One 、 Open source operation and maintenance monitoring

（ One ）Jenkins

• Jenkins Path traversal arbitrary file write vulnerability （CVE-2019-10352）
• Jenkins Git client Plug in Command Execution Vulnerability (CVE-2019-10392)
• Jenkins Historical exploiter —— Sploitus | Exploit & Hacktool Search Engine

（ Two ）Zabbix

• CVE-2020-11800 Zabbix Remote code execution vulnerability
• Zabbix Medium CSRF To RCE（CVE-2021-27927）
• Zabbix 2.2 - 3.0.3 Remote code execution vulnerability
• Zabbix Agent 3.0.1 mysql.size shell Command injection (CVE-2016-4338)
• Zabbix Historical exploiter —— Sploitus | Exploit & Hacktool Search Engine

（ 3、 ... and ）Nagios

• Nagios XI 5.6.9 Remote code execution vulnerability （CVE-2019-20197）
• nagios-xi-5.7.5 Multiple vulnerabilities （CVE-2021-25296~99）
• Nagios Code injection vulnerability (CVE-2021-3273)
• Nagios XI 5.5.10: XSS to RCE
• Nagios Historical exploiter —— Sploitus | Exploit & Hacktool Search Engine

  Two 、 database

️MDAT A variety of mainstream database attack tools

（ One ）Mysql

• Mysql Raise the right (CVE-2016-6663、CVE-2016-6664 Combined practice )
• Mysql Summary of database penetration and vulnerability utilization
• Mysql Into the album
• Higher version MySQL And UDF Raise the right
• Mysql A collection of historical loopholes —— Sploitus | Exploit & Hacktool Search Engine

Sploitus | Exploit & Hacktool Search Engine

 （ Two ）Mssql

• Mssql Use posture to organize ( The arrangement is quite complete )
• Mssql Summary of database command execution ——https://xz.aliyun.com/t/7534
• utilize mssql Simulate login authorization
• advanced MSSQL Injection techniques ——https://xz.aliyun.com/t/8513
• MSSQL Use CLR Assembly to execute commands ——https://xz.aliyun.com/t/6682

（ 3、 ... and ）Redis

• Redis Summary of unauthorized access exploit ——https://xz.aliyun.com/t/256
• Redis 4.x RCE——https://xz.aliyun.com/t/5616
• redis Use posture to collect ——redis Use posture to collect – WebShell'S Blog
• Redis A collection of historical loopholes —— Sploitus | Exploit & Hacktool Search Engine
• adopt Redis The master and slave write lossless documents ——https://github.com/r35tart/RedisWriteFile

  3、 ... and 、OA System

（ One ） Pan Wei (Weaver-Ecology-OA)

• Pan Wei OA E-cology RCE(CNVD-2019-32204)- Affects version 7.0/8.0/8.1/9.0——https://xz.aliyun.com/t/6560
• Pan Wei OA WorkflowCenterTreeData Interface injection ( limit oracle database )—— Pan Wei OA WorkflowCenterTreeData Interface injection recurrence （ Limited to oracle database ） - You know
• Pan Wei ecology OA Database configuration information disclosure —— Pan Wei ecology OA Database configuration information disclosure - Whisper softly - Blog Garden
• Pan Wei OA Cloud Bridge arbitrary file reading - influence 2018-2019 Multiple versions —— Pan Wei OA Cloud Bridge does not authorize any file to read - Falling leaves in the rain - Blog Garden
•   Pan Wei e-cology OA The front desk SQL Inject holes —— Pan Wei e-cology OA The front desk SQL Inject holes - syyh-01 - Blog Garden
• Pan Wei OA System com.eweaver.base.security.servlet.LoginAction Parameters keywordid SQL Inject holes ——https://www.seebug.org/vuldb/ssvid-91089
• Pan Wei OA sysinterface/codeEdit.jsp Page arbitrary file upload ——
  Pan Wei ecology OA Database configuration information disclosure - Whisper softly - Blog Garden
• Pan Wei ecology OA Database configuration information disclosure ——https://www.seebug.org/vuldb/ssvid-90524

（ Two ） Zhiyuan (Seeyon)

• Zhiyuan OA A8 htmlofficeservlet getshell Loophole —— Zhiyuan OA A8 htmlofficeservlet getshell Loophole - _nul1 - Blog Garden
• Zhiyuan OA Session Leak vulnerability —— Zhiyuan OA Session Leak vulnerability - Web Security - Zhihui community
• Zhiyuan OA A6 search_result.jsp sql Inject holes —— Application security - Tools | frame - Zhiyuan OA - Vulnerability summary - 7hang - Blog Garden
• Zhiyuan OA A6 setextno.jsp sql Inject holes —— Application security - Tools | frame - Zhiyuan OA - Vulnerability summary - 7hang - Blog Garden
• Zhiyuan OA A6 Reset database account password vulnerability —— Application security - Tools | frame - Zhiyuan OA - Vulnerability summary - 7hang - Blog Garden
• Zhiyuan OA A8 Unauthorized access —— Application security - Tools | frame - Zhiyuan OA - Vulnerability summary - 7hang - Blog Garden
• Zhiyuan OA A8-v5 Any user password change —— Zhiyuan A8-V5 There is an arbitrary user password modification vulnerability | wooyun-2015-0104942| WooYun.org
• Zhiyuan OA A8-m Background universal password
• Zhiyuan OA Sail soft report component The front desk XXE Loophole ——LandGrey's Blog
• Zhiyuan OA Sail soft report component reflective XSS&SSRF Loophole - Thinks:@LandGrey——LandGrey's Blog

（ 3、 ... and ） Kingdee OA(Kingdee OA)

Kingdee collaborative office system GETSHELL Loophole ——https://www.seebug.org/vuldb/ssvid-93826

（ Four ） Accessible OA(TongDa OA)

• Accessible OA Delete any file & Upload files RCE——https://xz.aliyun.com/t/8430
• Accessible OA Upload any file / File contains GetShell——https://xz.aliyun.com/t/7437
• Accessible OA <11.5 edition Any user login —— Accessible OA Recurrence of arbitrary user login vulnerability – Adminxe's Blog
• Accessible OA 11.2 backstage getshell—— Accessible OA 11.2 backstage getshell Loophole recurrence - Falling leaves in the rain - Blog Garden
• Accessible OA 11.7 backstage sql Inject getshell Loophole —— Accessible OA 11.7 backstage sql Inject getshell Loophole recurrence - Falling leaves in the rain - Blog Garden
• Accessible OA 11.7 unauthorized RCE—— Accessible OA11.7 Use new ideas （ attach EXP）
• Accessible OA 11.8 Background low permission Getshell——https://paper.seebug.org/1499/