CVE-2022-26500 Veeam Backup & Replication RCE
看推特又爆了cve,感觉挺牛逼的洞,于是分析一手。
CVE-2022-22947 SpringCloud GateWay SPEL RCE Echo Response
从dotnet源码看文件上传绕waf
CVE-2022-23131 Zabbix Web Frontend Bypassing the SAML SSO Authentication
CVE-2021-44521 Apache Cassandra 加载UDF RCE
CVE-2021-42631 PrinterLogic Web Stack unserialize RCE
CVE-2022-22733 Apache ShardingSphere ElasticJob-UI RCE
dotnet 反序列化的另外几个gadget
CVE-2021-45456 Apache Kylin 命令注入
MeterSphere PluginController Pre-Auth RCE
chybeta又发预警了
CVE-2021-45232 Apache APISIX Dashboard Unauthorized Access Vulnerability
CVE-2021-44077 Zoho ManageEngine ServiceDesk Plus Pre-Auth RCE
CVE-2021-34992 Orckestra C1 CMS Deserialization RCE
CVE-2021-21234 Spring Boot Actuator Logview Directory Traversal
CommVault Command Center Pre-Auth Rce
CommVault这玩意是两种语言(.net和java)开发的,两掺挺有意思。