Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/binganao/vulns-2022
本项目用于搜集 2022 年的漏洞,注意:本项目并不刻意搜集 POC 或 EXP,主要以CVE-2021、CVE-2022 为关键词,包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用
https://github.com/binganao/vulns-2022
Last synced: 10 days ago
JSON representation
本项目用于搜集 2022 年的漏洞,注意:本项目并不刻意搜集 POC 或 EXP,主要以CVE-2021、CVE-2022 为关键词,包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用
- Host: GitHub
- URL: https://github.com/binganao/vulns-2022
- Owner: binganao
- Created: 2022-01-15T00:31:06.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-04-17T04:01:19.000Z (over 2 years ago)
- Last Synced: 2024-11-29T11:13:21.100Z (13 days ago)
- Homepage:
- Size: 115 KB
- Stars: 380
- Watchers: 15
- Forks: 56
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- StarryDivineSky - binganao/vulns-2022 - 2021、CVE-2022 为关键词,包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用 (漏洞库、漏洞靶场 / 网络服务_其他)
- awesome-hacking-lists - binganao/vulns-2022 - 本项目用于搜集 2022 年的漏洞,注意:本项目并不刻意搜集 POC 或 EXP,主要以CVE-2021、CVE-2022 为关键词,包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用 (Others)
README
# 搜集 2022 年的漏洞
本项目用于搜集 2022 年的漏洞,**注意:** 本项目并不刻意搜集 POC 或 EXP,包含但不限于漏洞资讯、漏洞复现、漏洞分析、漏洞验证、漏洞利用
目前纯手工搜集,后期可能会加入机器人,漏洞按照更新时间逆序排序
## 命令执行
[Gitlab Enterprise Edition (13.9.5) CVE-2021-22205](https://github.com/ahmad4fifz/CVE-2021-22205)
[A Zero-Click RCE exploit for CVE-2021-0326 on the Peloton Bike](https://github.com/aemmitt-ns/skeleton)
[CVE-2022-24086 about Magento RCE](https://github.com/Mr-xn/CVE-2022-24086)
[Apache APISIX 2.12.1、Apache APISIX 2.10.4 POC(CVE-2022-24112)](https://github.com/shakeman8/CVE-2022-24112)
[向日葵远程控制软件 RCE](https://github.com/TRYblog/sunlogin_rce_)
[Remote Code Execution in TP-Link Tapo c200 IP camera](https://github.com/hacefresko/CVE-2021-4045-PoC)
[Cisco Anyconnect VPN unauth RCE(CVE-2022-20699)](https://github.com/Audiobahn/CVE-2022-20699)
[RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1(CVE-2021-45897)](https://github.com/manuelz120/CVE-2021-45897)
[CVE-2021-22204 Rxiftool RCE](https://github.com/0xBruno/CVE-2021-22204)
[HongJingEHR多个漏洞(Axis Adminservice远程代码执行漏洞、HongJingEHR未授权反序列化漏洞)](https://www.seebug.org/vuldb/ssvid-99429)
[NUUO NVRmini2 未授权RCE漏洞](https://www.seebug.org/vuldb/ssvid-99452)
[Uniview 未授权RCE漏洞 (CVE-2021-45039)](https://www.seebug.org/vuldb/ssvid-99451)
[SONICWALL SMA100 Apache httpd 未授权RCE (CVE-2021-20038)](https://attackerkb.com/topics/QyXRC1wbvC/cve-2021-20038/rapid7-analysis)
[TerraMaster TOS session 伪造、任意⽂件读取、远程命令执⾏等多个漏洞](https://packetstormsecurity.com/files/165399/terramaster-exec.py.txt)
[H2 数据库控制台未授权 RCE (CVE-2021-42392)](https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/?utm_campaign=Log4j&utm_content=004atglxq0kpxz6&utm_medium=social&utm_source=twitter)
[Atlassian Jira Server and Data Center 授权RCE漏洞 (CVE-2021-43947)](https://mp.weixin.qq.com/s/XDX5eq3UE51_yLo0Q4wZ0g)
