漏洞引擎
漏洞引擎
漏洞收集整理,未经作者本人同意,谢绝转载。本文采用自己文章+外链合成,外链在文末注明来源!如有侵权请联系本人删除。所有漏洞提供漏洞利用文章和利用脚本,整理在我小密圈,链接如下:
- 项目地址:https://github.com/tdcoming/Vulnerability-engine
点 击这 里就可 以拿到文 章和利用poc
最新最热
| CVE-2019-0708 | phpstudy后门 | Jenkins Git client插件命令执行漏洞(CVE-2019-10392) | vBulletin 5.x pre-auth RCE |e-cology OA Beanshell Rce |
漏洞复现汇总
| 2019 | 2018 | 2017 | 2016 | 2015 | 其他 |
|---|---|---|---|---|---|
| CVE-2019-0708 | CVE-2018-15982_Adobe Flash 0day | CVE-2017-5638_S2-045远程代码执行漏洞 | |||
| phpstudy后门 | CVE-2018-12613_phpmyadmin 远程文件包含漏洞 | CVE-2017-7529_Nginx越界读取缓存漏洞 | |||
| CVE-2019-10392 | CVE-2018-11776_S2-057远程代码执行漏洞 | CVE-2017-7504_JBoss 4.xJBossMQ JMS 反序列化漏洞 | |||
| vBulletin 5.x pre-auth RCE | ThinkPHP5 5.0.22/5.1.29 远程代码执行漏洞 | CVE-2017-12149_JBoss 5.x/6.x 反序列化漏洞 | |||
| e-cology OA Beanshell Rce | CVE-2018-2894_WebLogic任意文件上传 | CVE-2017-12611_S2-053远程代码执行漏洞 | |||
| CVE-2019-0232_Apache Tomcat | CVE-2018-2628_WebLogic反序列化漏洞 | CVE-2017-9805_S2-052远程代码执行漏洞检查利用 | |||
| CVE-2019-1609_Harbor任意管理员注册漏洞 | CVE-2017-9791_S2-048 远程代码执行漏洞 | ||||
| CVE-2017-10271_Weblogic XMLDecoder反序列化漏洞 |
漏洞分类
Apache Http Server
| CVE | Name | CVSS |
|---|---|---|
| CVE-2019-3878 | libapache2-mod-auth-mellon – security update | 6.8 |
| CVE-2019-0227 | Apache Axis 1.4 - Remote Code Execution | 5.4 |
| CVE-2019-0220 | Apache HTTP Server 安全漏洞 | 5 |
| CVE-2019-0217 | Apache HTTP Server 竞争条件问题漏洞 | 6 |
| CVE-2019-0215 | Apache HTTP Server 访问控制错误漏洞 | 6 |
| CVE-2019-0211 | Apache HTTP Server Local Privilege Escalation Exploit | 7.2 |
| CVE-2019-0197 | Apache HTTP Server 安全漏洞 | 4.9 |
| CVE-2019-0196 | Apache httpd 安全漏洞 | 5 |
| CVE-2019-0190 | Apache HTTP Server 安全漏洞 | 5 |
| CVE-2019-0186 | Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting | 4.3 |
| CVE-2018-8021 | Apache Superset < 0.23 - Remote Code Execution | 0 |
| CVE-2018-8011 | Apache HTTP Server 安全漏洞 | 5 |
| CVE-2018-17199 | Apache HTTP Server 安全漏洞 | 5 |
| CVE-2018-17189 | Apache HTTP Server 安全漏洞 | 5 |
| CVE-2018-1335 | Apache Tika-server < 1.18 - Command Injection | 9.3 |
| CVE-2018-1333 | Apache HTTP Server 安全漏洞 | 5 |
| CVE-2018-1322 | Apache Syncope 2.0.7 - Remote Code Execution | 4 |
| CVE-2018-1312 | Apache httpd mod_auth_digest模块安全漏洞 | 6.8 |
| CVE-2018-1306 | Apache Portals Pluto 3.0.0 - Remote Code Execution | 5 |
| CVE-2018-1303 | Apache HTTP Server Empty Headers Denial of Service | 5 |
| CVE-2018-1302 | Apache HTTP Server 安全漏洞 | 4.3 |
| CVE-2018-1301 | Apache HTTP Server 安全漏洞 | 4.3 |
| CVE-2018-1283 | Apache httpd 安全漏洞 | 3.5 |
| CVE-2018-1283 | apache – multiple vulnerabilities | 3.5 |
| CVE-2018-11763 | Apache HTTP Server 安全漏洞 | 4.3 |
