Code Monkey home page Code Monkey logo

vulns-2022's Introduction

搜集 2022 年的漏洞

本项目用于搜集 2022 年的漏洞,注意: 本项目并不刻意搜集 POC 或 EXP,包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用

目前纯手工搜集,后期可能会加入机器人,漏洞按照更新时间逆序排序

命令执行

RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1(CVE-2021-45897)

CVE-2021-22204 Rxiftool RCE

HongJingEHR多个漏洞(Axis Adminservice远程代码执行漏洞、HongJingEHR未授权反序列化漏洞)

NUUO NVRmini2 未授权RCE漏洞

Uniview 未授权RCE漏洞 (CVE-2021-45039)

SONICWALL SMA100 Apache httpd 未授权RCE (CVE-2021-20038)

TerraMaster TOS session 伪造、任意⽂件读取、远程命令执⾏等多个漏洞

H2 数据库控制台未授权 RCE (CVE-2021-42392)

Atlassian Jira Server and Data Center 授权RCE漏洞 (CVE-2021-43947)

CVE-2021-41773 Apache HTTP Server 2.4.49 RCE

权限提升

Linux PolKit (polkitd) 0.133 本地提权(CVE-2021-3560)

Windows CVE-2021-1675 is a vulnerability in the Print Spooler Service of Microsoft Windows

Windows win32k LPE bypass CVE-2022-21882

Linux polkit的pkexec 本地权限升级漏洞 EXP(CVE-2021-4034)

拒绝服务

A-potential-Denial-of-Service-issue-in-protobuf-java

代码执行

a-tag with the HTML injection vulnerability in CSV+ <=0.8.0(CVE-2022-21241)

POC for CVE-2022-21907: Windows HTTP协议栈远程代码执行漏洞

GoAhead 远程代码执⾏漏洞 (CVE-2021-42342)

SQL注入

Prestashop >= 1.7.5.0 < 1.7.8.2 - SQL injection(CVE-2021-43789)

Moodle 3.11-3.11.4 SQL注入 POC(CVE-2022-0332)

PhpIPAM v1.4.4 授权 SQL 注入(CVE-2022-23046)

CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection POC

CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection

wordpress SQL注入漏洞 (CVE-2022–21661)

越权漏洞

CVE-2022-22828 Synametrics - SynaMan version 4.9 存在越权漏洞

Hospital's Patient Records Management System 1.0(CVE-2022-22296)

Gin-Vue-admin垂直越权漏洞与代码分析 (CVE-2022-21660)

信息泄露

WebLogic 信息泄露漏洞(CVE-2022-21252)

Import Export WordPress plugin(CVE-2022-0236)

容器逃逸

Sample Ubuntu LPEs and container escapes coming soon(CVE-2022-0185)

外部实体

Andrid XML外部实体引用inskylot/jadx的不当限制(CVE-2022-0219)

XSS

Stored Cross Site Scripting Sourcecodester Online Car Rental System 1.0(CVE-2021-46005)

Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1(CVE-2021-45416)

D-Link Router DSL-2730E - Stored Cross Site Scripting (XSS)(CVE-2021-46108)

Ivanti Service Manager 2021.1 infected with reflected XSS(CVE-2021-38560)

RosarioSIS 8.2.1 反射式跨站点脚本(CVE-2021-45416)

HPRMS - 'room_list' Stored XSS(CVE-2022-22852)

HPRMS - 'doctors' Stored XSS(CVE-2022-22851)

HPRMS - 'room_types' Stored XSS(CVE-2022-22850)

文件包含

Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 本地文件包含(CVE-2022-21371)

vulns-2022's People

Contributors

binganao avatar

Forkers

startagain2016

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.