|
name,description,product,impact,recommendation,tags,name_en,description_en,product_en,impact_en,recommendation_en,tags_en,cve_id,fofa_query,asset_count,cvss,demo_gif_url,released_at |
|
"JetBrains TeamCity 权限绕过漏洞(CVE-2024-27198 & CVE-2024-27199)","JetBrains TeamCity是一款由JetBrains开发的持续集成和持续交付(CI/CD)服务器。它提供了一个功能强大的平台,用于自动化构建、测试和部署软件项目。TeamCity旨在简化团队协作和软件交付流程,提高开发团队的效率和产品质量。JetBrains TeamCity 在 2023.11.4 版本之前存在认证绕过漏洞。攻击者可以利用该漏洞绕过认证机制,直接执行管理员操作,并结合后台功能,攻击者可通过该漏洞在服务器端任意执行系统命令,写入后门,获取服务器权限,进而控制整个web服务器。","JET_BRAINS-TeamCity","JetBrains TeamCity 在 2023.11.4 版本之前存在认证绕过漏洞。攻击者可以利用该漏洞绕过认证机制,直接执行管理员操作,并结合后台功能,攻击者可通过该漏洞在服务器端任意执行系统命令,写入后门,获取服务器权限,进而控制整个web服务器。","1、厂商已发布解决方案,请更新到最新版本:https://www.jetbrains.com/teamcity/2、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。3、如⾮必要,禁⽌公⽹访问该系统。","命令执行,权限绕过","JetBrains TeamCity permission bypass vulnerability (CVE-2024-27198 & CVE-2024-27199)","JetBrains TeamCity is a continuous integration and continuous delivery (CI/CD) server developed by JetBrains. It provides a powerful platform for automating the building, testing and deployment of software projects. TeamCity aims to simplify team collaboration and software delivery processes, improve development team efficiency and product quality.JetBrains TeamCity has an authentication bypass vulnerability before version 2023.11.4. An attacker can use this vulnerability to bypass the authentication mechanism and directly perform administrator operations. Combined with the background function, the attacker can use this vulnerability to execute arbitrary system commands on the server side, write backdoors, obtain server permissions, and then control the entire web server.","JET_BRAINS-TeamCity","JetBrains TeamCity has an authentication bypass vulnerability before version 2023.11.4. An attacker can use this vulnerability to bypass the authentication mechanism and directly perform administrator operations. Combined with the background function, the attacker can use this vulnerability to execute arbitrary system commands on the server side, write backdoors, obtain server permissions, and then control the entire web server.","1. The manufacturer has released a solution, please update to the latest version: https://www.jetbrains.com/teamcity/2. Set access policies through security devices such as firewalls and set whitelist access.3. If necessary, prohibit public network access to the system.","Command Execution,Permission Bypass","CVE-2024-27199","header=""Teamcity"" || banner=""Teamcity"" || title=""TeamCity"" || body=""content=\""TeamCity (Log in to TeamCity""","141734","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Apache Druid Kafka Connect 远程代码执行漏洞(CVE-2023-25194)","Apache Druid 是一个开源的分布式数据存储和分析系统。它设计用于处理大规模的实时数据,并提供快速的交互式查询和分析。Apache Druid 使用了存在漏洞的 Kafka Connect,攻击者可访问Kafka Connect Worker,且可以创建或修改连接器时,通过设置sasl.jaas.config属性为恶意类,进而可导致JNDI注入漏洞,可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","APACHE-Druid","Apache Druid 使用了存在漏洞的 Kafka Connect,攻击者可访问Kafka Connect Worker,且可以创建或修改连接器时,通过设置sasl.jaas.config属性为恶意类,进而可导致JNDI注入漏洞,可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz2、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。3、如⾮必要,禁⽌公⽹访问该系统。","代码执行","Apache Kafka Connect remote code execution vulnerability (CVE-2023-25194)","Apache Druid is an open source distributed data storage and analysis system. It is designed to handle large-scale real-time data and provide fast interactive query and analysis.Apache Druid uses the vulnerable Kafka Connect. An attacker can access the Kafka Connect Worker and create or modify the connector by setting the sasl.jaas.config attribute to a malicious class, which can lead to a JNDI injection vulnerability. This vulnerability can be used Execute code arbitrarily on the server side, write backdoors, obtain server permissions, and then control the entire web server.","APACHE-Druid","Apache Druid uses the vulnerable Kafka Connect. An attacker can access the Kafka Connect Worker and create or modify the connector by setting the sasl.jaas.config attribute to a malicious class, which can lead to a JNDI injection vulnerability. This vulnerability can be used Execute code arbitrarily on the server side, write backdoors, obtain server permissions, and then control the entire web server.","1. Currently, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz2. Set access policies through security devices such as firewalls and set whitelist access.3. If necessary, prohibit public network access to the system.","Code Execution","CVE-2023-25194","body=""Apache Druid console"" || title=""Apache Druid"" || header=""unified-console.html"" || banner=""unified-console.html""","2935","8.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"ComfyUI follow_symlinks 文件读取漏洞(CVE-2024-23334)","ComfyUI 是一个功能强大的模块化的稳定扩散 GUI、API 和后端。它提供了一个图形/节点界面,用于设计和管理稳定扩散管道。ComfyUI 使用低版本的 aiohttp 组件作为 Web 服务器并配置静态路由,启用了 follow_symlinks 选项,导致存在任意文件读取漏洞。攻击者可通过该漏洞读取泄露源码、数据库配置⽂件等等,导致⽹站处于极度不安全状态。","ComfyUI","ComfyUI 使用低版本的 aiohttp 组件作为 Web 服务器并配置静态路由,启用了 follow_symlinks 选项,导致存在任意文件读取漏洞。攻击者可通过该漏洞读取泄露源码、数据库配置⽂件等等,导致⽹站处于极度不安全状态。","1、在 server.py 中禁用 follow_symlinks=True 选项。2、使用反向代理服务器(例如nginx)处理静态资源。3、如⾮必要,禁⽌公⽹访问该系统。","文件读取","ComfyUI follow_symlinks File Read Vulnerability (CVE-2024-23334)","ComfyUI is a powerful, modular stable diffusion GUI, API, and backend. It provides a graphical/node interface for designing and managing stable diffusion pipelines.ComfyUI uses a low version of aiohttp as a web server and configures static routes with the follow_symlinks option enabled, leading to an arbitrary file read vulnerability. The vulnerability allows an attacker to read leaked source code, database configuration files, etc., resulting in a highly insecure web site.","ComfyUI","ComfyUI uses a lower version of the aiohttp component as the web server and configures static routing with the follow_symlinks option enabled, resulting in an arbitrary file reading vulnerability. Attackers can use this vulnerability to read leaked source code, database configuration files, etc., causing the website to be in an extremely unsafe state.","1. Disable the follow_symlinks=True option in server.py.2. Use a reverse proxy server (e.g. nginx) for static resources.3. If not necessary, keep the system off the public web.","File Read","CVE-2024-23334","title=""ComfyUI""","1564","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"kafka-ui messages 远程代码执行漏洞(CVE-2023-52251)","kafka-ui 项目是由 Provectus 公司开发和维护的,旨在为 Kafka 用户提供一个可视化管理工具,简化 Kafka 集群的管理和监控任务。kafka-ui 在 /api/clusters/local/topics/{topic}/messages 的 q 参数中存在远程代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","kafka-ui","kafka-ui 在 /api/clusters/local/topics/{topic}/messages 的 q 参数中存在远程代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://github.com/provectus/kafka-ui;2、通过防火墙等安全设备设置访问策略,设置白名单访问;3、如非必要,禁止公网访问该系统。","代码执行","kafka-ui messages remote code execution vulnerability (CVE-2023-52251)","The kafka-ui project is developed and maintained by Provectus Company and aims to provide Kafka users with a visual management tool to simplify the management and monitoring tasks of Kafka clusters.kafka-ui has a remote code execution vulnerability in the q parameter of /api/clusters/local/topics/{topic}/messages. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then Control the entire web server.","kafka-ui","kafka-ui has a remote code execution vulnerability in the q parameter of /api/clusters/local/topics/{topic}/messages. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then Control the entire web server.","1. The vulnerability has not been officially fixed yet. Users are advised to contact the manufacturer to fix the vulnerability: https://github.com/provectus/kafka-ui;2. Set access policies through security devices such as firewalls and set whitelist access;3. Unless necessary, it is prohibited to access the system from the public network.","Code Execution","CVE-2023-52251","body=""fonts/RobotoMono-Regular.ttf"" || body=""/fonts/RobotoMono-Medium.ttf"" || body=""UI for Apache Kafka""","6503","8.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress Bricks render_element 远程代码执行漏洞(CVE-2024-25600)","WordPress Bricks 一个创新的、社区驱动的、可视化的WordPress网站构建器,使您能够设计独特、高性能且可扩展的网站。WordPress Bricks 存在远程代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","wordpress-bricks","WordPress Bricks 存在远程代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、目前厂商已发布升级补丁,请关注官方网站及时下载更新:https://bricksbuilder.io/2、如非必要,禁止公网访问该系统。","代码执行","WordPress Bricks render_element Remote Code Execution Vulnerability (CVE-2024-25600)","WordPress Bricks is an innovative, community driven, and visual WordPress website builder that allows you to design unique, high-performance, and scalable websites.WordPress Bricks has a remote code execution vulnerability, which allows attackers to execute code arbitrarily on the server side, write backdoors, gain server privileges, and then control the entire web server.","WordPress-Bricks","WordPress Bricks has a remote code execution vulnerability, which allows attackers to execute code arbitrarily on the server side, write backdoors, gain server privileges, and then control the entire web server.","1. Currently, the manufacturer has released an upgrade patch. Please pay attention to the official website to download updates in time: https://bricksbuilder.io/2. Unless necessary, it is prohibited to access the system from the public network.","Code Execution","CVE-2024-25600","body=""/wp-content/themes/bricks""","25433","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"绿盟 Web 应用防火墙代 upgrade 模块文件上传漏洞","绿盟 Web 应用防火墙(NSFOCUS WAF),提供静态规则、动态语法语义分析为一体的智慧防护模型,保障网站应用免受已知、未知攻击;基于用户视角,提供本地、云端统一管理方案;开放产品全API化能力,灵活对接各种安全平台,解决不同规模客户使用需求。绿盟 Web 应用防火墙(NSFOCUS WAF)upgrade 模块存在文件上传漏洞,攻击者可通过该漏洞在服务器端写入后门,获取服务器权限,进而控制整个web服务器。","NSFOCUS-WAF","绿盟 Web 应用防火墙(NSFOCUS WAF)upgrade 模块存在文件上传漏洞,攻击者可通过该漏洞在服务器端写入后门,获取服务器权限,进而控制整个web服务器。","1、厂商已发布解决方案,请更新到最新版本:http://update.nsfocus.com/update/listWafV67Detail/v/sys60702、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。3、如⾮必要,禁⽌公⽹访问该系统。","文件上传","NSFOCUS WAF upgrade module file upload vulnerability","NSFOCUS Web Application Firewall (NSFOCUS WAF) provides an intelligent protection model integrating static rules and dynamic syntax and semantic analysis to protect website applications from known and unknown attacks; based on the user's perspective, it provides local and cloud unified management solutions; an open product Full API capabilities, flexible integration with various security platforms, and solution to the needs of customers of different sizes.There is a file upload vulnerability in the upgrade module of NSFOCUS Web Application Firewall (NSFOCUS WAF). An attacker can use this vulnerability to write a backdoor on the server side, obtain server permissions, and then control the entire web server.","NSFOCUS-WAF","There is a file upload vulnerability in the upgrade module of NSFOCUS Web Application Firewall (NSFOCUS WAF). An attacker can use this vulnerability to write a backdoor on the server side, obtain server permissions, and then control the entire web server.","1. The manufacturer has released a solution, please update to the latest version: http://update.nsfocus.com/update/listWafV67Detail/v/sys60702. Set access policies through security devices such as firewalls and set whitelist access.3. If necessary, prohibit public network access to the system.","File Upload","","(title==""WAF NSFOCUS"" && body=""/images/logo/nsfocus.png"") || (cert=""Email Address: liuzhixu@intra.nsfocus.com "" && cert=""CommonName: WAFG2"") || header=""NSFOCUS VMWAF"" || banner=""NSFOCUS VMWAF""","787","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"ConnectWise ScreenConnect 身份验证绕过漏洞(CVE-2024-1709)","ConnectWise ScreenConnect ,是一款自托管的远程桌面软件应用,该款软件允许用户自行托管,可以在自己的服务器、个人电脑、虚拟机或虚拟专用服务器上运行。低于 ScreenConnect 23.9.8 版本的产品中,存在身份验证漏洞,攻击者可以注册账户,并登陆到产品后台进行一系列操作。并且可以通过 ScreenConnect 的原有功能进行命令的执行。","CONNECTWISE-Control-Remote-Support","低于 ScreenConnect 23.9.8 版本的产品中,存在身份验证漏洞,攻击者可以注册账户,并登陆到产品后台进行一系列操作。并且可以通过 ScreenConnect 的原有功能进行命令的执行。","厂商已发布了漏洞修复程序:https://control.connectwise.com/support临时修复方案:1. 可以配置安全防护策略,检测对路径段 SetupWizard.aspx 发起的请求。2. 设置访问权限对敏感的路径,例如Access等路径进行拦截。","权限绕过","ConnectWise ScreenConnect Authentication Bypass Vulnerability","ConnectWise ScreenConnect is a self-hosted remote desktop software application that allows users to self-host and run on their own server, PC, virtual machine or virtual private server.There is an authentication vulnerability in products earlier than ScreenConnect 23.9.8. An attacker can register an account and log in to the product backend to perform a series of operations. And commands can be executed through the original functions of ScreenConnect.","CONNECTWISE-Control-Remote-Support","There is an authentication vulnerability in products earlier than ScreenConnect 23.9.8. An attacker can register an account and log in to the product backend to perform a series of operations. And commands can be executed through the original functions of ScreenConnect.","The vendor has released a fix for the vulnerability: https://control.connectwise.com/supportTemporary fix:1. You can configure security protection policies to detect requests for the path segment SetupWizard.aspx.2. Set access permissions to intercept sensitive paths, such as Access.","Permission Bypass","CVE-2024-1709","title=""ScreenConnect Remote Support Software"" || banner=""ScreenConnect"" || header=""ScreenConnect""","91440","10.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Weblogic ForeignOpaqueReference 远程代码执行漏洞(CVE-2024-20931)","WebLogic Server 是其中的一个适用于云环境和传统环境的应用服务器组件。WebLogic 存在远程代码执行漏洞,该漏洞允许未经身份验证的攻击者通过 IIOP 协议网络访问并破坏易受攻击的 WebLogic Server,成功的漏洞利用可导致 WebLogic Server 被攻击者接管,从而造成远程代码执行。","Weblogic_interface_7001","WebLogic 存在远程代码执行漏洞,该漏洞允许未经身份验证的攻击者通过 IIOP 协议网络访问并破坏易受攻击的WebLogic Server,成功的漏洞利用可导致 WebLogic Server 被攻击者接管,从而造成远程代码执行。","1、目前厂商已发布升级补丁,请关注官方网站及时下载更新:https://www.oracle.com/security-alerts/cpujan2024.html2、如非必要,禁止公网访问该系统。","代码执行","Weblogic ForeignOpaqueReference remote code execution vulnerability (CVE-2024-20931)","WebLogic Server is one of the application server components suitable for both cloud and traditional environments.WebLogic has a remote code execution vulnerability that allows an unauthenticated attacker to access and destroy a vulnerable WebLogic Server through the IIOP protocol network. Successful exploitation of the vulnerability can cause WebLogic Server to be taken over by an attacker, resulting in remote code execution.","Weblogic_interface_7001","There is a remote code execution vulnerability in WebLogic, which allows an unauthenticated attacker to access and damage the vulnerable WebLogic Server through the IIOP protocol network. Successful exploitation of the vulnerability can lead to WebLogic Server being taken over by the attacker, resulting in remote code execution.","1. Currently, the manufacturer has released an upgrade patch. Please pay attention to the official website to download updates in time: https://www.oracle.com/security-alerts/cpujan2024.html2. Unless necessary, it is prohibited to access the system from the public network.","Code Execution","CVE-2024-20931","(body=""Welcome to WebLogic Server"")||(title==""Error 404--Not Found"") || (((body=""<h1>BEA WebLogic Server"" || server=""Weblogic"" || body=""content=\""WebLogic Server"" || body=""<h1>Welcome to Weblogic Application"" || body=""<h1>BEA WebLogic Server"") && header!=""couchdb"" && header!=""boa"" && header!=""RouterOS"" && header!=""X-Generator: Drupal"") || (banner=""Weblogic"" && banner!=""couchdb"" && banner!=""drupal"" && banner!="" Apache,Tomcat,Jboss"" && banner!=""ReeCam IP Camera"" && banner!