| CVE-2017-9805 | Apache Struts 2.5 < 2.5.12 - REST Plugin XStream Remote Code Execution | 6.8 |
| CVE-2017-9798 | Apache < 2.2.34 / < 2.4.27 - OPTIONS Memory Leak | 5 |
| CVE-2017-7668 | Apache httpd ap_find_token Out-of-Bounds Read Vulnerability | 7.5 |
| CVE-2017-7659 | Apache httpd 安全漏洞 | 5 |
| CVE-2017-7577 | Apache httpd mod_md Null Pointer Dereference Vulnerability | 5 |
| CVE-2017-6413 | Apache HTTP Server 安全漏洞 | 5 |
| CVE-2017-6062 | Apache HTTP Server 安全漏洞 | 5 |
| CVE-2017-6059 | Apache HTTP Server Ping Identity OpenID Connect authentication模块安全漏洞 | 5 |
| CVE-2017-3169 | Apache HTTPD vulnerability CVE-2017-3169 | 7.5 |
| CVE-2017-3167 | Apache httpd 安全漏洞 | 7.5 |
| CVE-2017-15710 | Apache httpd 安全漏洞 | 5 |
| CVE-2017-12171 | Apache HTTP Server 安全漏洞 | 6.4 |
| CVE-2017-10355 | Oracle Java JDK/JRE < 1.8.0.131 / Apache Xerces 2.11.0 - 'PDF/Docx' Server Side Denial of Service | 5 |
| CVE-2016-8743 | Apache HTTP Server 安全漏洞 | 5 |
| CVE-2016-8740 | Apache 2.4.23 mod_http2 - Denial of Service | 5 |
| CVE-2016-8734 | Apache Subversion mod_dontdothat模块和HTTP客户端安全漏洞 | 4 |
| CVE-2016-6816 | Apache Tomcat 6/7/8/9 - Information Disclosure | 6.8 |
| CVE-2016-5387 | Apache HTTP Server httpoxy 安全漏洞 | 5.1 |
| CVE-2016-4979 | Apache HTTPD WebServer 安全漏洞 | 5 |
| CVE-2016-4975 | Apache HTTP Server 安全漏洞 | 4.3 |
| CVE-2016-2161 | Apache HTTP Server 安全漏洞 | 5 |
| CVE-2016-1546 | Apache HTTP Server 拒绝服务漏洞 | 4.3 |
| CVE-2016-1000104 | Apache HTTP Server mod_fcgid模块安全绕过漏洞 | None |
| CVE-2016-0784 | Apache OpenMeetings 1.9.x < 3.1.0 - '.ZIP' File Directory Traversal | 4 |
| CVE-2016-0736 | Apache mod_session_crypto - Padding Oracle | 5 |
| CVE-2015-5262 | Apache HttpComponents HttpClient 拒绝服务漏洞 | 4.3 |
| CVE-2015-3185 | Apache HTTP Server 权限许可和访问控制漏洞 | 4.3 |
| CVE-2015-3183 | Apache HTTP Server 输入验证漏洞 | 5 |
| CVE-2015-0253 | Apache HTTP Server 拒绝服务漏洞 | 5 |
| CVE-2015-0228 | Apache HTTP Server mod_lua模块输入验证漏洞 | 5 |
| CVE-2014-8109 | Apache HTTP Server mod_lua模块权限许可和访问控制漏洞 | 4.3 |
| CVE-2014-6278 | Apache shell shock 漏洞 | 10 |
| CVE-2014-5329 | Apache - Denial of Service | None |
| CVE-2014-5329 | Apache - Remote Memory Exhaustion (Denial of Service) | None |
| CVE-2014-3583 | Apache HTTP Server 拒绝服务漏洞 | 5 |
| CVE-2014-3581 | Apache HTTP Server 拒绝服务漏洞 | 5 |
| CVE-2014-3580 | Apache Subversion mod_dav_svn Apache HTTPD服务器安全漏洞 | 5 |
| CVE-2014-3577 | Apache HttpComponents HttpClient和HttpAsyncClient 安全漏洞 | 5.8 |
| CVE-2014-2668 | Apache CouchDB 1.5.0 - 'uuids' Denial of Service | 5 |
| CVE-2014-0242 | Apache mod_wsgi - Information Disclosure | None |
