unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Tomcat Upgrade Memshell
1 2 3 4 5 6 7 8 91011121314151617181920212223242526272829303132333...
2022-8-24 15:16:59 | 阅读: 10 |
收藏
|
y4er.com
adapter
coyote
bytebuffer
CVE-2022-22955 VMware Workspace ONE Access OAuth2TokenResourceController Auth Bypass
参考 https://srcincite.io/blog/2022/08/11/i-am-whoever-i-say-i-am-infiltrating-vmware-workspace-one-ac...
2022-8-14 13:17:47 | 阅读: 59 |
收藏
|
y4er.com
oauth2
horizon
激活码
CVE-2022-31656 VMware Workspace ONE Access UrlRewriteFilter 权限绕过
在我之前文章中写过,vm为了修复CVE-2022-22972加了一个HostHeaderFilter,拦截了Hostname,防止身份验证被绕过,建议看过之前的洞再来看这个。Petrus Viet在U...
2022-8-14 13:11:18 | 阅读: 53 |
收藏
|
y4er.com
urlrewrite
finaltourl
tuckey
CVE-2022-35405 Zoho Password Manager Pro XML-RPC RCE
其中getRequest函数会从原始request构建XmlRpcRequest org.apache.xmlrpc.server.XmlRpcStreamServer#getRequest 1 2...
2022-7-21 10:16:7 | 阅读: 36 |
收藏
|
y4er.com
catalina
dofilter
xmlrpc
CVE-2022-35405 Zoho Password Manager Pro XML-RPC RCE
其中getRequest函数会从原始request构建XmlRpcRequest org.apache.xmlrpc.server.XmlRpcStreamServer#getRequest 1get...
2022-7-21 10:16:7 | 阅读: 71 |
收藏
|
y4er.com
catalina
xmlrpc
adventnet
xerces
CVE-2022-2143 Advantech iView NetworkServlet 命令注入RCE
闲来无事zdi1MATCH (n:Class{NAME:'javax.servlet.http.HttpServlet'})-[:EXTEND]-(c:Class)-[:HAS]->(m:Method...
2022-7-6 14:13:51 | 阅读: 118 |
收藏
|
y4er.com
iview
database
iview3
webapps
CVE-2022-2143 Advantech iView NetworkServlet 命令注入RCE
闲来无事zdi1MATCH (n:Class{NAME:'javax.servlet.http.HttpServlet'})-[:EXTEND]-(c:Class)-[:HAS]->(m:Metho...
2022-7-6 14:13:51 | 阅读: 51 |
收藏
|
y4er.com
iview
webapps
iview3
database
dotnet反序列化之并不安全的SerializationBinder
前几天看到了这篇文章,记录一下。先来一个demo,用SerializationBinder限制一下反序列化的类型。 1 2 3 4 5 6 7 8 910111213141...
2022-7-4 10:26:0 | 阅读: 19 |
收藏
|
y4er.com
binder
typename
dotnet反序列化之并不安全的SerializationBinder
前几天看到了这篇文章,记录一下。先来一个demo,用SerializationBinder限制一下反序列化的类型。 1using System; 2using System.IO; 3using...
2022-7-4 10:26:0 | 阅读: 19 |
收藏
|
y4er.com
binder
typename
CVE-2022-28219 ZOHO ManageEngine ADAudit Plus XXE到RCE
太累了,老外三天发俩洞,学不过来了。https://archives2.manageengine.com/active-directory-audit/7055/ManageEngine_ADAudi...
2022-6-30 16:38:11 | 阅读: 50 |
收藏
|
y4er.com
adsm
adventnet
domainname
ember
CVE-2022-28219 ZOHO ManageEngine ADAudit Plus XXE到RCE
太累了,老外三天发俩洞,学不过来了。https://archives2.manageengine.com/active-directory-audit/7055/ManageEngine_ADAudi...
2022-6-30 16:38:11 | 阅读: 22 |
收藏
|
y4er.com
adsm
adventnet
domainname
ember
CVE-2022-21445 Oracle ADF Faces 反序列化RCE
安装Oracle19c,安装的时候这里要选AL32UTF8接下来会卡在42%,多等一会就好了。安装fmw_12.2.1.3.0_infrastructure.jar 下一步下一步就行然后安装bi fm...
2022-6-29 16:19:41 | 阅读: 504 |
收藏
|
y4er.com
tangosol
remote
em
weblogic
CVE-2022-21445 Oracle ADF Faces 反序列化RCE
安装Oracle19c,安装的时候这里要选AL32UTF8接下来会卡在42%,多等一会就好了。安装fmw_12.2.1.3.0_infrastructure.jar 下一步下一步就行然后安装bi fm...
2022-6-29 16:19:41 | 阅读: 96 |
收藏
|
y4er.com
tangosol
em
remote
weblogic
SmarterStats 基于gRPC的RCE
老外又发洞了2016 8011版本,下载地址:https://downloads.smartertools.com/smarterstats/100.0.8011/SmarterStats_8011....
2022-6-29 16:16:59 | 阅读: 19 |
收藏
|
y4er.com
grpc
client
SmarterStats 基于gRPC的RCE
老外又发洞了2016 8011版本,下载地址:https://downloads.smartertools.com/smarterstats/100.0.8011/SmarterStats_8011....
2022-6-29 16:16:59 | 阅读: 16 |
收藏
|
y4er.com
grpc
CVE-2022-26134 Confluence Server Data Center OGNL RCE
移除了com.opensymphony.xwork.util.TextParseUtil#translateVariables的调用,跟进这个函数发现这里是ognl表达式执行点。然后走到com.atl...
2022-6-8 10:42:27 | 阅读: 23 |
收藏
|
y4er.com
xwork
代理
CVE-2022-26134 Confluence Server Data Center OGNL RCE
移除了com.opensymphony.xwork.util.TextParseUtil#translateVariables的调用,跟进这个函数发现这里是ognl表达式执行点。然后走到com.atl...
2022-6-8 10:42:27 | 阅读: 82 |
收藏
|
y4er.com
atlassian
xwork
webwork
rssresult
Follina Microsoft Office RCE with MS-MSDT Protocol
看推特发了一个好玩的office rce。最早应该是起源于nao_sec的推特然后又发现了一篇分析文章。https://doublepulsar.com/follina-a-microsoft-off...
2022-6-2 09:36:15 | 阅读: 94 |
收藏
|
y4er.com
windows
msdt
ywbhagwaywa
Follina Microsoft Office RCE with MS-MSDT Protocol
看推特发了一个好玩的office rce。最早应该是起源于nao_sec的推特然后又发现了一篇分析文章。https://doublepulsar.com/follina-a-microsoft-off...
2022-6-2 09:36:15 | 阅读: 19 |
收藏
|
y4er.com
windows
msdt
getstring
CVE-2022-22972 VMware Workspace ONE Access Authentication Bypass RCE
HW-156875-Appliance-21.08.0.1/frontend-0.1.war中增加了一个HostHeaderFilter,匹配全路由然后删除了DBConnectionCheckCont...
2022-5-27 11:31:24 | 阅读: 78 |
收藏
|
y4er.com
servername
beans
Previous
3
4
5
6
7
8
9
10
Next