=""<h2>Blog Comments</h2>"")) || (port=""7001"" && protocol==""weblogic"")","194125","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"堡塔云 WAF get_site_status 路径 server_name 参数 SQL 注入漏洞","堡塔云WAF是免费的WAF防火墙,首个支持ARM国产系统的WAF防火墙,有超高自由度的自定义拦截规则和可灵活配置各种限制访问,有效防CC攻击、防恶意采集、防刷接口等常见攻击和黑客渗透测试行为。攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","宝塔-WAF","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、厂商已发布解决方案,请更新到最新版本:https://www.bt.cn/new/index.html2、如非必要,禁止公网访问该系统。","SQL注入","Baota Cloud WAF get_site_status path server_name parameter SQL injection vulnerability","Baota Cloud WAF is a free WAF firewall. It is the first WAF firewall to support ARM domestic systems. It has ultra-high degree of freedom in custom interception rules and can flexibly configure various restricted access, effectively preventing CC attacks, malicious collection, and anti-brushing. Common attacks such as interfaces and hacker penetration testing behaviors.In addition to using SQL injection vulnerabilities to obtain information in the database (for example, administrator backend passwords, site user personal information), attackers can even write Trojans into the server under high-privilege circumstances to further gain server system permissions.","BT-WAF","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, administrator backend passwords, site user personal information), attackers can even write Trojans into the server under high-privilege circumstances to further gain server system permissions.","1. The manufacturer has released a solution, please update to the latest version: https://www.bt.cn/new/index.html2. Unless necessary, it is prohibited to access the system from the public network.","SQL Injection","","body=""?btwaf""","216288","9.6","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Ivanti Connect Secure 和 Policy Secure saml20.ws 服务端请求伪造漏洞(CVE-2024-21893)","Ivanti Connect/Policy Secure 是美国 Ivanti 公司的一款安全远程网络连接工具。Ivanti Connect Secure 产品 saml20.ws 存在服务端请求伪造漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","PulseSecure-SSL-VPN","Ivanti Connect Secure 产品 saml20.ws 存在服务端请求伪造漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","厂商已发布漏洞补丁,请及时更新:https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US","服务器端请求伪造,命令执行","Ivanti Connect Secure and Policy Secure saml20.ws server-side request forgery vulnerability (CVE-2024-21893)","Ivanti Connect/Policy Secure is a secure remote network connection tool from the American company Ivanti.Ivanti Connect Secure product saml20.ws has a server-side request forgery vulnerability. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.","PulseSecure-SSL-VPN","Ivanti Connect Secure product saml20.ws has a server-side request forgery vulnerability. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.","The manufacturer has released vulnerability patches, please update them promptly: https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US","Server-Side Request Forgery,Command Execution","CVE-2024-21893","header=""DSBrowserID"" || banner=""DSBrowserID"" || body=""/dana-na/;expires="" || body=""dana-cached/imgs/space.gif"" || body=""/dana-na/imgs/space.gif"" || body=""/dana-na/imgs/Product_favicon.png"" || body=""/dana-na/imgs/Ivanti_favicon.png"" || body=""/dana-na/css/ds.js"" || body=""ds_mobile_safari.css"" || body=""welcome.cgi?p=logo&signinId=url_default"" || body=""<b>Pulse Connect Secure</b>"" || title=""Secure Access SSL VPN"" || banner=""/dana-na/auth/url_default"" || header=""/dana-na/auth/url_default"" || body=""src=\""/dana-na/auth/""","399547","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 GetValidateLoginUserService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System GetValidateLoginUserService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 TerminalLogService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System TerminalLogService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 FileLog2Service 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System FileLog2Service API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 UserLoginOutService1 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System UserLoginOutService1 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 MailApp 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System MailApp API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 GetValidateServerService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System GetValidateServerService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 GetValidateAuthCodeService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System GetValidateAuthCodeService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 GetUserSafetyPolicyService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System GetUserSafetyPolicyService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 GetUsecPolicyService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System GetUsecPolicyService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 formType 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System formType API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 CreateDocService1 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System CreateDocService1 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"亿赛通电子文档安全管理系统 clientMessage 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System clientMessage API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"亿赛通电子文档安全管理系统 ClientLoginWeb 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System ClientLoginWeb API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"亿赛通电子文档安全管理系统 CheckClientServelt 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System CheckClientServelt API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"亿赛通电子文档安全管理系统 CDGRenewApplication 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System CDGRenewApplication API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"亿赛通电子文档安全管理系统 CDG AuthoriseTempletService1 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System CDG AuthoriseTempletService1 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"亿赛通电子文档安全管理系统 AutoSignService1 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System AutoSignService1 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"亿赛通电子文档安全管理系统 FileCountService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System FileCountService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 FileAuditService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System FileAuditService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 ExamCDGDocService1 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System ExamCDGDocService1 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 EmailAuditService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System EmailAuditService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 docRenewApp 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System docRenewApp API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 DecryptionApp 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System DecryptionApp API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 DecryptApplicationService1 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System DecryptApplicationService1 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 DecryPermissApp 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System DecryPermissApp API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 BIP ServiceDispatcher 接口远程代码执行漏洞","用友 YonBIP 是用友软件公司推出的一款企业智能化平台,旨在通过集成多种业务应用和服务,帮助企业实现数字化转型,提高运营效率和决策智能。用友 YonBIP 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-BIP","用友 YonBIP 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=476","文件上传,代码执行","Yonyou YonBIP ServiceDispatcher Api Deserialize Code Execution Vulnerability","YonBIP is an enterprise intelligence platform launched by Yonyou Software Company, aiming to help enterprises achieve digital transformation, improve operational efficiency and decision-making intelligence by integrating multiple business applications and services.There is a deserialization code execution vulnerability in Yonyou YonBIP, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-YonBIP","There is a deserialization code execution vulnerability in Yonyou YonBIP, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time: https://security.yonyou.com/#/noticeInfo?id=476","File Upload,Code Execution","","body=""yonbip/platform/pub/welcome.do""","1417","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 OutgoingRestoreApp 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System OutgoingRestoreApp API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 OfflineApplicationService2 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System OfflineApplicationService2 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 OfflineApplicationService1 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System OfflineApplicationService1 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 offlineApp 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System offlineApp API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 ODMSubmitApplyService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System ODMSubmitApplyService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41771","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 MailMessageLogServices 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System MailMessageLogServices API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41878","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 PrintLimitApp 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System PrintLimitApp API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 PrintAuditService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System PrintAuditService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 permissionApp 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System permissionApp API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 outgoingServlet 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System outgoingServlet API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 SecureUsbConnection 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System SecureUsbConnection API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41878","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 UploadFileListServiceForClient 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System UploadFileListServiceForClient API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 UpgradeService2 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System UpgradeService2 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 UpgradeService1 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System UpgradeService1 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 UpdatePasswordService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System UpdatePasswordService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 UpdateClientStatus 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System UpdateClientStatus API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 UninstallApplicationService1 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System UninstallApplicationService1 API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 SetEstAlertLogService 接口远程代码执行漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请联系厂商更新:https://www.esafenet.com/","代码执行","Esafenet Electronic Document Security Management System SetEstAlertLogService API Remote Code Execution Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a fix for the vulnerability, please contact the manufacturer for updates: https://www.esafenet.com/","Code Execution","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41772","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Jenkins args4j 文件读取漏洞(CVE-2024-23897)","CloudBees Jenkins(前称Hudson Labs)是美国 CloudBees 公司的一套基于Java开发的持续集成工具,它主要用于监控持续的软件版本发布/测试项目和一些定时执行的任务。攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","Jenkins","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、目前厂商已经发布了升级补丁已修复这个安全问题,请到厂商的主页下载:https://jenkins.io/download2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","Jenkins args4j file read vulnerability (CVE-2024-23897)","CloudBees Jenkins (formerly known as Hudson Labs) is a set of Java-based continuous integration tools developed by American CloudBees Company. It is mainly used to monitor continuous software version release/test projects and some regularly executed tasks.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.","Jenkins","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.","1. Currently, the manufacturer has released an upgrade patch that has fixed this security issue. Please download it from the manufacturer’s homepage: https://jenkins.io/download2. Set access policies through security devices such as firewalls and set whitelist access.3. Unless necessary, it is prohibited to access the system from the public network.","File Read","CVE-2024-23897","header=""X-Jenkins"" || banner=""X-Jenkins"" || header=""X-Hudson"" || banner=""X-Hudson"" || header=""X-Required-Permission: hudson.model.Hudson.Read"" || banner=""X-Required-Permission: hudson.model.Hudson.Read"" || body=""Jenkins-Agent-Protocols""","729753","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"GoAnywhere MFT InitialAccountSetup.xhtml 绕过漏洞(CVE-2024-0204)","GoAnywhere MFT(Managed File Transfer)是一款由 HelpSystems 公司提供的企业级文件传输解决方案,旨在满足组织对于安全、可管理和自动化文件传输的需求。Fortra 7.4.1 版之前的 GoAnywhere MFT 中的身份验证绕过漏洞。允许未经授权的用户通过管理门户伪装成管理员,任意创建管理用户,从而接管整个系统。","GoAnywhere-MFT","Fortra 7.4.1 版之前的 GoAnywhere MFT 中的身份验证绕过漏洞。允许未经授权的用户通过管理门户伪装成管理员,任意创建管理用户,从而接管整个系统。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.fortra.com/security/advisory/fi-2024-001","权限绕过","GoAnywhere MFT InitialAccountSetup.xhtml Bypass Vulnerability (CVE-2024-0204)","GoAnywhere MFT (Managed File Transfer) is an enterprise-class file transfer solution provided by HelpSystems, designed to meet the needs of organizations for secure, manageable and automated file transfer.Authentication bypass vulnerability in GoAnywhere MFT before Fortra version 7.4.1. Allows unauthorized users to pretend to be administrators through the management portal, create arbitrary management users, and take over the entire system.","GoAnywhere-MFT","Authentication bypass vulnerability in GoAnywhere MFT before Fortra version 7.4.1. Allows unauthorized users to pretend to be administrators through the management portal, create arbitrary management users, and take over the entire system.","The manufacturer has released a vulnerability fix, please pay attention to updates in time: https://www.fortra.com/security/advisory/fi-2024-001","Permission Bypass","CVE-2024-0204","title=""GoAnywhere"" || header=""/goanywhere"" || banner=""/goanywhere""","4468","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 hiddenWatermark/uploadFile 文件上传漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在文件上传漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在文件上传漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.esafenet.com/dzwdaqglxt","文件上传","Esafenet Electronic Document Security Management System hiddenWatermark/uploadFile File Upload Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time: https://www.esafenet.com/dzwdaqglxt","File Upload","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41779","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Atlassian Confluence template/aui/text-inline.vm 代码执行漏洞(CVE-2023-22527)","Atlassian Confluence 是一款由 Atlassian 开发的企业团队协作和知识管理软件,提供了一个集中化的平台,用于创建、组织和共享团队的文档、知识库、项目计划和协作内容。