[CVE-2021-41773 Apache HTTP Server 2.4.49 RCE](https://github.com/m96dg/CVE-2021-41773-exercise)
## 权限提升
[Linux CVE-2022-0847-DirtyPipe-Exploit](https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit)
[Windows CVE-2021-24084 Windows Local Privilege Escalation](https://github.com/exploitblizzard/WindowsMDM-LPE-0Day)
[Windows Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)](https://github.com/ly4k/SpoolFool)
[Linux polkit的pkexec 本地权限升级漏洞 EXP NO GCC(CVE-2021-4034)](https://github.com/EstamelGG/CVE-2021-4034-NoGCC)
[Linux PolKit (polkitd) 0.133 本地提权(CVE-2021-3560)](https://github.com/chenaotian/CVE-2021-3560)
[Windows Exploit for CVE-2022–22718 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)](https://github.com/ly4k/SpoolFool)
[Windows CVE-2021-1675 is a vulnerability in the Print Spooler Service of Microsoft Windows](https://github.com/AndrewTrube/CVE-2021-1675)
[Windows POC CVE-2022-21882](https://github.com/sailay1996/cve-2022-21882-poc)
[Windows win32k LPE bypass CVE-2022-21882](https://github.com/KaLendsi/CVE-2022-21882)
[Linux polkit的pkexec 本地权限升级漏洞 EXP(CVE-2021-4034)](https://github.com/arthepsy/CVE-2021-4034)
## 拒绝服务
[A-potential-Denial-of-Service-issue-in-protobuf-java](https://github.com/Mario-Kart-Felix/A-potential-Denial-of-Service-issue-in-protobuf-java)
## 代码执行
[Hotel Druid v3.0.3 Code Injection vulnerability (CVE-2022-22909)](https://github.com/0z09e/CVE-2022-22909)
[Remote Code Execution on Confluence Servers(CVE-2021-26084)](https://github.com/0xf4n9x/CVE-2021-26084)
[a-tag with the HTML injection vulnerability in CSV+ <=0.8.0(CVE-2022-21241)](https://github.com/satoki/csv-plus_vulnerability)
[POC for CVE-2022-21907: Windows HTTP协议栈远程代码执行漏洞](https://github.com/antx-code/CVE-2022-21907)
[GoAhead 远程代码执⾏漏洞 (CVE-2021-42342)](https://mp.weixin.qq.com/s/AS9DHeHtgqrgjTb2gzLJZg)
## SQL注入
[Casdoor SQL Injection (CVE-2022-24124)](https://github.com/ColdFusionX/CVE-2022-24124)
[Prestashop >= 1.7.5.0 < 1.7.8.2 - SQL injection(CVE-2021-43789)](https://github.com/numanturle/CVE-2021-43789)
[Moodle 3.11-3.11.4 SQL注入 POC(CVE-2022-0332)](https://github.com/numanturle/CVE-2022-0332)
[PhpIPAM v1.4.4 授权 SQL 注入(CVE-2022-23046)](https://github.com/jcarabantes/CVE-2022-23046)
[CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection POC](https://github.com/sagittarius-a/cve-2022-21658)
[CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection](https://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection)
[wordpress SQL注入漏洞 (CVE-2022–21661)](https://www.seebug.org/vuldb/ssvid-99431)
## 越权漏洞
[ZABBIX-监控系统 Unsafe Session Storage(CVE-2022-23131)](https://github.com/0tt7/CVE-2022-23131)
[ZABBIX-监控系统-Saml-bypass-poc(CVE-2022-23131)](https://github.com/1mxml/CVE-2022-23131)
[CVE-2022-22828 Synametrics - SynaMan version 4.9 存在越权漏洞](https://github.com/videnlabs/CVE-2022-22828)
