Microsoft Exchange ACL绕过漏洞(CVE-2021-34473)

漏洞描述

Microsoft Exchange Server是微软公司的一套电子邮件服务组件。2021年8月5日，安全研究员在国外安全会议上公开了CVE-2021-34473 Microsoft ExchangeServer 远程代码执行漏洞分析及其POC。攻击者利用该漏洞可绕过相关权限验证，进而配合其他漏洞可执行任意代码，控制Microsoft ExchangeServer。

相关漏洞推荐

CVE-2022-41040: Microsoft Exchange SSRF POC

2025-09-01 | Microsoft Exchange

r0 是 nmap 脚本 r1 是 github 未经验证得 PoC Fofa: app="Microsoft-Exchange"
microsoft-exchange-panel: Microsoft Exchange Control Panel POC

2025-09-01 | Microsoft Exchange Control Panel

Publicly accessible Microsoft Exchange Server Control Panel Fofa: app="Microsoft-Exchange"...
CVE-2021-26855: Microsoft Exchange Server SSRF Vulnerability POC

2025-08-01 | Microsoft Exchange Server

This vulnerability is part of an attack chain that could allow remote code execution on Microsoft Ex...
ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440）无POC

2025-09-12 | ShowDoc

ShowDoc 2.9.5版本存在一个高危的文件上传漏洞(CVE-2021-36440)，该漏洞源于系统未能对上传文件的类型进行充分验证。攻击者可以绕过安全限制上传任意类型的危险文件，包括但不限于PH...
CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC

2025-09-01 | Cisco HyperFlex HX Data Platform

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that coul...

漏洞描述

PoC代码

相关漏洞推荐

CVE-2022-41040: Microsoft Exchange SSRF POC

microsoft-exchange-panel: Microsoft Exchange Control Panel POC

CVE-2021-26855: Microsoft Exchange Server SSRF Vulnerability POC

ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440） 无POC

CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC

ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞（CVE-2021-36440）无POC