Atlassian Confluence 在 template/aui/text-inline.vm 存在远程代码执行漏洞,可以让未经授权的攻击者在受影响的版本上执行任意代码。","ATLASSIAN-Confluence","Atlassian Confluence 在 template/aui/text-inline.vm 存在远程代码执行漏洞,可以让未经授权的攻击者在受影响的版本上执行任意代码。","厂商已发布补丁和修复方案,请及时更新:https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html","代码执行","Atlassian Confluence template/aui/text-inline.vm code execution vulnerability (CVE-2023-22527)","Atlassian Confluence is an enterprise team collaboration and knowledge management software developed by Atlassian that provides a centralized platform for creating, organizing and sharing your team's documents, knowledge base, project plans and collaborative content.Atlassian Confluence has a remote code execution vulnerability in template/aui/text-inline.vm that could allow an unauthorized attacker to execute arbitrary code on an affected version.","ATLASSIAN-Confluence","Atlassian Confluence has a remote code execution vulnerability in template/aui/text-inline.vm that could allow an unauthorized attacker to execute arbitrary code on an affected version.","The manufacturer has released patches and repair plans, please update in time: https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and- confluence-server-1333990257.html","Code Execution","CVE-2023-22527","header=""X-Confluence-"" || banner=""X-Confluence-"" || (body=""name=\""confluence-base-url\"""" && body=""id=\""com-atlassian-confluence"") || title=""Atlassian Confluence"" || (title==""Errors"" && body=""Confluence"")","1190821","10","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Ivanti Connect Secure 和 Policy Secure keys-status 远程命令执行漏洞(CVE-2023-46805/CVE-2024-21887)","Ivanti 是一家软件和信息技术服务公司,专注于提供用于 IT 管理、安全、服务管理和终端管理等方面的解决方案。Ivanti Connect Secure 和 Ivanti Policy Secure 是 Ivanti 公司提供的两个安全性解决方案的组成部分,主要用于网络安全和连接性管理。Ivanti Connect Secure(9.x、22.x)和 Ivanti Policy Secure(9.x、22.x)的 Web 组件中存在一个命令注入漏洞,利用身份验证绕过漏洞配合命令注入漏洞能够发送特制请求并在设备上执行任意命令。","Ivanti Connect Secure","利用身份验证绕过漏洞配合命令注入漏洞能够发送特制请求并在设备上执行任意命令,获取服务器权限,进而控制整个web服务器。","1、厂商已发布补丁和修复方案,请及时更新:https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","命令执行","Ivanti Connect Secure and Policy Secure keys-status remote command execution vulnerability (CVE-2023-46805/CVE-2024-21887)","Ivanti is a software and information technology services company focused on providing solutions for IT management, security, service management and endpoint management. Ivanti Connect Secure and Ivanti Policy Secure are part of two security solutions from Ivanti for network security and connectivity management.There is a command injection vulnerability in the web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x). The authentication bypass vulnerability and the command injection vulnerability can be used to send specially crafted requests and Execute arbitrary commands on the device.","Ivanti Connect Secure","which utilizes authentication to bypass the vulnerability and in combination with command injection vulnerabilities, can send customized requests and execute arbitrary commands on the device, gain server privileges, and thus control the entire web server.","1. The manufacturer has released patches and repair plans. Please update them promptly: https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, public network access to the system is prohibited.","Command Execution","CVE-2024-46805","header=""DSBrowserID"" || banner=""DSBrowserID"" || body=""/dana-na/;expires="" || body=""dana-cached/imgs/space.gif"" || body=""/dana-na/imgs/space.gif"" || body=""/dana-na/imgs/Product_favicon.png"" || body=""/dana-na/imgs/Ivanti_favicon.png"" || body=""/dana-na/css/ds.js"" || body=""ds_mobile_safari.css"" || body=""welcome.cgi?p=logo&signinId=url_default""","154590","9.1","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC registerServlet JNDI 远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=435","HW-2023,代码执行","Yonyou NC registerServlet JNDI Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=435","HW-2023,Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21321","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC registerServlet 反序列化远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=435","代码执行","Yonyou NC registerServlet Deserialize Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=435","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21320","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Apache OFBiz webtools/control/ProgramExport 远程代码执行漏洞(CVE-2023-51467)","Apache OFBiz 是一个开源的企业资源规划(ERP)系统,提供了多种商业功能和模块。Apache OFBiz 在 webtools/control/ProgramExport 存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","Apache_OFBiz","Apache OFBiz 在 webtools/control/ProgramExport 存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://ofbiz.apache.org/security.html","代码执行","Apache OFBiz webtools/control/ProgramExport remote code execution vulnerability (CVE-2023-51467)","Apache OFBiz is an open source enterprise resource planning (ERP) system that provides a variety of business functions and modules.Apache OFBiz has a code execution vulnerability in webtools/control/ProgramExport. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","Apache_OFBiz","Apache OFBiz has a code execution vulnerability in webtools/control/ProgramExport. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability fix, please update and upgrade in time: https://ofbiz.apache.org/security.html","Code Execution","CVE-2023-51467","cert=""Organizational Unit: Apache OFBiz"" || (body=""www.ofbiz.org"" && body=""/images/ofbiz_powered.gif"") || header=""Set-Cookie: OFBiz.Visitor"" || banner=""Set-Cookie: OFBiz.Visitor""","5912","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"QNAP QNAP_helpdesk.cgi 远程命令执行漏洞(CVE-2020-2507)","QNAP NAS(Network Attached Storage)是一种网络附加存储设备,由台湾的威联通科技公司制造。它是一种专为家庭和企业用户设计的存储解决方案,允许用户通过网络访问和共享存储空间。QNAP NAS 在 QNAP_helpdesk.cgi 处存在命令执行漏洞,攻击者可通过该漏洞在服务器端任意执行命令,写入后门,获取服务器权限,进而控制整个web服务器。","QNAP-NAS","QNAP NAS 在 QNAP_helpdesk.cgi 处存在命令执行漏洞,攻击者可通过该漏洞在服务器端任意执行命令,写入后门,获取服务器权限,进而控制整个web服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://www.qnap.com/zh-tw/security-advisory/qsa-20-08","命令执行","QNAP QNAP_helpdesk.cgi remote command execution vulnerability (CVE-2020-2507)","QNAP NAS (Network Attached Storage) is a network-attached storage device manufactured by QNAP Technology Co., Ltd. in Taiwan. It is a storage solution designed for home and business users that allows users to access and share storage space over the network.QNAP NAS has a command execution vulnerability in QNAP_helpdesk.cgi. An attacker can use this vulnerability to execute arbitrary commands on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","QNAP-NAS","QNAP NAS has a command execution vulnerability in QNAP_helpdesk.cgi. An attacker can use this vulnerability to execute arbitrary commands on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability fix, please update and upgrade in time: https://www.qnap.com/zh-tw/security-advisory/qsa-20-08","Command Execution","CVE-2020-2507","(((header=""http server"" && body=""redirect_suffix"") || body=""/css/qnap-default.css"" || body=""/redirect.html?count=\""+Math.random()"" || body=""/indexnas.cgi?counter="") && body!=""Server: couchdb"") || (body=""qnap_hyperlink"" && body=""QNAP Systems, Inc.</a> All Rights Reserved."")","2486136","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"QNAP NAS authLogin.cgi 命令执行漏洞(CVE-2017-6361)","QNAP NAS(网络附加存储)是一种专为存储、恢复和管理数据而设计的设备。QNAP 提供了许多不同的 NAS 模型,适合家庭、小型办公室和大型企业。QNAP NAS 可通过网络与多个设备共享数据,提供数据备份、文件同步、远程访问等功能。QNAP NAS还支持第三方应用程序,为用户提供更多的功能和服务。攻击者可通过未授权接口发送 shell 元字符利用该漏洞执行任意命令,写入后门,获取服务器权限,进而控制整个 web 服务器。","QNAP-NAS","攻击者可通过未授权接口发送 shell 元字符利用该漏洞执行任意命令,写入后门,获取服务器权限,进而控制整个 web 服务器。","1、目前厂商已发布相关补丁,及时进行产品升级。2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","命令执行","QNAP NAS authLogin.cgi command execution vulnerability (CVE-2017-6361)","QNAP NAS (Network Attached Storage) is a device specially designed for storing, recovering, and managing data. QNAP offers many different NAS models suitable for homes, small offices, and large enterprises. QNAP NAS can share data with multiple devices over the network, providing data backup, file synchronization, remote access, and more. QNAP NAS also supports third-party applications, providing more functionality and services to users.Attackers can exploit this vulnerability to execute arbitrary commands, write backdoors, gain server permissions, and thereby control the entire web server by sending shell meta-characters through unauthorized interfaces.","QNAP-NAS","Attackers can exploit this vulnerability to execute arbitrary commands, write backdoors, gain server permissions, and thereby control the entire web server by sending shell meta-characters through unauthorized interfaces.","1. The manufacturer has currently released related patches, please upgrade the product in time.2. Set access policies through security equipment such as firewalls, and establish a whitelist for access.3. If not necessary, prohibit public network access to this system.","Command Execution","CVE-2017-6361","(((header=""http server"" && body=""redirect_suffix"") || body=""/css/qnap-default.css"" || body=""/redirect.html?count=\""+Math.random()"" || body=""/indexnas.cgi?counter="") && body!=""Server: couchdb"") || (body=""qnap_hyperlink"" && body=""QNAP Systems, Inc.</a> All Rights Reserved."")","2637547","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Apusic 应用服务器 createDataSource 远程代码执行漏洞","金蝶 Apusic 应用服务器(Apusic Application Server,AAS)是一款标准、安全、高效、集成并具丰富功能的企业级应用服务器软件,全面支持 JakartaEE 8/9的技术规范,提供满足该规范的 Web 容器、 EJB 容器以及 WebService 容器等,支持 Websocket 1.1、Servlet4.0、HTTP 2.0等最新的技术规范,为企业级应用的便捷开发、灵活部署、可靠运行、高效管控以及快速集成等提供关键支撑。金蝶 Apusic 应用服务器(Apusic Application Server,AAS)存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","Apusic-Application-Server","金蝶 Apusic 应用服务器(Apusic Application Server,AAS)存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.apusic.com/list-117.html","代码执行","Apusic Application Server createDataSource Remote Code Execution Vulnerability","Kingdee Apusic Application Server (AAS) is an enterprise-level application server software that is efficient, secure, integrated and has rich functions. It fully supports the technical specifications of JakartaEE 8/9 and provides Web containers and EJB containers that meet the specifications. And WebService containers, etc., support the latest technical specifications such as Websocket 1.1, Servlet4.0, HTTP 2.0, etc., providing key support for the convenient development, flexible deployment, reliable operation, efficient management and control, and rapid integration of enterprise-level applications.The Kingdee Apusic Application Server (AAS) has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","Apusic-Application-Server","The Kingdee Apusic Application Server (AAS) has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a vulnerability fix, please stay tuned for updates:https://www.apusic.com/list-117.html","Code Execution","","body=""images/head_right_filling.jpg"" || body=""/admin/protected/index.jsp"" || server=""Apusic Application Server""","31410","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Apusic 应用服务器 loadTree 远程代码执行漏洞","金蝶 Apusic 应用服务器(Apusic Application Server,AAS)是一款标准、安全、高效、集成并具丰富功能的企业级应用服务器软件,全面支持 JakartaEE 8/9的技术规范,提供满足该规范的 Web 容器、 EJB 容器以及 WebService 容器等,支持 Websocket 1.1、Servlet4.0、HTTP 2.0等最新的技术规范,为企业级应用的便捷开发、灵活部署、可靠运行、高效管控以及快速集成等提供关键支撑。金蝶 Apusic 应用服务器(Apusic Application Server,AAS)存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","Apusic-Application-Server","金蝶 Apusic 应用服务器(Apusic Application Server,AAS)存在代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.apusic.com/list-117.html","代码执行","Apusic Application Server loadTree Remote Code Execution Vulnerability","Kingdee Apusic Application Server (AAS) is an enterprise-level application server software that is efficient, secure, integrated and has rich functions. It fully supports the technical specifications of JakartaEE 8/9 and provides Web containers and EJB containers that meet the specifications. And WebService containers, etc., support the latest technical specifications such as Websocket 1.1, Servlet4.0, HTTP 2.0, etc., providing key support for the convenient development, flexible deployment, reliable operation, efficient management and control, and rapid integration of enterprise-level applications.The Kingdee Apusic Application Server (AAS) has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","Apusic-Application-Server","The Kingdee Apusic Application Server (AAS) has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a vulnerability fix, please stay tuned for updates:https://www.apusic.com/list-117.html","Code Execution","","body=""images/head_right_filling.jpg"" || body=""/admin/protected/index.jsp"" || server=""Apusic Application Server""","31415","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"致远 OA 默认口令漏洞","致远 OA 是一款协同管理软件,致远OA由中国致远互联公司开发。致远 OA 存在默认口令漏洞,攻击者可通过 audit-admin:123456/seeyon-guse:123456 控制整个平台,使用管理员权限操作核心的功能。","致远互联-OA","攻击者可通过默认口令漏洞控制整个平台,使用管理员权限操作核心的功能,对用户极具危害。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令,文件上传","Seeyon OA Default Password Vulnerability","Seeyon OA is a collaborative management software developed by China Zhiyuan Internet Company.Seeyon OA has a default password vulnerability. An attacker can control the entire platform through audit-admin:123456/seeyon-guse:123456 and use administrator privileges to operate core functions.","SEEYON-OA","Attackers can control the whole platform through the default password vulnerability, and use the administrator rights to operate the core functions, which is extremely harmful to users.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, special characters, and more than 8 digits.2. If not necessary, the public network is prohibited from accessing the system.3. Set access policy and whitelist access through firewall and other security devices.","File Upload,Default Password","","body=""/seeyon/USER-DATA/IMAGES/LOGIN/login.gif"" || title=""用友致远A"" || (body=""/yyoa/"" && body!=""本站内容均采集于"" && body!=""getFirstU8Accid"" && (body=""/U8-OA/css/"" || title=""致远"" || body=""seeyonoa"" || body=""CheckLogin"")) || header=""path=/yyoa"" || server==""SY8044"" || (body=""A6-V5企业版"" && body=""seeyon"" && body=""seeyonProductId"") || (body=""/seeyon/common/"" && body=""var _ctxpath = '/seeyon'"") || (body=""A8-V5企业版"" && body=""/seeyon/"") || (title=""致远A8"" && (body=""seeyonProductId"" || body=""/seeyon/"")) || body=""<meta http-equiv=\""Refresh\"" content=\""0;url=/seeyon/main.do?method=index\"">"" || (header=""SY8045"" && (header=""Path=/seeyon"" || body=""var seeyonProductId"" || title=""A8"" || body=""2Fseeyon%2Findex.jsp'</script>"")) || banner=""Server: SY8044"" || (body=""parent.frame_A8"" && (header=""Path=/seeyon"" || header=""loginPageURL"" || body=""/seeyon/genericController.do?ViewPage=apps/autoinstall/downLoadIESet""))","70381","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Apache Hadoop cluster 未授权访问漏洞","Hadoop 是一个由 Apache 基金会所开发的分布式系统基础架构。用户可以在不了解分布式底层细节的情况下,开发分布式程序。充分利用集群的威力进行高速运算和存储。