| CVE-2014-0231 | Apache HTTP Server mod_cgid模块资源管理错误漏洞 | 5 |
| CVE-2014-0226 | Apache 2.4.7 mod_status - Scoreboard Handling Race Condition | 6.8 |
| CVE-2014-0118 | Apache HTTP Server mod_deflate模块资源管理错误漏洞 | 4.3 |
| CVE-2014-0117 | Apache HTTP Server mod_proxy模块输入验证漏洞 | 4.3 |
| CVE-2014-0098 | Apache HTTP Server 拒绝服务漏洞 | 5 |
| CVE-2014-0050 | Apache Commons FileUpload and Apache Tomcat - Denial of Service | 7.5 |
| CVE-2013-6438 | Apache HTTP Server Multiple Denial of Service Vulnerabilities | 5 |
| CVE-2013-5704 | Apache HTTP Server mod_headers模块权限许可和访问控制漏洞 | 5 |
| CVE-2013-4566 | mod_nss 权限许可和访问控制漏洞 | 4 |
| CVE-2013-4365 | Apache mod_fcgid | 5 |
| CVE-2013-4352 | Apache HTTP Server mod_cache模块拒绝服务漏洞 | 4.3 |
| CVE-2013-4295 | Apache Shindig - XML External Entity Information Disclosure | 5 |
| CVE-2013-4212 | Apache Roller - OGNL Injection (Metasploit) | 6.8 |
| CVE-2013-2249 | Apache HTTP Server mod_session_dbd模块mod_session_dbd.c 安全漏洞 | 7.5 |
| CVE-2013-2248 | Apache Struts 2.2.3 - Multiple Open Redirections | 5.8 |
| CVE-2013-1896 | Apache HTTP Server mod_dav.c 拒绝服务漏洞 | 4.3 |
| CVE-2013-1884 | Apache Subversion - Remote Denial of Service | 5 |
| CVE-2013-1847 | Apache Subversion 1.6.x - 'mod_dav_svn/lock.c' Remote Denial of Service | 5 |
| CVE-2013-1814 | Apache Rave 0.11 < 0.20 - User Information Disclosure | 4 |
| CVE-2013-1048 | Apache HTTP Server 'apache2 package squeeze'权限许可和访问控制漏洞 | 4.6 |
| CVE-2013-1048 | Apache HTTP Server 'apache2 package squeeze'权限许可和访问控制漏洞 | 4.6 |
| CVE-2013-0177 | Apache OFBiz 10.4.x - Multiple Cross-Site Scripting Vulnerabilities | 3.5 |
| CVE-2012-4558 | Apache HTTP Server Multiple Cross Site Scripting Vulnerabilities | 4.3 |
| CVE-2012-4557 | Apache HTTP Server ‘mod_proxy_ajp’模块资源管理错误漏洞 | 5 |
| CVE-2012-4360 | Apache HTTP Server ‘mod_pagespeed’模块跨站脚本漏洞 | 4.3 |
| CVE-2012-4001 | Apache HTTP Server ‘mod_pagespeed’模块输入验证漏洞 | 5 |
| CVE-2012-3526 | Apache.HTTP.Server.mod_rpaf.X_Forwarded_For.DoS | 5 |
| CVE-2012-3502 | Apache HTTP Server HTML | 4.3 |
| CVE-2012-3499 | Apache HTTP Server 多个跨站脚本漏洞 | 4.3 |
| CVE-2012-2687 | Apache HTTP Server 多个跨站脚本漏洞 | 2.6 |
| CVE-2012-1181 | Apache HTTP Server ‘fcgid_spawn_ctl.c’ 内存破坏漏洞 | 5 |
| CVE-2012-0883 | Apache HTTP Server ‘LD_LIBRARY_PATH’ 权限许可和访问控制漏洞 | 6.9 |
| CVE-2012-0053 | Error_Code_400_httpOnly_Cookie_Handling_Information_Disclosure | 4.3 |
| CVE-2012-0031 | Apache HTTP Server Scoreboard本地安全限制绕过漏洞 | 4.6 |
| CVE-2011-4973 | mod_nss Module 身份验证绕过漏洞 | 7.5 |
| CVE-2011-4415 | Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow | 1.2 |
