Skip to content

vulcat-v1.1.2
Compare
Choose a tag to compare
@CLincat CLincat released this 05 Aug 06:40
· 18 commits to main since this release
vulcat-v1.1.2
b9e314d

2022.08.05
vulcat-v1.1.2

新增漏洞:

  1. ApacheHadoop YARN ResourceManager 未授权访问 (暂无编号)
  2. Gitea 1.4.0 未授权访问 (暂无编号)
  3. GitLab Pre-Auth 远程命令执行 (CVE-2021-22205)
  4. Gitlab CI Lint API未授权 SSRF (CVE-2021-22214)
  5. Grafana 8.x 插件模块文件路径遍历 (CVE-2021-43798)
  6. Ruby on Rails 路径遍历 (CVE-2018-3760)
  7. Ruby on Rails 路径穿越与任意文件读取 (CVE-2019-5418)
  8. Ruby on Rails 命令执行 (CVE-2020-8163)
  9. 蓝凌OA 任意文件读取/SSRF (CNVD-2021-28277)
  10. 用友GRP-U8 Proxy SQL注入 (CNNVD-201610-923)
  11. 用友U8 OA getSessionList.jsp 敏感信息泄漏 (暂无编号)
  12. 用友U8 OA test.jsp SQL注入 (暂无编号)

new POC:

  1. ApacheHadoop YARN ResourceManager unAuthorized (暂无编号)
  2. Gitea 1.4.0 unAuthorized (暂无编号)
  3. GitLab Pre-Auth Remote code execution (CVE-2021-22205)
  4. Gitlab CI Lint API SSRF (CVE-2021-22214)
  5. Grafana 8.x Directory traversal (CVE-2021-43798)
  6. Ruby on Rails Directory traversal (CVE-2018-3760)
  7. Ruby on Rails Directory traversal (CVE-2019-5418)
  8. Ruby on Rails Remote code execution (CVE-2020-8163)
  9. Landray-OA FileRead/SSRF (CNVD-2021-28277)
  10. Yonyou-GRP-U8 Proxy SQLinject (CNNVD-201610-923)
  11. Yonyou-U8-OA getSessionList.jsp Disclosure information (暂无编号)
  12. Yonyou-U8-OA test.jsp SQLinject (暂无编号)
Assets 3
Loading