负责对资源进行同一管理调度的 ReasourceManager 组件的 UI 管理界面开放在 8080/8088 端口,攻击者无需认证即可访问 /cluster 目录 ,黑客可以操作多个目录下的数据,如进行删除,下载,目录浏览甚至命令执行等操作,产生极大的危害。","Hadoop","Apache Hadoop 存在未授权访问漏洞,攻击者无需认证即可访问 /cluster 目录 ,攻击者可以操作多个目录下的数据,如进行删除,下载,目录浏览甚至命令执行等操作,产生极大的危害。","1、如无必要,关闭 Hadoop Web 管理页面2、开启身份验证,防止未经授权用户访问3、设置“安全组”访问控制策略,将 Hadoop 默认开放的多个端口对公网全部禁止或限制可信任的 IP 地址才能访问","未授权访问","Apache Hadoop Cluster Unauthorized Access Vulnerability","Hadoop is a distributed system infrastructure developed by the Apache Foundation. Users can develop distributed programs without understanding the underlying details of distribution. Fully utilize the power of clusters for high-speed computing and storageThe UI management interface of the ReasourceManager component responsible for managing and scheduling resources is open on port 8080/8088, allowing attackers to access the/cluster directory without authentication. Hackers can manipulate data from multiple directories, such as deleting, downloading, browsing directories, and even executing commands, causing great harm.","Hadoop","The UI management interface of the ReasourceManager component responsible for managing and scheduling resources is open on port 8080/8088, allowing attackers to access the/cluster directory without authentication. Hackers can manipulate data from multiple directories, such as deleting, downloading, browsing directories, and even executing commands, causing great harm.","1. If unnecessary, close the Hadoop web management page2. Enable authentication to prevent unauthorized users from accessing3. Set up a ""security group"" access control policy to prohibit or restrict trusted IP addresses from accessing the public network through multiple default open ports of Hadoop","Unauthorized Access","","(body=""/cluster/cluster"" && body=""All Applications"") || body=""/jmx?qry=Hadoop:"" || body=""All Applications""","145481","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"配置文件信息泄漏漏洞","应用系统由于配置不当,没有考虑相关的安全隐患,造成相关的配置文件泄露,泄露相关的配置。攻击者通过配置信息泄露获取敏感数据,为进一步攻击创造条件,设置通过泄露的配置直接控制数据库或网站。","无","配置文件泄漏可能带来严重的安全和隐私问题,配置文件通常包含应用程序、服务或系统的敏感信息,例如数据库连接字符串、API密钥、密码等。一旦这些信息泄漏,攻击者可能会利用这些凭据来访问和篡改敏感数据。","1. 限制访问权限: 确保只有授权人员能够访问配置文件,限制对文件的读写权限。2. 定期审查和更新: 定期审查配置文件,确保其中的信息是最新的,并且删除不再需要的信息。3. 监控和日志: 实施监控和日志记录,以检测对配置文件的非法访问或修改,并及时采取措施应对潜在的安全威胁。4. WAF 层面:配置规则进行拦截","信息泄露","Configuration file information leakage vulnerability","Due to improper configuration of the application system, relevant security risks were not considered, causing the leakage of relevant configuration files and leakage of relevant configurations.Attackers obtain sensitive data through configuration information leakage, create conditions for further attacks, and set up direct control of databases or websites through leaked configurations.","无","Configuration file leaks may bring serious security and privacy issues. Configuration files often contain sensitive information of applications, services or systems, such as database connection strings, API keys, passwords, etc. Once this information is leaked, attackers may use these credentials to access and tamper with sensitive data.","1. Restrict access rights: Ensure that only authorized personnel can access the configuration file and limit read and write permissions on the file.2. Regular Review and Update: Regularly review the configuration file to ensure that the information in it is up to date and remove information that is no longer needed.3. Monitoring and logging: Implement monitoring and logging to detect illegal access or modification of configuration files and take timely measures to deal with potential security threats.4. WAF level: configure rules for interception","Information Disclosure","","protocol=""http"" || protocol=""https""","2362966774","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Http Server Index of 目录遍历漏洞","当网站开启目录浏览功能时,它允许浏览者直接浏览和查看网站的目录结构以及目录中的文件内容。这样的功能可以提供一种方便的方式来探索和访问网站上的文件。由于服务器配置不当引起的安全漏洞如果服务器没有设置默认索引文件或手动启用了目录浏览功能,攻击者就能够通过该漏洞获得服务器上目录的完整列表,并有可能访问到敏感文件,如备份文件、数据库文件、源代码等。这种情况下,攻击者可以利用目录浏览漏洞泄露大量敏感信息。","APACHE-HTTP_Server","由于服务器配置不当引起的安全漏洞如果服务器没有设置默认索引文件或手动启用了目录浏览功能,攻击者就能够通过该漏洞获得服务器上目录的完整列表,并有可能访问到敏感文件,如备份文件、数据库文件、源代码等。这种情况下,攻击者可以利用目录浏览漏洞泄露大量敏感信息。","1、通过修改配置文件,去除中间件的文件目录索引功能。2、设置文件目录的访问权限。3、在每个目录下创建一个空的index.html页面。","目录遍历","Http Server index of directory traversal vulnerability","When a website has directory browsing enabled, it allows viewers to directly browse and view the website's directory structure and file content within the directory. This feature can provide a convenient way to explore and access files on the website.Security vulnerabilities caused by improper server configuration. If the server does not set default index files or manually enables directory browsing, attackers can use this vulnerability to obtain a complete list of directories on the server and potentially access sensitive files such as backup files, database files, source code, etc. In this case, attackers can exploit directory browsing vulnerabilities to leak a large amount of sensitive information.","APACHE-HTTP_Server","Security vulnerabilities caused by improper server configuration. If the server does not set default index files or manually enables directory browsing, attackers can use this vulnerability to obtain a complete list of directories on the server and potentially access sensitive files such as backup files, database files, source code, etc. In this case, attackers can exploit directory browsing vulnerabilities to leak a large amount of sensitive information.","1. Remove the file directory indexing function of the middleware by modifying the configuration file.2. Set access permissions for file directories.3. Create an empty index.html page in each directory.","Directory Traversal","","title=""index of /""","10728512","7.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"安恒明御运维审计与风险控制系统 xmlrpc.sock 权限绕过漏洞","安恒的明御运维审计与风险控制系统是一款旨在提供安全运维管理和运维活动审计的解决方案。通过该系统,组织能够实现对关键资产的访问和操作的全面控制和审计,保障资产安全,并满足合规要求。攻击者可以通过明御运维审计与风险控制系统 xmlrpc.sock 接口 SSRF 漏洞,可以添加任意用户控制整个平台。","安恒信息-明御运维审计与风险控制系统","攻击者可以通过明御运维审计与风险控制系统 xmlrpc.sock 接口 SSRF 漏洞,可以添加任意用户控制整个平台。","1、更新官方发布的安全补丁或升级到最新版:https://www.dbappsecurity.com.cn2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","权限绕过","Anhengming Royal Operation and Maintenance Audit and Risk Control System xmlrpc.sock permission bypass vulnerability","Anheng's Mingyu operation and maintenance audit and risk control system is a solution designed to provide safe operation and maintenance management and audit of operation and maintenance activities. Through this system, organizations can achieve comprehensive control and audit of access and operations of critical assets, ensure asset security, and meet compliance requirements.Attackers can use the SSRF vulnerability in the xmlrpc.sock interface of the Mingyu operation and maintenance audit and risk control system to add any user to control the entire platform.","DAS_Security-Mingyu-OPS-ARCS","Attackers can use the SSRF vulnerability in the xmlrpc.sock interface of the Mingyu operation and maintenance audit and risk control system to add any user to control the entire platform.","1. Update official security patches or upgrade to the latest version: https://www.dbappsecurity.com.cn2. If not necessary, public network access to the system is prohibited.3. Set access policies and whitelist access through security devices such as firewalls.","Permission Bypass","","body=""明御运维审计"" || header=""Set-Cookie: USM="" || banner=""Set-Cookie: USM=""","2817","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Aapche .htaccess 文件信息泄漏漏洞",".htaccess 文件是 Apache 中有一种特殊的文件,其提供了针对目录改变配置的方法,即在一个特定的文档目录中放置一个包含一条或多条指令的文件,以作用于此目录及其所有子目录。.htaccess 文件内容的泄露可能会导致服务器配置信息暴露,权限控制被绕过等。","APACHE-HTTP_Server",".htaccess 文件内容的泄露可能会导致服务器配置信息暴露,权限控制被绕过等。","防止 .htaccess 文件内容泄露的解决方案主要包括以下几点:1. 禁用或限制 .htaccess 文件:如果你有访问主服务器配置文件的权限,你应该尽量避免使用 .htaccess 文件。任何可以在 .htaccess 文件中包含的指令,最好在Directory 块中设置,因为这样会有更好的性能。2. 严格的权限控制:应该限制对 .htaccess 文件的访问权限,只有必要的人员才能访问和修改这些文件。3. 敏感信息处理:避免在 .htaccess 文件中存储敏感信息。如果必须这样做,应该对这些信息进行适当的加密或哈希处理。4. 错误处理:确保服务器的错误消息不会泄露 .htaccess 文件的信息。5. 监控和日志记录:定期检查服务器日志,寻找任何可能指示 .htaccess 文件被未经授权访问的迹象。","信息泄露","Aapche .htaccess file information leakage vulnerability","The .htaccess file is a special file in Apache that provides a method to change the configuration of a directory, that is, place a file containing one or more instructions in a specific document directory to act on this directory and all its subdirectories. Table of contents.The leakage of the contents of the .htaccess file may lead to server configuration information being exposed, permission control being bypassed, etc.","APACHE-HTTP_Server","The leakage of the contents of the .htaccess file may lead to server configuration information being exposed, permission control being bypassed, etc.","Solutions to prevent the leakage of .htaccess file contents mainly include the following points:1. Disable or restrict .htaccess files: If you have access to the main server configuration file, you should try to avoid using .htaccess files. Any directives that can be included in the .htaccess file are best set in a Directory block as this will result in better performance.2. Strict permission control: Access to .htaccess files should be restricted so that only necessary personnel can access and modify these files.3. Handling of sensitive information: Avoid storing sensitive information in .htaccess files. If this must be done, the information should be appropriately encrypted or hashed.4. Error handling: Ensure that server error messages do not reveal information about the .htaccess file.5. Monitoring and logging: Regularly check server logs for any signs that may indicate unauthorized access to .htaccess files.","Information Disclosure","","((header=""Server: httpd"" || (server=""Apache"" && header!=""Apache-Coyote"")) && header!=""couchdb"" && header!=""drupal"" && body!=""<h2>My Resource</h2>"" && body!=""Server: CouchDB"" && header!=""ReeCam IP Camera"" && header!=""Apache,Tomcat,Jboss"") || (banner=""Server: httpd"" || (banner=""Server: Apache"" && banner!=""Apache-Coyote"") && banner!=""couchdb"" && banner!=""drupal"" && banner!=""ReeCam IP Camera"") || title==""Test Page for the Apache HTTP Server""","616102567","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Pivotal Software Spring Framework 目录遍历漏洞","Pivotal Spring Framework 是美国 Pivotal Software 公司的一套开源的Java、Java EE 应用程序框架。该框架可帮助开发人员构建高质量的应用。 Pivotal Spring Framework 存在目录遍历漏洞,攻击者可以利用这个漏洞获取到任何在文件系统上对 Spring web 应用程序进程可访问的文件。这可能会导致敏感信息的泄露,从而对系统的安全性造成威胁。","vmware-Spring-Framework","攻击者可以利用这个漏洞获取到任何在文件系统上对 Spring web 应用程序进程可访问的文件。这可能会导致敏感信息的泄露,从而对系统的安全性造成威胁。","目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://www.pivotal.io/security/cve-2014-3625","目录遍历","Pivotal Software Spring Framework Directory Traversal Vulnerability","Pivotal Spring Framework is an open source Java and Java EE application framework from the American Pivotal Software company. The framework helps developers build high-quality applications.Pivotal Spring Framework has a directory traversal vulnerability that allows an attacker to obtain any file on the file system that is accessible to the Spring web application process. This may lead to the leakage of sensitive information, thus posing a threat to the security of the system.","Spring-Framework","Pivotal Spring Framework has a directory traversal vulnerability that allows an attacker to obtain any file on the file system that is accessible to the Spring web application process. This may lead to the leakage of sensitive information, thus posing a threat to the security of the system.","Currently, the manufacturer has released an upgrade patch to fix this security issue. The link to obtain the patch is: http://www.pivotal.io/security/cve-2014-3625","Directory Traversal","CVE-2014-3625","body=""<h1>Spring + Hibernate + SpringMVC/Struts basic project.</h1>"" || header=""SpringBoot"" || banner=""SpringBoot"" || (body=""Whitelabel Error Page"" && body=""There was an unexpected error"") || title=""Spring Batch Admin"" || title=""Spring Batch Lightmin"" || header=""org.springframework.web.servlet.i18n.CookieLocaleResolver.locale="" || banner=""org.springframework.web.servlet.i18n.CookieLocaleResolver.locale="" || header=""realm=\""Spring Security Application"" || banner=""realm=\""Spring Security Application"" || header=""Apache-Coyote"" || banner=""Apache-Coyote"" || body=""href=\""tomcat.css"" || title=""Apache Tomcat"" || (title=""Error report"" && title!=""JBoss"") || body=""This is the default Tomcat home page"" || server=""tomcat"" || body=""<h3>Apache Tomcat"" || banner=""Tomcat"" || header=""Tomcat"" || title=""spring framework"" || header=""JSESSIONID"" || banner=""JSESSIONID""","37180973","5.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"金蝶 EAS appmonitor/protect/jndi/loadTree 路径 jndiName 参数远程代码执行漏洞","金蝶 EAS Cloud 融合了金蝶苍穹的 gPaaS 功能,是基于云原生架构的平台产品,可以进行容器化部署,具备一切云原生的架构特性,是一款拥有最先进底层架构的平台产品。金蝶 EAS Cloud 存在 jndi 注入漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","Kingdee-EAS","金蝶 EAS Cloud 存在 jndi 注入漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、请升级系统到最新版本,联系厂商修复漏洞:https://www.kingdee.com/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","代码执行","Kingdee EAS appmonitor/protect/jndi/loadTree path jndiName parameter remote code execution vulnerability","Kingdee EAS Cloud integrates the gPaaS function of Kingdee Cosmic. It is a platform product based on cloud-native architecture. It can be deployed in containers and has all cloud-native architectural features. It is a platform product with the most advanced underlying architecture.Kingdee EAS Cloud has a jndi injection vulnerability. An attacker can use this vulnerability to execute arbitrary code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","Kingdee-EAS","Kingdee EAS Cloud has a jndi injection vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","1. Please upgrade the system to the latest version and contact the manufacturer to fix the vulnerability: https://www.kingdee.com/2. Deploy a web application firewall to monitor database operations.3. If not necessary, public network access to the system is prohibited.","Code Execution","","body=""easSessionId"" || header=""easportal"" || header=""eassso/login"" || banner=""eassso/login"" || body=""/eassso/common"" || (title=""EAS系统登录"" && body=""金蝶"") || header=""EASSESSIONID"" || banner=""EASSESSIONID""","26502","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"金蝶 EAS createDataSource 路径 jndiName 参数远程代码执行漏洞","金蝶 EAS Cloud 融合了金蝶苍穹的 gPaaS 功能,是基于云原生架构的平台产品,可以进行容器化部署,具备一切云原生的架构特性,是一款拥有最先进底层架构的平台产品。金蝶 EAS Cloud 存在 jndi 注入漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","Kingdee-EAS","金蝶 EAS Cloud 存在 jndi 注入漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、请升级系统到最新版本,联系厂商修复漏洞:https://www.kingdee.com/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","代码执行","Kingdee EAS createDataSource path jndiName parameter remote code execution vulnerability","Kingdee EAS Cloud integrates the gPaaS function of Kingdee Cosmic. It is a platform product based on cloud-native architecture. It can be deployed in containers and has all cloud-native architectural features. It is a platform product with the most advanced underlying architecture.Kingdee EAS Cloud has a jndi injection vulnerability. An attacker can use this vulnerability to execute arbitrary code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","Kingdee-EAS","Kingdee EAS Cloud has a jndi injection vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","1. Please upgrade the system to the latest version and contact the manufacturer to fix the vulnerability: https://www.kingdee.com/2. Deploy a web application firewall to monitor database operations.3. If not necessary, public network access to the system is prohibited.","Code Execution","","body=""easSessionId"" || header=""easportal"" || header=""eassso/login"" || banner=""eassso/login"" || body=""/eassso/common"" || (title=""EAS系统登录"" && body=""金蝶"") || header=""EASSESSIONID"" || banner=""EASSESSIONID""","26513","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 file/uploadFile 接口文件上传漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在文件上传漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在文件上传漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.esafenet.com/dzwdaqglxt","文件上传","Esafenet Electronic Document Security Management System file/uploadFile API File Upload Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a File Upload vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time: https://www.esafenet.com/dzwdaqglxt","File Upload","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41320","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通电子文档安全管理系统 LinkFilterService 接口权限绕过漏洞","亿赛通电子文档安全管理系统(简称:CDG)是一款电子文档安全加密软件,该系统利用驱动层透明加密技术,通过对电子文档的加密保护,防止内部员工泄密和外部人员非法窃取企业核心重要数据资产,对电子文档进行全生命周期防护,系统具有透明加密、主动加密、智能加密等多种加密方式,用户可根据部门涉密程度的不同(如核心部门和普通部门),部署力度轻重不一的梯度式文档加密防护,实现技术、管理、审计进行有机的结合,在内部构建起立体化的整体信息防泄露体系,使得成本、效率和安全三者达到平衡,实现电子文档的数据安全。