| CVE-2011-4367 | Apache MyFaces - 'ln' Information Disclosure | 5 |
| CVE-2011-4317 | Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass | 4.3 |
| CVE-2011-3639 | Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass | 4.3 |
| CVE-2011-3607 | Apache < 2.0.64 / < 2.2.21 mod_setenvif - Integer Overflow Vulnerability | 4.4 |
| CVE-2011-3368 | Apache mod_proxy - Reverse Proxy Exposure | 5 |
| CVE-2011-3348 | Apache HTTP Server mod_proxy_ajp拒绝服务漏洞 | 4.3 |
| CVE-2011-3192 | Apache HTTP Server拒绝服务漏洞 | 7.8 |
| CVE-2011-1928 | Apache HTTP Server APR 'apr_fnmatch()'无限循环拒绝服务漏洞 | 4.3 |
| CVE-2011-1498 | Apache Http Components HttpClient敏感信息泄露漏洞 | 4.3 |
| CVE-2011-0715 | Apache HTTP服务器’mod_dav_svn’模块空指针引用漏洞 | 4.3 |
| CVE-2011-0419 | Apache 1.4/2.2.x - APR 'apr_fnmatch()' Denial of Service | 4.3 |
| CVE-2010-3863 | Apache Shiro - Directory Traversal | 5 |
| CVE-2010-3449 | Apache Archiva 1.0 < 1.3.1 - Cross-Site Request Forgery | 6.8 |
| CVE-2010-2791 | Apache HTTP服务 'mod_proxy’信息泄露漏洞 | 5 |
| CVE-2010-2103 | Apache Axis2 Administration Console - (Authenticated) Cross-Site Scripting | 4.3 |
| CVE-2010-2068 | Apache HTTP Server mod_proxy_http信息泄露漏洞 | 5 |
| CVE-2010-1623 | Apache Web Server, Remote Information Disclosure, Cross-Site Scripting (XSS), Denial of Service (DoS) | 5 |
| CVE-2010-1587 | Apache ActiveMQ 5.2/5.3 - Source Code Information Disclosure | 5 |
| CVE-2010-1452 | Apache HTTP Server多个远程拒绝服务漏洞 | 5 |
| CVE-2010-1151 | Apache HTTP服务器mod_auth_shadow模块竞争条件漏洞 | 6.8 |
| CVE-2010-0434 | Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution | 4.3 |
| CVE-2010-0425 | Apache 2.2.14 mod_isapi - Dangling Pointer Remote SYSTEM | 10 |
| CVE-2010-0010 | Apache.mod_proxy.ap_proxy_send_fb.Integer.DoS | 6.8 |
| CVE-2009-3095 | Apache HTTP Server mod_proxy_ftp远程命令注入漏洞 | 7.5 |
| CVE-2009-2823 | Apple Mac OS X “Apache HTTP Server” 跨站脚本攻击漏洞 | 4.3 |
| CVE-2009-2699 | Apache HTTP Server Solaris Event Port Pollset Support 远程拒绝服务漏洞 | 5 |
| CVE-2009-1955 | Apache mod_dav / svn - Remote Denial of Service | 7.8 |
| CVE-2009-1195 | Apache HTTP Server AllowOverride选项绕过安全限制漏洞 | 4.9 |
| CVE-2009-0796 | Apache mod_perl - 'Apache::Status' / 'Apache2::Status' Cross-Site Scripting | 2.6 |
| CVE-2009-0026 | Apache JackRabbit 1.4/1.5 Content Repository (JCR) - 'swr.jsp?q' Cross-Site Scripting | 4.3 |
| CVE-2008-5518 | Apache Geronimo 2.1.3 - Multiple Directory Traversal Vulnerabilities | 9.4 |
| CVE-2008-2939 | Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting Vulnerability | 4.3 |
| CVE-2008-2168 | Apache HTTP服务器403 Error页面跨站脚本漏洞 | 4.3 |
| CVE-2008-0456 | Apache HTTP Server mod_negotiation HTTP响应分裂漏洞 | 2.6 |
