 background SQL injection -> RCE
- Call OA v2.3.0 background configuration file -> RCE
Jiusi OA
- Jiusi OA file read-/GetRawFile
Master OA
- Tongda OA v11.9 front-end SQL injection-get_datas.php
- Mastery OA file deletion + file upload = RCE
- Mastery OA file upload + file inclusion = RCE
- Tongda OA <vv11.5 version any user login
- Tongda OA v11.2 background RCE
- Master OA v11.7 background SQL injection
- Mastery OA v11.7 RCE
- Master OA v11.8 background low-privilege Getshell
Qizhi fortress machine
- Any user of Qizhi Fortress can log in
Ruijie
- Ruijie EWEB network management system command injection-/guest_auth/guestIsUp.php
- Ruijie unified online behavior management audit system information leakage (CNVD-2021-14536)
- Ruijie EG Easy Gateway Remote Command Execution-branch_passw.php
- Ruijie EG Easy Gateway Remote Command Execution-cli.php
- Ruijie EG Easy Gateway Background Arbitrary File Read-download.php
Zoe
- RuoYi background template injection
- RuoYi <= v4.6.2 (backend) deserialization-snakeyaml
- RuoYi <= v4.6.1 (backend) SQL injection – /system/role/list
- RuoYi <= v4.5.0 (background) file download-/common/download/resource
- RuoYi <= v4.4.0 Shiro Permission Authentication Bypass
- RuoYi <= v4.3.0 Shiro deserialization
- RuoYi <= v4.3.0 Shiro Permission Authentication Bypass
- RuoYi <= v3.2.0 SQL Injection
Tianqing
- 360 Tianqing SQL Injection
- 360 Tianqing information leak
UF
- UF Human Resource Management Software (e-HR) XXE
- UF NC v5.7 XSS
- UF ERP-NC file read-hrss/ELTextFile.load.d
- UF NC file contains – NCFindWeb
- UF NC XSS
- UF TurboCRM file read-/ajax/getemaildata.php
- UF UA-PWS XXE
- UF FE SQL injection – addUser.jsp
- UF FE SQL injection-codeMoreWidget.jsp
- UF ICC file download-getfile.jsp
- UF ICC XSS
- UF NC-IUFO system XSS
- UF TruboCRM SQL Injection – /background/
- UF TruboCRM SQL Injection -/login/forgetpswd.php
- UF GRP-U8 SQL Injection (CNVD-2020-49261)
- UF NC bsh.servlet.BshServlet remote command execution
- UF GRP-U8 SQL Injection
- UF NCCloud-FS SQL injection
- UF U8 OA test.jsp SQL injection
- UF NC v6.5 file upload-FileReceiveServlet
convinced
- Sangfor SSL VPN url command injection (CNVD-2020-57240)
- Sangfor EDR terminal detection and response platform for any user to log in
- Sangfor EDR Terminal Detection and Response Platform RCE
Billionaire
- CNVD-2021-26058 Yisaitong Electronic Document Security Management System (CDG) RCE
Coremail
- CNVD-2019-16798 Coremail Information Disclosure
- Coremail any user password modification
D-Link
- CVE-2020-25078 D-Link DCS-2530L Information Disclosure
- CVE-2018-6530 D-Link Remote Command Execution
- CVE-2019-7297 D-Link DIR-823G Command Injection
- CVE-2019-7298 D-Link DIR-823G Command Injection
- CVE-2019-13128 D-Link DIR-823G Command Injection
- CVE-2019-15529 D-Link DIR-823G Command Injection
- CVE-2019-17621 D-Link DIR-859 Remote Code Execution
- CNVD-2018-01084 D-Link DIR-615/645/815 Command Injection
- CVE-2018-17063 D-Link DIR-816 A2 Command Injection
- CVE-2020-24581 D-link DSL-2888A Remote Code Execution
JEECMS
- JEECMS file upload + SSTI = RCE
- JEECMS v9.3 SSRF
- JEECMS v9.3 file upload + SSTI = file read
- JEECMS v9.3 deserialization (Shiro)
The Research List is a github repository by pen4uin
Leave a Reply