亿赛通电子文档安全管理系统存在权限绕过漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","亿赛通-电子文档安全管理系统","亿赛通电子文档安全管理系统存在权限绕过漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.esafenet.com/dzwdaqglxt","权限绕过,代码执行","Esafenet Electronic Document Security Management System LinkFilterService API Permission Bypass Vulnerability","Esafenet Electronic Document Security Management System (CDG) is an electronic document security encryption software that utilizes transparent encryption technology at the driver layer. By encrypting and protecting electronic documents, the system prevents internal employees from leaking information and external personnel from illegally stealing important data assets of the enterprise. It provides full lifecycle protection for electronic documents, and the system has multiple encryption methods such as transparent encryption, active encryption, and intelligent encryption, Users can deploy gradient document encryption protection with varying degrees of intensity according to the different levels of departmental confidentiality (such as core departments and ordinary departments), achieving an organic combination of technology, management, and auditing, and building a three-dimensional overall information leakage prevention system internally, achieving a balance between cost, efficiency, and security, and achieving data security of electronic documents.The Esafenet electronic document security management system has a Permission Bypass vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ESAFENET-CDG","The Esafenet electronic document security management system has a code execution vulnerability, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time: https://www.esafenet.com/dzwdaqglxt","Code Execution,Permission Bypass","","body=""CDGServer3"" || title=""电子文档安全管理系统"" || cert=""esafenet"" || body=""/help/getEditionInfo.jsp""","41345","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Apache OFBiz webtools/control/xmlrpc 远程代码执行漏洞(CVE-2023-49070)","Apache OFBiz是一个开源的企业资源规划(ERP)系统,提供了多种商业功能和模块。Apache OFBiz 在 webtools/control/xmlrpc 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","Apache_OFBiz","Apache OFBiz 在 webtools/control/xmlrpc 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://ofbiz.apache.org/security.html","代码执行","Apache OFBiz webtools/control/xmlrpc Remote Code Execution Vulnerability (CVE-2023-49070)","Apache OFBiz is an open source enterprise resource planning (ERP) system that provides a variety of business functions and modules.Apache OFBiz has a deserialization code execution vulnerability in webtools/control/xmlrpc. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","Apache_OFBiz","Apache OFBiz has a deserialization code execution vulnerability in webtools/control/xmlrpc. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability fix, please update and upgrade in time: https://ofbiz.apache.org/security.html","Code Execution","CVE-2023-49070","cert=""Organizational Unit: Apache OFBiz"" || (body=""www.ofbiz.org"" && body=""/images/ofbiz_powered.gif"") || header=""Set-Cookie: OFBiz.Visitor"" || banner=""Set-Cookie: OFBiz.Visitor""","5883","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"CrushFTP as2-to 认证权限绕过漏洞(CVE-2023-43177)","CrushFTP 是一个强大的文件传输服务器,适用于个人用户或企业用户进行安全、高效的文件传输和管理。CrushFTP 存在权限绕过漏洞,攻击者可通过构造恶意的 as2-to 请求认证,从而绕过系统权限控制,达到任意执行文件读取和删除等恶意操作。","crushftp-WebInterface","CrushFTP 存在权限绕过漏洞,攻击者可通过构造恶意的 as2-to 请求认证,从而绕过系统权限控制,达到任意执行文件读取和删除等恶意操作。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.crushftp.com/download.html","权限绕过,命令执行,信息泄露","CrushFTP as2-to Authentication Permission bypass Vulnerability (CVE-2023-43177)","CrushFTP is a powerful file transfer server suitable for secure and efficient file transfer and management for individual or enterprise users.CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete.","crushftp-WebInterface","CrashFTP has a permission bypass vulnerability, where attackers can bypass system permission control by constructing malicious as2 to request authentication, achieving arbitrary execution of malicious operations such as file read and delete.","The vendor has released a bug fix, please pay attention to the update in time: https://www.crushftp.com/download.html","Permission Bypass,Command Execution,Information Disclosure","CVE-2023-43177","server=""CrushFTP"" || header=""/WebInterface/login.html"" || banner=""/WebInterface/login.html"" || header=""/WebInterface/w3c/p3p.xml"" || banner=""/WebInterface/w3c/p3p.xml"" || title=""CrushFTP""","38695","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Splunk Enterprise XSLT 命令执行漏洞(CVE-2023-46214)","Splunk Enterprise 是美国 Splunk 公司的一套数据收集分析软件。该软件主要用于收集、索引和分析及其所产生的数据,包括所有IT系统和基础结构(物理、虚拟机和云)生成的数据。Splunk Enterprise 存在命令执行漏洞,该漏洞源于不会安全地清理用户提供的可扩展样式表语言转换 (XSLT),攻击者利用该漏洞可以上传恶意 XSLT,从而在 Splunk Enterprise 实例上远程执行命令。","splunk-Enterprise","Splunk Enterprise 存在命令执行漏洞,该漏洞源于不会安全地清理用户提供的可扩展样式表语言转换 (XSLT),攻击者利用该漏洞可以上传恶意 XSLT,从而在 Splunk Enterprise 实例上远程执行命令。","厂商已发布了漏洞修复程序,请及时关注更新:https://advisory.splunk.com/advisories/SVD-2023-1104","命令执行","Splunk Enterprise XSLT Command Execute Vulnerability (CVE-2023-46214)","Splunk Enterprise is a data collection and analysis software developed by Splunk Corporation in the United States. This software is mainly used for collecting, indexing, and analyzing the data it generates, including data generated by all IT systems and infrastructure (physical, virtual machines, and cloud).Splunk Enterprise has a command execution vulnerability that does not securely clean up user provided Extensible Stylesheet Language Transformations (XSLTs). Attackers can exploit this vulnerability to upload malicious XSLTs and remotely execute commands on Splunk Enterprise instances.","splunk-Enterprise","Splunk Enterprise has a command execution vulnerability that does not securely clean up user provided Extensible Stylesheet Language Transformations (XSLTs). Attackers can exploit this vulnerability to upload malicious XSLTs and remotely execute commands on Splunk Enterprise instances.","The vendor has released a bug fix, please pay attention to the update in time: https://advisory.splunk.com/advisories/SVD-2023-1104","Command Execution","CVE-2023-46214","body=""__splunkd_partials__"" || (header=""Set-Cookie: splunkweb_uid="" && body=""enterprise"")","134567","8.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"蓝凌 OA sys_ui_component 文件上传漏洞","蓝凌智能 OA 是由深圳市蓝凌软件股份有限公司开发,是一款针对中小企业的移动化智能办公产品,融合了钉钉数字化能力与蓝凌多年 OA 产品与服务经验,能全面满足企业日常办公在线、企业文化在线、客户管理在线、人事服务在线、行政务服务在线等需求。攻击者可以利用文件上传漏洞执行恶意代码、写入后门、读取敏感文件,从而可能导致服务器受到攻击并被控制。","Landray-OA系统","攻击者可以利用文件上传漏洞执行恶意代码、写入后门、读取敏感文件,从而可能导致服务器受到攻击并被控制。","1、请升级系统到最新版本,联系厂商修复漏洞: https://www.landray.com.cn/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","文件上传","Landray OA sys_ui_component file upload vulnerability","Landray Intelligent OA is developed by Shenzhen Lanling Software Co., Ltd. It is a mobile intelligent office product designed for small and medium-sized enterprises. It combines the digital capabilities of DingTalk and Lanling's years of OA product and service experience, and can comprehensively meet the needs of daily office, enterprise culture, customer management, personnel service, and administrative service for enterprises.Attackers can exploit file upload vulnerabilities to execute malicious code, write backdoors, and read sensitive files, which may lead to the server being attacked and taken over.","Landray-OA","Attackers can exploit file upload vulnerabilities to execute malicious code, write backdoors, and read sensitive files, which may lead to the server being attacked and taken over.","1. Please upgrade the system to the latest version and contact the manufacturer to fix the vulnerability: https://www.landray.com.cn/2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","File Upload","","body=""lui_login_message_td"" || body=""com.landray.kmss.km.archives.model.KmArchivesBorrow"" || body=""return kmss_onsubmit()"" || body=""SPRING_SECURITY_TARGET_URL"" || title=""欢迎登录智慧协同平台"" || body=""蓝凌软件 版权所有"" || header=""/resource/anonym.jsp"" || banner=""/resource/anonym.jsp""","38709","9.0","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"I Doc View 在线文档预览系统 system 远程命令执行漏洞","I Doc View在线文档预览是一款在线文档预览系统。I Doc View 版本小于 < 13.10.1_20231115 的在 system/cmd 处存在命令执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","I-Doc-View","I Doc View 在system/cmd 处存在命令执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","官方已修复漏洞,请升级 I DOC View 至 13.10.1_20231115 以上版本或联系官方获取修复方案:https://api.idocv.com。临时方案:1. 拦截受影响 API 接口的请求访问。2. 进行访问限制,只允许受信用户进行访问。","命令执行","I Doc View online document preview system remote command execution vulnerability","I Doc View online document preview is an online document preview system.I Doc View versions less than 13.10.1_20231115 have a command execution vulnerability at system/cmd. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","I-Doc-View","I Doc View has a command execution vulnerability at system/cmd. An attacker can use this vulnerability to execute arbitrary code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vulnerability has been officially fixed. Please upgrade I DOC View to version 13.10.1_20231115 or above or contact the official to get the fix plan: https://api.idocv.com.temporary plan:1. Intercept request access to the affected API interface.2. Restrict access and allow only trusted users to access.","Command Execution","","body=""I Doc View""","2936","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"浙大恩特客户资源管理系统 machord_doc.jsp 文件上传漏洞","浙大恩特客户资源管理系统是一款专注于外贸客户资源管理及订单管理产品的管理系统。浙大恩特客户资源管理系统存在安全漏洞,攻击者通过绕过并在 machord_doc.jsp 上传恶意的木马从而控制服务器。","浙大恩特客户资源管理系统","浙大恩特客户资源管理系统存在安全漏洞,攻击者通过绕过并在 machord_doc.jsp 上传恶意的木马从而控制服务器。","目前官方已发布安全补丁,请及时关注官网更新:http://www.entersoft.cn/","文件上传","Entsoft machord_doc.jsp file upload vulnerability","Zhejiang University Ente customer resource management system is a management system focusing on foreign trade customer resource management and order management products.There is a security loophole in Zhejiang University Ente's customer resource management system, and attackers can control the server by bypassing and uploading a malicious Trojan in machord_doc.jsp.","Zhejiang-Duite-Customer-Resource-MS","There is a security loophole in Zhejiang University Ente's customer resource management system, and attackers can control the server by bypassing and uploading a malicious Trojan in machord_doc.jsp.","At present, the official security patch has been released, please pay attention to the official website update in time: http://www.entersoft.cn/","File Upload","","body=""script/Ent.base.js""","9707","9.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"大华智慧园区综合管理平台 poi 文件上传漏洞","大华智慧园区综合管理平台是由大华技术股份有限公司(Dahua Technology)开发的一款综合管理解决方案。该平台旨在帮助园区管理者提高管理效率、提升安全水平、优化资源利用,并实现智能化的园区运营。大华智慧园区综合管理平台在 poi 路径处存在任意文件上传漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","dahua-智慧园区综合管理平台","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.dahuatech.com/product/info/5609.html","文件上传","Dahua Smart Park Integrated Management Platform poi file upload vulnerability","Dahua Smart Park Integrated Management Platform is a comprehensive management solution developed by Dahua Technology Co., Ltd. (Dahua Technology). The platform is designed to help park managers improve management efficiency, improve safety levels, optimize resource utilization, and achieve intelligent park operations.Dahua Smart Park Integrated Management Platform has an arbitrary file upload vulnerability in the poi path. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","dahua-Smart-Park-GMP","An attacker can use this vulnerability to execute arbitrary code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability fix, please pay attention to updates in time: https://www.dahuatech.com/product/info/5609.html","File Upload","","body=""/WPMS/asset/lib/json2.js"" || body=""src=\""/WPMS/asset/common/js/jsencrypt.min.js\"""" || (cert=""Dahua"" && cert=""DSS"") || header=""Path=/WPMS"" || banner=""Path=/WPMS""","7113","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"HIKVISION iSecure Center /lm/api/files 文件上传漏洞","HiKVISION 综合安防管理平台 iSecure Center 提供了视频、一卡通、停车场、人脸应用、事件服务、报警检测、测温应用等方面的能力开放。HiKVISION 综合安防管理平台存在任意文件上传漏洞,攻击者可通过该漏洞在服务器端上传任意文件,执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","HIKVISION-iSecure-Center","攻击者可通过该漏洞在服务器端上传任意文件,执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.hikvision.com/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件上传","HIKVISION iSecure Center /lm/api/files files file upload vulnerability","HiKVISION integrated security management platform iSecure Center provides open capabilities in video, all-in-one card, parking lot, face application, event service, alarm detection, temperature measurement application, etc.HiKVISION integrated security management platform has an arbitrary file upload vulnerability. An attacker can use this vulnerability to upload arbitrary files on the server side, execute code, write backdoors, obtain server permissions, and then control the entire web server.","HIKVISION-iSecure-Center","Attackers can use this vulnerability to upload files, execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time: https://www.hikvision.com/Temporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","File Upload","","body=""/portal/ui/static/favicon.ico"" || header=""EPORTAL_JSESSIONID"" || banner=""EPORTAL_JSESSIONID"" || body=""/portal/ui/static/"" || body=""/nginxService/v1/download/InstallRootCert.exe"" || body=""/modules/sys/license_upload.jsp""","29374","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC ServletForESBAdaptor 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC ServletForESBAdaptor Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC ContactsQueryServiceServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC ContactsQueryServiceServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC ECFileManageServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC ECFileManageServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC UserAuthenticationServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请关注更新:http://www.yonyougz.com/yonyou/yonyou-nc/","代码执行","Yonyou NC UserAuthenticationServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability fix, please pay attention to updates: http://www.yonyougz.com/yonyou/yonyou-nc/","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC UserQueryServiceServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC UserQueryServiceServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21141","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC UserSynchronizationServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC UserSynchronizationServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC NCMessageServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC NCMessageServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21141","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC FileManageServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC FileManageServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC OAUserQryServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC OAUserQryServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC OAContactsFuzzySearchServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC OAContactsFuzzySearchServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC DcUpdateRESTService 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC DcUpdateRESTService Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC OAUserAuthenticationServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC OAUserAuthenticationServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC MonitorServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC MonitorServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC ConfigResourceServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/noticeInfo?id=285","代码执行","Yonyou NC ConfigResourceServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://security.yonyou.com/#/noticeInfo?id=285","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""/Client/Uclient/UClient.dmg"" || body=""/portal/ufida.ico""","21137","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"SysAid userentry 文件上传漏洞(CVE-2023-47246)","SysAid 是一种信息技术(IT)服务管理和帮助台解决方案,旨在帮助组织更有效地管理其IT基础设施、服务台支持和用户需求。