| CVE-2008-0455 | Apache HTTP Server mod_negotiation Filename Handling Cross Site Scripting | 4.3 |
| CVE-2008-0005 | Apache.mod_proxy.Ftp.Undefined.Charset.UTF-7.XSS | 4.3 |
| CVE-2007-6750 | Apache HTTP Server拒绝服务漏洞 | 5 |
| CVE-2007-6514 | Apache HTTP Server Windows Share PHP File Extension Mapping 信息泄露漏洞 | 4.3 |
| CVE-2007-6422 | Apache HTTP Server 'mod_proxy_balancer’远程拒绝服务漏洞 | 4 |
| CVE-2007-6421 | Apache HTTP Server ‘mod_proxy_balancer’ 跨站脚本攻击漏洞 | 3.5 |
| CVE-2007-6388 | Apache HTTP Server ‘mod_status’ 跨站脚本攻击漏洞 | 4.3 |
| CVE-2007-6203 | Apache 2.2.4 - 413 Error HTTP Request Method Cross-Site Scripting | 4.3 |
| CVE-2007-5000 | Apache.mod_imagemap.Module.XSS | 4.3 |
| CVE-2007-4723 | Apache Software Foundation Apache HTTP Server 授权问题漏洞 | 7.5 |
| CVE-2007-4049 | Apache HTTP服务器 printenv.pl 跨站脚本漏洞 | None |
| CVE-2007-3847 | TSL20070823-26 Apache HTTP Server mod_proxy Crafted Date Handling Denial of Service | 5 |
| CVE-2007-3304 | Apache HTTP Server Worker进程多个本地拒绝服务漏洞 | 4.7 |
| CVE-2007-3303 | Apache Software Foundation Apache HTTP Server 代码注入漏洞 | 4.9 |
| CVE-2007-3101 | Apache MyFaces Tomahawk JSF Framework 1.1.5 - 'Autoscroll' Cross-Site Scripting | 4.3 |
| CVE-2007-2353 | Apache AXIS 1.0 - Non-Existent WSDL Path Information Disclosure | 5 |
| CVE-2007-1863 | Apache HTTP Server Mod_Cache模块拒绝服务漏洞 | 5 |
| CVE-2007-1860 | Apache mod_jk | 5 |
| CVE-2007-1743 | Apache HTTP Server suexec 任意文件创建漏洞 | 4.4 |
| CVE-2007-1742 | Apache HTTP Server suexec 权限许可和访问控制漏洞 | 3.7 |
| CVE-2007-1741 | Apache HTTPD suexec多个本地权限提升漏洞 | 6.2 |
| CVE-2007-1359 | Apache mod_security | 6.8 |
| CVE-2007-0450 | Apache HTTP Server Tomcat远程目录访问漏洞 | 5 |
| CVE-2007-0419 | Apache HTTP服务器BEA WebLogic 协议错误拒绝服务攻击漏洞 | 5 |
| CVE-2007-0086 | Apache HTTP服务器Range拒绝服务攻击漏洞 | 7.8 |
| CVE-2006-7098 | Apache 1.3.34/1.3.33 (Ubuntu / Debian) - CGI TTY Privilege Escalation | 6.6 |
| CVE-2006-5752 | Apache HTTP Server Mod_Status模块跨站脚本漏洞 | 4.3 |
| CVE-2006-4154 | Apache HTTP Server mod_tcl Module Format String Vulnerability | 6.8 |
| CVE-2006-4110 | Apache 2.2.2 - CGI Script Source Code Information Disclosure | 4.3 |
| CVE-2006-3918 | Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security | 4.3 |
| CVE-2006-3918 | Apache HTTP Expect header handling | 4.3 |
| CVE-2006-3747 | Apache mod_rewrite - LDAP protocol Buffer Overflow (Metasploit) | 7.6 |
| CVE-2006-0254 | Apache Geronimo 1.0 - Error Page Cross-Site Scripting | 4.3 |
| CVE-2006-0150 | Apache HTTP Server auth_ldap Logging Function Format String Vulnerability | 7.5 |
参考链接
- SecPulse安全脉搏
- 亚信安全网络攻防实验室
- 洛米唯熊
- 释然IT杂谈
- 清水博客