漏洞描述
EMC HomeBase为异构环境提供了真正独立于硬件的服务器保护、迁移和恢复解决方案。 EMC HomeBase Server 6.2.3之前的6.2.x版本,6.3.2之前的6.3.x版本中的SSL服务没有正确地过滤参数中的“../”目录遍历符。远程攻击者可以指定任意文件名向服务器上传任意文件。
EMC HomeBase Server SSL服务目录遍历任意文件上传漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2020-9314: Oracle iPlanet Web Server 7.0.x - Image Injection
- POC CVE-2025-36845: Eveo URVE Web Manager - Server-Side Request Forgery
- POC CVE-2025-56520: Dify v1.6.0 - Server-Side Request Forgery
- POC CVE-2026-21859: Mailpit < 1.28.3 - Server-Side Request Forgery
- POC firebase-fcm-server-key-disclosure: Firebase Cloud Messaging - Server Key Disclosure
- POC ezservermonitor-exposure: eZ Server Monitor - Exposure
- 天锐绿盾审批系统 fileServer 信息泄露漏洞
- POC CVE-2020-9039: Couchbase Server - Broken Access Control
- POC wp-jetpack-ssrf: Wordpress Jetpack plugin - Server Side Request Forgery
- POC CVE-2019-11253: Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
- POC CVE-2020-25200: Pritunl VPN Server 1.29.2145.25 - Username Enumeration
- POC CVE-2021-22175: GitLab CI Lint API - Server-Side Request Forgery
- POC CVE-2023-33193: Emby Server - Authentication Bypass