SysAid 提供了一系列的功能,包括故障报告、资产管理、问题管理、变更管理、知识库、自动化工作流程等,以帮助企业提高IT服务的效率和质量。SysAid 在 userentry 存在文件上传漏洞,攻击者可以利用文件上传漏洞执行恶意代码、写入后门、读取敏感文件,从而可能导致服务器受到攻击并被控制。","SysAid-Help-Desk","SysAid 在 userentry 存在文件上传漏洞,攻击者可以利用文件上传漏洞执行恶意代码、写入后门、读取敏感文件,从而可能导致服务器受到攻击并被控制。","官方已修复该漏洞,请用户联系厂商修复漏洞:https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification","文件上传","SysAid userentry file upload vulnerability (CVE-2023-47246)","SysAid is an information technology (IT) service management and help desk solution designed to help organizations more effectively manage their IT infrastructure, help desk support and user needs. SysAid provides a series of functions, including fault reporting, asset management, problem management, change management, knowledge base, automated workflow, etc., to help enterprises improve the efficiency and quality of IT services.SysAid has a file upload vulnerability in userentry. An attacker can use the file upload vulnerability to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled.","SysAid-Help-Desk","SysAid has a file upload vulnerability in userentry. An attacker can use the file upload vulnerability to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled.","The vulnerability has been officially fixed. Users are advised to contact the manufacturer to fix the vulnerability: https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification","File Upload","CVE-2023-47246","body=""sysaid-logo-dark-green.png"" || title=""SysAid Help Desk Software"" || body=""Help Desk software <a href=\""http://www.sysaid.com\"">by SysAid</a>""","1819","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"浙大恩特客户资源管理系统 CustomerAction.entphone 文件上传漏洞","浙大恩特客户资源管理系统是由浙江大学恩智浙大科技有限公司推出的客户关系管理(CRM)系统。该系统旨在帮助企业高效管理客户关系,提升销售业绩,促进市场营销和客户服务的优化。攻击者可以利用文件上传漏洞执行恶意代码、写入后门、读取敏感文件,从而可能导致服务器受到攻击并被控制。","浙大恩特客户资源管理系统","攻击者可以利用文件上传漏洞执行恶意代码、写入后门、读取敏感文件,从而可能导致服务器受到攻击并被控制。","1、请升级系统到最新版本,联系厂商修复漏洞:http://www.entersoft.cn/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","文件上传","Department of Customer Resource Management Zhejiang University Entphone CustomerAction.entphone file upload vulnerability","Zhejiang University Ente Customer Resource Management System is a customer relationship management (CRM) system launched by Zhejiang University Ente Zhejiang University Technology Co., Ltd. The system is designed to help companies efficiently manage customer relationships, improve sales performance, and promote the optimization of marketing and customer service.Attackers can exploit file upload vulnerabilities to execute malicious code, write backdoors, and read sensitive files, which may lead to the server being attacked and taken over.","Zhejiang-Duite-Customer-Resource-MS","Attackers can exploit file upload vulnerabilities to execute malicious code, write backdoors, and read sensitive files, which may lead to the server being attacked and taken over.","1. Please upgrade the system to the latest version and contact the manufacturer to fix the vulnerability: http://www.entersoft.cn/2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","File Upload","","body=""script/Ent.base.js""","9617","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud ClientRequestDispatch 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://security.yonyou.com/#/noticeInfo?id=420","代码执行","Yonyou U8 Cloud ClientRequestDispatch Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability repair program, please update it in time:https://security.yonyou.com/#/noticeInfo?id=420","Code Execution","","body=""请下载新版UClient""","14073","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud FileTransportServlet 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://security.yonyou.com/#/patchInfo?foreignKey=eb893884876e4bc2acd04ee40dc4cb5f","代码执行","Yonyou U8 Cloud FileTransportServlet Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability repair program, please update it in time: https://security.yonyou.com/#/patchInfo?foreignKey=eb893884876e4bc2acd04ee40dc4cb5f","Code Execution","","body=""请下载新版UClient""","14073","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud CacheInvokeServlet 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://security.yonyou.com/#/patchInfo?foreignKey=dc9efa413a644d88b55403cdc150cfea","代码执行","Yonyou U8 Cloud CacheInvokeServlet Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability repair program, please update it in time: https://security.yonyou.com/#/patchInfo?foreignKey=dc9efa413a644d88b55403cdc150cfea","Code Execution","","body=""请下载新版UClient""","14073","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud ServletCommander 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://security.yonyou.com/#/patchInfo?foreignKey=aefda22657bd4b0cb1adaf5d1ef824fd","代码执行","Yonyou U8 Cloud ServletCommander Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability repair program, please update it in time: https://security.yonyou.com/#/patchInfo?foreignKey=aefda22657bd4b0cb1adaf5d1ef824fd","Code Execution","","body=""请下载新版UClient""","14073","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud ActionHandlerServlet 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://security.yonyou.com/#/noticeInfo?id=414","代码执行","Yonyou U8 Cloud ActionHandlerServlet Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability repair program, please update it in time: https://security.yonyou.com/#/noticeInfo?id=414","Code Execution","","body=""请下载新版UClient""","14073","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud TableInputOperServlet 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://security.yonyou.com/#/noticeInfo?id=412","代码执行","Yonyou U8 Cloud TableInputOperServlet Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability repair program, please update it in time: https://security.yonyou.com/#/noticeInfo?id=412","Code Execution","","body=""请下载新版UClient""","14073","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"IP-guard WebServer view.php 远程命令执行漏洞","IP-guard 是由溢信科技股份有限公司开发的一款终端安全管理软件,旨在帮助企业保护终端设备安全、数据安全、管理网络使用和简化IT系统管理。IP-Guard 版本小于4.81.0307.0 存在漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","IP-guard","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","官方已修复漏洞,请升级 IP-guard WebServer 至4.81.0307.0版本或联系官方获取修复方案。https://www.ip-guard.net/临时修复方案:1.使用防护类设备对相关资产进行防护;2.避免将IP-guard WebServer暴露在互联网;3.在确认不影响业务的情况下,可以直接删除存在漏洞的文件(删除前注意备份)","命令执行","IP-guard WebServer view.php remote command execution vulnerability","IP-guard is a terminal security management software developed by Yixin Technology Co., Ltd. It is designed to help enterprises protect terminal equipment security, data security, manage network usage and simplify IT system management.There is a vulnerability in IP-Guard version less than 4.81.0307.0. An attacker can use this vulnerability to execute arbitrary code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","IP-Guard","An attacker can use this vulnerability to execute arbitrary code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vulnerability has been officially fixed. Please upgrade IP-guard WebServer to version 4.81.0307.0 or contact the official for a fix. https://www.ip-guard.net/Temporary fix:1. Use protective equipment to protect relevant assets;2. Avoid exposing IP-guard WebServer to the Internet;3. After confirming that it will not affect the business, you can directly delete the vulnerable files (be sure to back up before deleting)","Command Execution","","body=""LOGIN_SUCCESS_RESTART_SERVICES"" || body=""backup_db_store_path"" || body=""Sign/create_vcode"" || title=""IP-guard""","12335","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud LoginServlet 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://security.yonyou.com/#/noticeInfo?id=422","代码执行","Yonyou U8 Cloud LoginServlet Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability repair program, please update it in time: https://security.yonyou.com/#/noticeInfo?id=422","Code Execution","","body=""请下载新版UClient""","14088","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud LoggingConfigServlet 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://security.yonyou.com/#/noticeInfo?id=295","代码执行","Yonyou U8 Cloud LoggingConfigServlet Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability repair program, please update it in time: https://security.yonyou.com/#/noticeInfo?id=295","Code Execution","","body=""请下载新版UClient""","14088","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud MonitorServlet 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://security.yonyou.com/#/noticeInfo?id=261","代码执行","Yonyou U8 Cloud MonitorServlet Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability repair program, please update it in time: https://security.yonyou.com/#/noticeInfo?id=261","Code Execution","","body=""请下载新版UClient""","14088","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud MxServlet 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布漏洞修复程序,请及时更新升级:https://security.yonyou.com/#/noticeInfo?id=296","代码执行","Yonyou U8 Cloud MxServlet Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability repair program, please update it in time: https://security.yonyou.com/#/noticeInfo?id=296","Code Execution","","body=""请下载新版UClient""","14088","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"F5 BIG-IP AJP 身份认证绕过漏洞(CVE-2023-46747)","F5 BIG-IP 是一种高性能的应用交付控制器(ADC),用于提供负载均衡、应用安全、应用加速和应用智能等功能。F5 BIG-IP 通过 Apache httpd 转发 AJP 协议时存在一定问题,导致可以请求走私,绕过权限验证。攻击者可通过利用该漏洞配合后台注入,执行任意代码,获取服务器权限。","f5-BIGIP","F5 BIG-IP 通过 Apache httpd 转发 AJP 协议时存在一定问题,导致可以请求走私,绕过权限验证。攻击者可通过利用该漏洞配合后台注入,执行任意代码,获取服务器权限。","厂商已发布安全补丁,请及时关注更新:https://my.f5.com/manage/s/article/K000137353","命令执行","F5 BIG-IP AJP authentication bypass vulnerability (CVE-2023-46747)","F5 BIG-IP is a high-performance application delivery controller (ADC) that provides load balancing, application security, application acceleration, and application intelligence.There is a certain problem when F5 BIG-IP forwards the AJP protocol through Apache httpd, which results in request smuggling and bypassing permission verification. An attacker can exploit this vulnerability with background injection to execute arbitrary code and gain server permissions.","f5-BIGIP","There is a certain problem when F5 BIG-IP forwards the AJP protocol through Apache httpd, which results in request smuggling and bypassing permission verification. An attacker can exploit this vulnerability with background injection to execute arbitrary code and gain server permissions.","The manufacturer has released a security patch, please keep an eye on the updates: https://my.f5.com/manage/s/article/K000137353","Command Execution","CVE-2023-46747","body=""F5_PWS"" || title=""BIG-IP"" || body=""logoutActivexContainer""","107403","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Cisco IOS XE ebui_wsma_http 接口权限绕过漏洞(CVE-2023-20198)","Cisco IOS XE 是一个开放灵活的操作系统,针对未来的工作进行了优化。作为适用于企业有线和无线接入、聚合、核心和广域网的单一操作系统,Cisco IOS XE 可降低业务和网络复杂性。攻击者可通过权限绕过漏洞控制整个系统,最终导致系统处于极度不安全状态。","CISCO-IOS-XE","攻击者可通过权限绕过漏洞控制整个系统,最终导致系统处于极度不安全状态。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。4、禁用HTTP服务器功能,在全局配置模式下使用no ip HTTP Server或no ip HTTP secure-server命令","权限绕过","Cisco IOS XE ebui_wsma_http API Permission Bypass Vulnerability (CVE-2023-20198)","Cisco IOS Xe is an open and flexible operating system optimized for future work. As a single operating system for enterprise wired and wireless access, convergence, core and wide area networks, Cisco IOS Xe can reduce business and network complexity.Attackers can control the entire system through permission bypass vulnerabilities, and ultimately lead to an extremely insecure state of the system.","CISCO-IOS-XE","Attackers can control the entire system through permission bypass vulnerabilities, and ultimately lead to an extremely insecure state of the system.","1. The official has fixed the vulnerability. Please contact the manufacturer to fix the vulnerability:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.4. Disable the HTTP server feature and use the no ip HTTP Server or no ip HTTP secure server command in global configuration mode","Permission Bypass","CVE-2023-20198","body=""<script>window.onload=function(){ url ='/webui';window.location.href=url;}</script>""","307282","10","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"XXL-JOB accessToken 权限绕过漏洞","XXL-JOB 是一款开源的分布式任务调度平台,用于实现大规模任务的调度和执行。XXL-JOB 存在默认 accessToken ,攻击者可使用 accessToken 绕过认证权限,调用 executor,执行任意代码,从而获取服务器权限。","XXL-JOB","XXL-JOB 存在默认 accessToken ,攻击者可使用 accessToken 绕过认证权限,调用 executor,执行任意代码,从而获取服务器权限。","1.修改调度中心和执行器配置中的 xxl.job.accessToken 默认值。具体请参考:https://www.xuxueli.com/xxl-job/#5.3.1%20%E8%AE%BE%E8%AE%A1%E6%80%9D%E6%83%B32.如非必要,禁止公网访问执行器端。","权限绕过","XXL-JOB default accessToken Permission bypass Vulnerability","XXL-JOB is an open source distributed task scheduling platform for large-scale task scheduling and execution.XXL-JOB has a default accessToken, which an attacker can use to bypass authentication permissions, invoke executor, and execute arbitrary code to obtain server permissions.","XXL-JOB","XXL-JOB has a default accessToken, which an attacker can use to bypass authentication permissions, invoke executor, and execute arbitrary code to obtain server permissions.","1. Modify the default value of xxl.job.accessToken in the configuration of the dispatch center and actuator. For details, please refer to: https://www.xuxueli.com/xxl-job/#5.3.1%20%E8%AE%BE%E8%AE%A1%E6%80%9D%E6%83%B32. Disable the public network from accessing the actuator if necessary.","Permission Bypass","","body=""invalid request, HttpMethod not support.""","18489","9.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC nc.file.pub.imple.FileUploadServlet 接口远程代码执行漏洞","用友 NC 是用友网络科技股份有限公司开发的一款大型企业数字化平台。用友 NC nc.file.pub.imple.FileUploadServlet 反序列化漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.yonyou.com/2、使用 WAF 进行防护。","代码执行","UFIDA NC nc.file.pub.imple.FileUploadServlet interface remote code execution vulnerability","Yonyou NC is a large-scale enterprise digital platform developed by Yonyou Network Technology Co., Ltd.UFIDA NC nc.file.pub.imple.FileUploadServlet deserialization vulnerability allows attackers to execute arbitrary code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://www.yonyou.com/2. Use WAF for protection.","Code Execution","","(banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""../Client/Uclient/UClient.dmg"") ","21184","9","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"OneKeyAdmin 管理系统 download 路由 url 参数后台文件读取漏洞(CVE-2023-26948)","OneKeyAdmin 是一个基于 Thinkphp6 + Element 的插件化管理系统。OneKeyAdmin 允许远程攻击者通过默认密码登录 admin:123456 后台后读取本地敏感文件。","onekeyadmin","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。 ","厂商已发布了漏洞修复程序,请及时关注更新:https://www.onekeyadmin.com","默认口令,文件读取","OneKeyAdmin download routing url parameter background file reading vulnerability (CVE-2023-26948)","OneKeyAdmin is a plug-in management system based on Thinkphp6 + Element.OneKeyAdmin allows a remote attacker to read local sensitive files after logging in to the backend with a default password.","onekeyadmin","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","The vendor has released a bug fix, please pay attention to the update in time: https://www.onekeyadmin.com","Default Password,File Read","CVE-2023-26948","body=""OneKeyAdmin""","1032","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud LoginVideoServlet 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/patchInfo?foreignKey=0c3a653ac06f4fe78a4f6837755b6922","代码执行","Yonyou U8 Cloud LoginVideoServlet Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time: https://security.yonyou.com/#/patchInfo?foreignKey=0c3a653ac06f4fe78a4f6837755b6922","Code Execution","","body=""请下载新版UClient""","14011","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud FileManageServlet 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/patchInfo?foreignKey=774c7e1f220a411dbd8eb3382c4797d5","代码执行","Yonyou U8 Cloud FileManageServlet Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time: https://security.yonyou.com/#/patchInfo?foreignKey=7bd5b43e2c984a618b2b1d3f288110ae","Code Execution","","body=""请下载新版UClient""","14011","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"FreeRDP WebConnect Url 路径文件读取漏洞","FreeRDP-WebConnect 是一个开源HTML5代理,它提供对使用RDP的任何Windows服务器和工作站的Web访问。攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。"," FreeRDP-WebConnect","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://github.com/FreeRDP/FreeRDP-WebConnect2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","FreeRDP WebConnect Url Path File Read Vulnerability","FreeRDP WebConnect is an open source HTML5 agent that provides Web access to any Windows server and workstation using RDP.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","FreeRDP-WebConnect","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:https://github.com/FreeRDP/FreeRDP-WebConnect2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","File Read","","body=""css/vkb.css"" || body=""Advanced session parameters""","8813","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Tiny-File-Manager /index.php 路径未授权访问漏洞","Tiny File Manager 是一款基于Web的开源文件管理器。攻击者可通过未授权访问漏洞控制整个系统,最终导致系统处于极度不安全状态。","Tiny-File-Manager","攻击者可通过未授权访问漏洞控制整个系统,最终导致系统处于极度不安全状态。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://github.com/prasathmani/tinyfilemanager2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","未授权访问","Tiny-File-Manager /index.php Path Unauthorized Access Vulnerability","Tiny File Manager is a web-based open source file manager.Attackers can control the entire system through unauthorized access vulnerabilities, and ultimately lead to an extremely insecure state of the system.","Tiny-File-Manager","Attackers can control the entire system through unauthorized access vulnerabilities, and ultimately lead to an extremely insecure state of the system.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:https://github.com/prasathmani/tinyfilemanager2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Unauthorized Access","","body=""Tiny File Manager""","5574","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"锐捷网络 RG-EW1200G ping 接口命令执行漏洞","RG-EW1200是锐捷睿易专门为公寓家居、自建房、小商铺等场景推出的一款1200M双频无线路由器。攻击者可以任意密码登录后台,进行命令执行,进而控制整个路由器。","锐捷网络-EWEB系统","攻击者可以任意密码登录后台,进行命令执行,进而控制整个路由器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.ruijie.com.cn/","命令执行","Ruijie Networks RG-EW1200G ping api command execution vulnerability","RG-EW1200 is a 1200M dual-band wireless router specially launched by Ruijie Ruiyi for apartment homes, self-built houses, small shops and other scenarios.An attacker can log in to the backend with any password, execute commands, and then control the entire router.","Ruijie-EWEB-System","Attackers can upload webshell files to the server for command execution, thereby controlling the entire web server.","The manufacturer has released a vulnerability fix, please pay attention to updates in time: https://www.ruijie.com.cn/","Command Execution","","(body=""static/js/manifest"" && body=""/static/img/title.ico"") || title==""锐捷网络""","78513","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"Nacos jwt 权限绕过漏洞","Nacos 提供了一组简单易用的特性集,帮助您快速实现动态服务发现、服务配置、服务元数据及流量管理。Nacos 使用了默认的 secret.key,则攻击者可利用默认 secret.key 生成 JWT Token,从而造成权限绕过访问到相关 API 接口。","NACOS","Nacos 使用了默认的 secret.key,则攻击者可利用默认 secret.key 生成 JWT Token,从而造成权限绕过访问到相关 API 接口。","1、根据官方文档 https://nacos.io/zh-cn/docs/auth.html 修改secret.key 为随机值。2、升级至最新版本。","权限绕过","Nacos jwt permission bypass vulnerability","Nacos provides a simple and easy-to-use feature set to help you quickly implement dynamic service discovery, service configuration, service metadata and traffic management.Nacos uses the default secret.key, and an attacker can use the default secret.key to generate a JWT Token, thereby bypassing permissions and accessing the relevant API interface.","NACOS","Nacos uses the default secret.key, and an attacker can use the default secret.key to generate a JWT Token, thereby bypassing permissions and accessing the relevant API interface.","1. Modify secret.key to a random value according to the official document https://nacos.io/zh-cn/docs/auth.html.2. Upgrade to the latest version.","Permission Bypass",""," title=""Nacos"" || (body=""Alibaba Group Holding Ltd."" && body=""src=\""js/main.js"" && body=""console-fe"") || (banner=""/nacos/"" && (banner=""HTTP/1.1 302"" || banner=""HTTP/1.1 301 Moved Permanently"")) || banner=""realm=\""nacos""","6217","7.7","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"锐捷 NBR 路由器 rac.php 文件 path 参数文件读取漏洞","锐捷 NBR 路由器是一款锐捷网络旗下的路由器。锐捷 NBR 路由器 rac.php 文件 path 参数存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","Ruijie-NBR路由器","锐捷 NBR 路由器 rac.php 文件 path 参数存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://www.ruijie.com.cn/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","Ruijie NBR Router rac.php File path Parameter File Read Vulnerability","Ruijie NBR router is a router produced by Ruijie Networks.There is a file reading vulnerability in the path parameter of the rac.php file of Ruijie NBR router. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be extremely unsafe. state.","Ruijie-NBR-Router","There is a file reading vulnerability in the path parameter of the rac.php file of Ruijie NBR router. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be extremely unsafe. state.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:https://www.ruijie.com.cn/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","File Read","","body=""Ruijie - NBR"" || (body=""support.ruijie.com.cn"" && body=""<p>系统负荷过高,导致网络拥塞,建议降低系统负荷或重启路由器"") || body=""class=\""line resource\"" id=\""nbr_1\"""" || title=""锐捷网络 --NBR路由器--登录界面"" || title==""锐捷网络""","305708","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"锐捷 NBR 路由器 ipam.php 文件 path 参数文件读取漏洞","锐捷 NBR 路由器是一款锐捷网络旗下的路由器。锐捷 NBR 路由器 ipam.php 文件 path 参数存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","Ruijie-NBR路由器","锐捷 NBR 路由器 ipam.php 文件 path 参数存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://www.ruijie.com.cn/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","Ruijie NBR Router ipam.php File path Parameter File Read Vulnerability","Ruijie NBR router is a router produced by Ruijie Networks.There is a file reading vulnerability in the path parameter of the Ruijie NBR router's ipam.php file. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be extremely unsafe. state.","Ruijie-NBR-Router","There is a file reading vulnerability in the path parameter of the Ruijie NBR router's ipam.php file. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be extremely unsafe. state.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:https://www.ruijie.com.cn/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","File Read",""," body=""Ruijie - NBR"" || (body=""support.ruijie.com.cn"" && body=""<p>系统负荷过高,导致网络拥塞,建议降低系统负荷或重启路由器"") || body=""class=\""line resource\"" id=\""nbr_1\"""" || title=""锐捷网络 --NBR路由器--登录界面"" || title==""锐捷网络""","305708","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"金山终端安全系统 update_software_info_v2.php 文件 SQL 注入漏洞","金山终端安全系统是专门为政府、军工、能源、教育、医疗及集团化企业设计的终端安全管理平台。金山终端安全系统 Web 控制台存在 SQL 注入漏洞,攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","猎鹰安全-金山终端安全系统","金山终端安全系统 Web 控制台存在 SQL 注入漏洞,攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.ejinshan.net/lywz/index","SQL注入","Kingsoft Terminal security system update_software_info_v2.php file SQL Injection Vulnerability","Kingsoft Terminal security system is a terminal security management platform specially designed for government, military, energy, education, medical and group enterprises.The SQL injection vulnerability exists in the Web console of Kingsoft terminal security system. In addition to the SQL injection vulnerability, the attacker can obtain the information in the database (for example, the administrator's background password, the user's personal information of the site), and even write the Trojan horse to the server in the case of high permission to further obtain the server system permission.","kingsoft-TSS","The SQL injection vulnerability exists in the Web console of Kingsoft terminal security system. In addition to the SQL injection vulnerability, the attacker can obtain the information in the database (for example, the administrator's background password, the user's personal information of the site), and even write the Trojan horse to the server in the case of high permission to further obtain the server system permission.","The vendor has released a bug fix, please pay attention to the update in time:https://www.ejinshan.net/lywz/index","SQL Injection","","(body=""iepngfix/iepngfix_tilebg.js"" && body=""jquery/qtree/qtree.css"") || header=""SKYLARa0aede9e785feabae789c6e03d"" || banner=""SKYLARa0aede9e785feabae789c6e03d""","596","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Honeywell PM43 loadfile.lp 文件命令执行漏洞(CVE-2023-3710)","Honeywell PM43 是美国霍尼韦尔(Honeywell)公司的一款打印机产品。Honeywell PM43 P10.19.050004之前版本存在输入验证错误漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","Honeywell PM43 ","Honeywell PM43 P10.19.050004之前版本存在输入验证错误漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004","文件包含,文件上传,命令执行","Honeywell PM43 loadfile.lp file command execution vulnerability (CVE-2023-3710)","The Honeywell PM43 is a printer product of the American company Honeywell.Honeywell PM43P10.19.050004 and earlier versions of the input verification error vulnerability, attackers can arbitrarily execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","Honeywell PM43","Honeywell PM43P10.19.050004 and earlier versions of the input verification error vulnerability, attackers can arbitrarily execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://hsmftp.honeywell.com:443/en/Software/Printers/Industrial/PM23-PM23c-PM43-PM43c/Current/Firmware/firmwaresignedP1019050004","File Inclusion,File Upload,Command Execution","CVE-2023-3710","header=""PM43"" || banner=""PM43"" || title=""PM43"" || body=""/main/login.lua?pageid=Configure""","96","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Junos webauth_operation.php PHPRC 代码执行漏洞(CVE-2023-36845/CVE-2023-36846)","Junos 是 Juniper Networks 生产的一款可靠的高性能网络操作系统。攻击者可利用 Junos 操作系统的 J-Web 服务传入 PHPRC 环境变量,打开 allow_url_include 设置,运行传入的编码后的 PHP 代码,进入控制整个 web 服务器。","JUNIPer-Web-Device-Manager","攻击者可通过该漏洞在服务器端执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://supportportal.juniper.net/JSA72300","代码执行,文件上传","Junos webauth_operation.php PHPRC Code Execution Vulnerability (CVE-2023-36845/CVE-2023-36846)","Junos is a reliable, high-performance network operating system from Juniper Networks.An attacker can use the J-Web service of the Junos operating system to pass in the PHPRC environment variable, turn on the allow_url_include setting, run the incoming encoded PHP code, and gain control of the entire web server.","JUNIPer-Web-EQPT-Manager","Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability fix, please pay attention to updates in time: https://supportportal.juniper.net/JSA72300","Code Execution,File Upload","CVE-2023-36845"," title=""Juniper Web Device Manager"" || banner=""juniper"" || header=""juniper"" || body=""svg4everybody/svg4everybody.js"" || body=""juniper.net/us/en/legal-notices"" || body=""nativelogin_login_credentials""","43627","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"金蝶 EAS uploadLogo.action 接口文件上传漏洞","金蝶 EAS 及 EAS Cloud 是金蝶软件公司推出的一套企业级应用软件套件,旨在帮助企业实现全面的管理和业务流程优化。金蝶 EAS 及 EAS Cloud 在 uploadLogo.action 存在文件上传漏洞,攻击者可以利用文件上传漏洞执行恶意代码、写入后门、读取敏感文件,从而可能导致服务器受到攻击并被控制。","Kingdee-EAS","金蝶 EAS 及 EAS Cloud 在 uploadLogo.action 存在文件上传漏洞,攻击者可以利用文件上传漏洞执行恶意代码、写入后门、读取敏感文件,从而可能导致服务器受到攻击并被控制。","厂商已发布了漏洞修复程序,请及时关注更新:https://vip.kingdee.com/knowledge/specialDetail/164676138713728512?category=268743209985840384&id=460728139602294272&productLineId=8","文件上传","Kingdee EAS uploadLogo.action api file upload vulnerability","Kingdee EAS and EAS Cloud are an enterprise-level application software suite launched by Kingdee Software Company, aiming to help enterprises achieve comprehensive management and business process optimization.Kingdee EAS and EAS Cloud have file upload vulnerabilities in uploadLogo.action. Attackers can use the file upload vulnerabilities to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled.","Kingdee-EAS","Kingdee EAS and EAS Cloud have file upload vulnerabilities in uploadLogo.action. Attackers can use the file upload vulnerabilities to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled.","The manufacturer has released a vulnerability fix, please pay attention to updates in time: https://vip.kingdee.com/knowledge/specialDetail/164676138713728512?category=268743209985840384&id=460728139602294272&productLineId=8","File Upload","","body=""easSessionId"" || header=""easportal"" || header=""eassso/login"" || banner=""eassso/login"" || body=""/eassso/common"" || (title=""EAS系统登录"" && body=""金蝶"") || header=""EASSESSIONID"" || banner=""EASSESSIONID""","25486","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"深信服下一代防火墙 NGAF login.cgi 文件远程命令执行漏洞","深信服下一代防火墙是一款以应用安全需求出发而设计的下一代应用防火墙。深信服下一代防火墙在 login.cgi 路径下,PHPSESSID 处存在命令执行漏洞。攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","SANGFOR-NGAF","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.sangfor.com.cn/","命令执行","Sangfor next-generation firewall NGAF login.cgi remote command execution vulnerability","Sangfor next-generation firewall is a next-generation application firewall designed with application security requirements in mind.Sangfor next-generation firewall has a command execution vulnerability at the PHPSESSID under the login.cgi file. An attacker can use this vulnerability to execute arbitrary code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","SANGFOR-NGAF","An attacker can use this vulnerability to execute arbitrary code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability fix, please pay attention to updates in time: https://www.sangfor.com.cn/","Command Execution","","title=""SANGFOR | NGAF"" || banner=""Redirect.php?url=LogInOut.php"" || header=""Redirect.php?url=LogInOut.php"" || cert=""SANGFORNGAF"" || cert=""SANGFOR NGAF"" || body=""SANGFOR FW"" || title=""SANGFOR | AF "" || title=""SANGFOR AF"" || body=""if (!this.SF)"" || ((body=""SF.cookie('sangfor_session_id"" || (body=""version = _(\""异步获取提交成功,但是获取版本信息失败\"");"" && body=""this.sf = {};"")) && body!=""<div class=\""title title-login\"">登录防火墙WEB防篡改管理系统</div>"") || (body=""return decodeURIComponent(arr.join(''))"" && body=""name=\""robots\"" content=\""nofollow\"""" && cert!