[Hospital's Patient Records Management System 1.0(CVE-2022-22296)](https://github.com/vlakhani28/CVE-2022-22296)
[Gin-Vue-admin垂直越权漏洞与代码分析 (CVE-2022-21660)](https://github.com/UzJu/Gin-Vue-admin-poc-CVE-2022-21660)
## 信息泄露
[WebLogic 信息泄露漏洞(CVE-2022-21252)](https://www.oracle.com/security-alerts/cpujan2022.html#AppendixFMW)
[Import Export WordPress plugin(CVE-2022-0236)](https://github.com/qurbat/CVE-2022-0236)
## 容器逃逸
[Sample Ubuntu LPEs and container escapes CVE-2022-0185 分析](https://github.com/chenaotian/CVE-2022-0185)
[Sample Ubuntu LPEs and container escapes coming soon(CVE-2022-0185)](https://github.com/Crusaders-of-Rust/CVE-2022-0185)
## 外部实体
[Andrid XML外部实体引用inskylot/jadx的不当限制(CVE-2022-0219)](https://github.com/Haxatron/CVE-2022-0219)
## XSS
[Stored XSS Vulnerability on RosarioSIS 8.2.1(CVE-2021-45416)](https://github.com/dnr6419/CVE-2021-45416)
[SAS Logon 9.4 allows warning-message injection(CVE-2022-25257)](https://github.com/polling-repo-continua/CVE-2022-25257)
[Reflected XSS in TastyIgniter v3.2.2 Restaurtant CMS(CVE-2022-23378)](https://github.com/TheGetch/CVE-2022-23378)
[Stored Cross Site Scripting Sourcecodester Online Car Rental System 1.0(CVE-2021-46005)](https://github.com/nawed20002/CVE-2021-46005)
[Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1(CVE-2021-45416)](https://github.com/86x/CVE-2021-45416)
[D-Link Router DSL-2730E - Stored Cross Site Scripting (XSS)(CVE-2021-46108)](https://github.com/g-rubert/CVE-2021-46108)
[Ivanti Service Manager 2021.1 infected with reflected XSS(CVE-2021-38560)](https://github.com/os909/iVANTI-CVE-2021-38560)
[RosarioSIS 8.2.1 反射式跨站点脚本(CVE-2021-45416)](https://github.com/86x/CVE-2021-45416)
[HPRMS - 'room_list' Stored XSS(CVE-2022-22852)](https://github.com/Sant268/CVE-2022-22852/blob/main/CVE-2022-22852.md)
[HPRMS - 'doctors' Stored XSS(CVE-2022-22851)](https://github.com/Sant268/CVE-2022-22851/blob/main/CVE-2022-22851.md)
[HPRMS - 'room_types' Stored XSS(CVE-2022-22850)](https://github.com/Sant268/CVE-2022-22850/blob/main/CVE-2022-22850.md)
## 文件上传
[Spring4Shell-POC (CVE-2022-22965)](https://github.com/BobTheShoplifter/Spring4Shell-POC)
[WordPress File Upload Vulnerability, Modern Events Calendar Lite WordPress plugin before 5.16.5(CVE-2021-24145)](https://github.com/dnr6419/CVE-2021-24145)
## 文件包含
[Oracle WebLogic Server 12.1.3.0.0/12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 本地文件包含(CVE-2022-21371)](https://github.com/Mr-xn/CVE-2022-21371)
## SSRF
[Microsoft Exchange ProxyLogon PoC (CVE-2021-26855)](https://github.com/thau0x01/poc_proxylogon)
## SSTI
[VMware CVE-2022-22954 Workspace ONE Access Freemarker Server-side Template Injection](https://github.com/sherlocksecurity/VMware-CVE-2022-22954)
## 其他
[CVE-2021-45901 (ServiceNow - Username Enumeration)](https://github.com/9lyph/CVE-2021-45901)