=""Organization: WEBUI"") || (title==""欢迎登录"" && body=""<img src=\""Captcha.php?r=123123\"" alt=\""verify_code\"" id=\""verify_code\"">"" && body=""<input type=\""hidden\"" id=\""rsa_key\"" value"")","280798","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Apache Superset Cookie 权限绕过漏洞(CVE-2023-27524)","Apache Superset 是一个开源的现代数据探索和可视化平台。Apache Superset Cookie 存在权限绕过漏洞,攻击者可通过该漏洞控制整个系统,最终导致系统处于极度不安全状态。","APACHE-Superset","Apache Superset Cookie 存在权限绕过漏洞,攻击者可通过该漏洞控制整个系统,最终导致系统处于极度不安全状态。","1、官方已经修复该漏洞,请用户联系厂商修复漏洞:https://superset.apache.org/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","命令执行,信息泄露,权限绕过","Apache Superset Cookie Permission Bypass Vulnerability (CVE-2023-30776)","Apache Superset is an open source modern data exploration and visualization platform.Apache Superset Cookie has a permission bypass vulnerability that allows an attacker to control the entire system, ultimately leaving the system in an extremely unsafe state.","APACHE-Superset","Apache Superset Cookie has a permission bypass vulnerability that allows an attacker to control the entire system, ultimately leaving the system in an extremely unsafe state.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:https://superset.apache.org/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Command Execution,Information Disclosure,Permission Bypass","CVE-2023-27524","(title=""Superset"" && (body=""appbuilder"" || body=""<img src=\""https://joinsuperset.com/img/supersetlogovector.svg"")) || body=""<a href=\""https://manage.app-sdx.preset.io\"" class=\""button\"">Back to workspaces</a></section>"" || (body=""/static/assets/dist/common.644ae7ae973b00abc14b.entry.js"" || (body=""/static/assets/images/favicon.png"" && body=""/static/appbuilder/js/jquery-latest.js"") && body=""Superset"") || header=""/superset/welcome/"" || title=""500: Internal server error | Superset"" || title=""404: Not found | Superset"" || banner=""/superset/welcome/"" || banner=""/superset/dashboard/""","56089","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"天擎终端安全管理系统 getsimilarlist status SQL 注入漏洞","奇安信天擎终端安全管理系统是注重实效的一体化终端安全解决方案。奇安信天擎 /api/client/getsimilarlist 路由的 status 参数存在 SQL 注入漏洞,攻击者可利用漏洞获取数据库中的敏感信息。","奇安信-天擎","除了利用 SQL 注入漏洞获取数据库中的信息(例如管理员后台密码、站点用户个人信息)之外,攻击者甚至可以在高权限下向服务器写入命令,进一步获取服务器系统权限。","目前没有详细的解决方案提供,请关注厂商主页更新:https://qianxin.com/product/detail/pid/330临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","SQL注入","Tianqing Terminal Security Management System getsimilarlist status SQL injection vulnerability","Qi'an Xin tianqing terminal security management system is an integrated terminal security solution that focuses on effectiveness.There is a SQL injection vulnerability in the ?status parameter of Qi'an Xin tianqing's /api/client/getsimilarlist route. An attacker can use the vulnerability to obtain sensitive information in the database.","Qianxin-TianQing","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://qianxin.com/product/detail/pid/330Temporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","SQL Injection","","header=""QiAnXin web server"" || banner=""QiAnXin web server"" || header=""360 web server"" || banner=""360 web server"" || title=""360新天擎"" || body=""appid\"":\""skylar6"" || body=""/task/index/detail?id={item.id}"" || body=""已过期或者未授权,购买请联系4008-136-360"" || title=""360天擎"" || title=""360天擎终端安全管理系统""","3223","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"ERPNext frappe.model.db_query.get_list 文件 filters 参数 SQL 注入漏洞","ERPNext 是一套开源的企业资源计划系统。ERPNext frappe.model.db_query.get_list 文件 filters 参数存在 SQL 注入漏洞,攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","ERPNext ","ERPNext frappe.model.db_query.get_list 文件 filters 参数存在 SQL 注入漏洞,攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://github.com/frappe/erpnext2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","ERPNext frappe.model.db_query.get_list File filters Parameter SQL Injection Vulnerability","ERPNext is an open source enterprise resource planning system.There is a SQL injection vulnerability in the filters parameter of the ERPNext frappe.model.db_query.get_list file. In addition to using the SQL injection vulnerability to obtain information in the database (for example, administrator backend password, site user personal information), attackers can even use high privileges to obtain information in the database. In this case, Trojans can be written to the server to further obtain server system permissions.","ERPNext ","There is a SQL injection vulnerability in the filters parameter of the ERPNext frappe.model.db_query.get_list file. In addition to using the SQL injection vulnerability to obtain information in the database (for example, administrator backend password, site user personal information), attackers can even use high privileges to obtain information in the database. In this case, Trojans can be written to the server to further obtain server system permissions.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:https://github.com/frappe/erpnext2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","SQL Injection","","(body=""ERPNext"" && (title=""Login"" || header=""Set-Cookie: system_user="")) || body=""src=\""/assets/erpnext/dist/js/erpnext-web.bundle.VAACRQHC.js"" || header=""/assets/erpnext/zuse/css/site.css"" || header=""/assets/erpnext/day/assets/vendor/"" || header=""/assets/erpnext/dist/js/erpnext"" || banner=""erpnext-web.bundle.js"" || header=""erpnext-web.bundle.js"" || banner=""/assets/erpnext/dist/js/erpnext"" || banner=""/assets/js/erpnext-web.min.js"" || header=""/assets/js/erpnext-web.min.js"" || body=""href=\""/assets/css/erpnext-web.css"" || body=""src=\""/assets/js/erpnext-web.min.js"" || header=""ERPNext"" || banner=""ERPNext""","96103","8.8 ","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"JeeSpringCloud uploadFile.jsp 文件上传漏洞","JeeSpringCloud 是一款免费开源的 Java 互联网云快速开发平台。JeeSpringCloud 访问 /static/uploadify/uploadFile.jsp 可上传任意文件,并可通过 uploadPath 参数指定文件上传路径,导致服务器被控制。","JeeSpringCloud","攻击者可通过该漏洞在服务器端写入后门,执行代码,获取服务器权限,进而控制整个 web 服务器。","目前没有详细的解决方案提供,请关注项目更新:https://gitee.com/JeeHuangBingGui/jeeSpringCloud临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件上传","JeeSpringCloud uploadFile.jsp file upload vulnerability","JeeSpringCloud is a free and open source Java Internet cloud rapid development platform.JeeSpringCloud can upload any file by accessing /static/uploadify/uploadFile.jsp and specify the file upload path through the ?uploadPath parameter, causing the server to be controlled.","JeeSpringCloud","An attacker can use this vulnerability to write a backdoor on the server side, execute code, obtain server permissions, and then control the entire web server.","There is currently no detailed solution provided, please pay attention to project updates: https://gitee.com/JeeHuangBingGui/jeeSpringCloudTemporary fix:1. Set access policies through security devices such as firewalls and set whitelist access.2. Unless necessary, it is prohibited to access the system from the public network.","File Upload","","body=""/jeeSpringStatic/plugs/jquery/jquery"" || header=""com.jeespring.session.id"" || header=""com.jeespring.session.id""","282","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Atlassian Confluence 权限绕过漏洞(CVE-2023-22515)","Atlassian Confluence 是 Atlassian 开发的一款建基于网络企业维基 (collaboration software) 的软件。Atlassian Confluence 数据中心和服务器存在漏洞,利用 /server-info.action 端点传递 bootstrapStatusProvider.applicationConfig.setupComplete 参数,使服务器处于安装未完成状态,以访问受限制的端点并创建未经授权的 Confluence 管理员帐户,登录 Confluence 实例后台。","ATLASSIAN-Confluence","Atlassian Confluence 数据中心和服务器存在漏洞,利用 /server-info.action 端点传递 bootstrapStatusProvider.applicationConfig.setupComplete 参数,使服务器处于安装未完成状态,以访问受限制的端点并创建未经授权的 Confluence 管理员帐户,登录 Confluence 实例后台。","厂商已发布了漏洞修复程序,请及时关注更新:https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html","权限绕过","Atlassian Confluence permission bypass vulnerability (CVE-2023-22515)","Atlassian Confluence is a software developed by Atlassian based on the online enterprise wiki (collaboration software).A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend.","ATLASSIAN-Confluence","A vulnerability exists in the Atlassian Confluence data center and server. The /server-info.action endpoint is used to pass the bootstrapStatusProvider.applicationConfig.setupComplete parameter, leaving the server in an incomplete state to access restricted endpoints and create unauthorized Confluence administrator accounts. Log in to the Confluence instance backend.","The vendor has released a bug fix, please pay attention to the update in time: https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html","Permission Bypass","CVE-2023-22515","header=""Confluence"" || banner=""Confluence"" || body=""confluence-base-url"" || body=""com-atlassian-confluence"" || title=""Atlassian Confluence"" || (title==""Errors"" && body=""Confluence"")","97667","10.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Microsoft SharePoint Authorization 接口权限绕过漏洞(CVE-2023-29357)","Microsoft SharePoint 是美国微软(Microsoft)公司的一套企业业务协作平台。该平台用于对业务信息进行整合,并能够共享工作、与他人协同工作、组织项目和工作组、搜索人员和信息。Microsoft SharePoint 认证接口存在权限绕过漏洞,攻击者可以通过绕过安全机制,获取管理员权限,接管系统后台,恶意执行代码、写入后门、读取敏感文件,从而导致服务器受到攻击并被控制。","Microsoft-SharePoint","Microsoft SharePoint 认证接口存在权限绕过漏洞,攻击者可以通过绕过安全机制,获取管理员权限,接管系统后台,恶意执行代码、写入后门、读取敏感文件,从而导致服务器受到攻击并被控制。","厂商已发布了漏洞修复程序,请及时关注更新:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357","权限绕过","Microsoft SharePoint Authorization Api Permission Bypass Vulnerability (CVE-2023-29357)","Microsoft SharePoint is an enterprise business collaboration platform of Microsoft Corporation in the United States. This platform is used to integrate business information, and can share work, collaborate with others, organize projects and workgroups, search for people and information.There is a privilege bypass vulnerability in the Microsoft SharePoint authentication interface, which allows attackers to bypass security mechanisms, obtain administrator privileges, take over the system backend, maliciously execute code, write backdoors, and read sensitive files, resulting in the server being attacked and controlled.","Microsoft-SharePoint","There is a privilege bypass vulnerability in the Microsoft SharePoint authentication interface, which allows attackers to bypass security mechanisms, obtain administrator privileges, take over the system backend, maliciously execute code, write backdoors, and read sensitive files, resulting in the server being attacked and controlled.","The manufacturer has released a vulnerability fix, please pay attention to updates in time: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357","Permission Bypass","CVE-2023-29357","header=""Microsoftsharepointteamservices"" || header=""X-Sharepointhealthscore"" || header=""Sharepointerror"" || header=""Sprequestduration"" || body=""content=\""Microsoft SharePoint"" || body=""content=\""SharePoint Team"" || body=""id=\""MSOWebPartPage_PostbackSource"" || banner=""Microsoftsharepointteamservices"" || banner=""X-Sharepointhealthscore"" || banner=""Sharepointerror"" || banner=""Sprequestduration""","1269857","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"JetBrains TeamCity 远程命令执行漏洞(CVE-2023-42793)","JetBrains TeamCity 是 JetBrains 公司开发的一款通用 CI/CD 软件平台。JetBrains TeamCity 可通过访问 /app/rest/users/{{id}}/tokens/RPC2 端点获取对应 id 用户的有效 token,携带 admin token 访问受限端点导致远程命令执行或创建后台管理员用户。","JET_BRAINS-TeamCity","JetBrains TeamCity 可通过访问 /app/rest/users/{{id}}/tokens/RPC2 端点获取对应 id 用户的有效 token,携带 admin token 访问受限端点导致远程命令执行或创建后台管理员用户。","厂商已发布了漏洞修复程序,请及时关注更新:https://blog.jetbrains.com/teamcity/2023/09/critical-security-issue-affecting-teamcity-on-premises-update-to-2023-05-4-now/","权限绕过,命令执行","JetBrains TeamCity remote command execution vulnerability (CVE-2023-42793)","JetBrains TeamCity is a general CI/CD software platform developed by JetBrains.JetBrains TeamCity can obtain the valid token of the corresponding id user by accessing the /app/rest/users/{{id}}/tokens/RPC2 endpoint. Accessing the restricted endpoint with the admin token will cause remote command execution or the creation of a background administrator user.","JET_BRAINS-TeamCity","JetBrains TeamCity can obtain the valid token of the corresponding id user by accessing the /app/rest/users/{{id}}/tokens/RPC2 endpoint. Accessing the restricted endpoint with the admin token will cause remote command execution or the creation of a background administrator user.","The vendor has released a bug fix, please pay attention to the update in time: https://blog.jetbrains.com/teamcity/2023/09/critical-security-issue-affecting-teamcity-on-premises-update-to-2023-05-4-now/","Command Execution,Permission Bypass","CVE-2023-42793","header=""Teamcity"" || banner=""Teamcity"" || title=""TeamCity"" || body=""content=\""TeamCity (Log in to TeamCity""","26963","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"深信服下一代防火墙 loadfile.php 文件读取漏洞","深信服下一代防火墙是一款以应用安全需求出发而设计的下一代应用防火墙。深信服下一代防火墙在 loadfile.php 处存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","SANGFOR-NGAF","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","目前已发布解决方案,请关注厂商主页更新:https://www.sangfor.com.cn/","文件读取","Sangfor Next Generation Firewall loadfile.php file reading vulnerability","Sangfor next-generation firewall is a next-generation application firewall designed with application security requirements in mind.Sangfor next-generation firewall has a file reading vulnerability in loadfile.php. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.","SANGFOR-NGAF","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.","The solution has been released so far, please pay attention to the manufacturer's homepage for updates: https://www.sangfor.com.cn/","File Read","","title=""SANGFOR | NGAF"" || banner=""Redirect.php?url=LogInOut.php"" || header=""Redirect.php?url=LogInOut.php"" || cert=""SANGFORNGAF"" || cert=""SANGFOR NGAF"" || body=""SANGFOR FW"" || title=""SANGFOR | AF "" || title=""SANGFOR AF"" || body=""if (!this.SF)"" || ((body=""SF.cookie('sangfor_session_id"" || (body=""version = _(\""异步获取提交成功,但是获取版本信息失败\"");"" && body=""this.sf = {};"")) && body!=""<div class=\""title title-login\"">登录防火墙WEB防篡改管理系统</div>"") || (body=""return decodeURIComponent(arr.join(''))"" && body=""name=\""robots\"" content=\""nofollow\"""" && cert!=""Organization: WEBUI"") || (title==""欢迎登录"" && body=""<img src=\""Captcha.php?r=123123\"" alt=\""verify_code\"" id=\""verify_code\"">"" && body=""<input type=\""hidden\"" id=\""rsa_key\"" value"")","281045","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Joomla Web Api 接口未授权访问漏洞(CVE-2023-23752)","Joomla是一个免费开源的内容管理系统(CMS),用于发布 Web 内容。攻击者可通过未授权访问漏洞控制整个系统,最终导致系统处于极度不安全状态。","Joomla","攻击者可通过未授权访问漏洞控制整个系统,最终导致系统处于极度不安全状态。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.Joomla.org/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","信息泄露,未授权访问","Joomla Web Api Interface Unauthorized Access Vulnerability (CVE-2023-23752)","Joomla is a free and open-source content management system (CMS) for publishing web content.Attackers can control the entire system through unauthorized access vulnerabilities, and ultimately lead to an extremely insecure state of the system.","Joomla","Attackers can control the entire system through unauthorized access vulnerabilities, and ultimately lead to an extremely insecure state of the system.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.Joomla.org/2. Set access policies and whitelist access through security devices such as firewalls. 3. If not necessary, prohibit public network access to the system.","Information Disclosure,Unauthorized Access","CVE-2023-23752","((body=""content=\""Joomla"" && (body=""name=\""generator\"" content=\""Joomla"" || body=""name=\""author\"" content=\""Joomla"" || body=""name=\""keywords\"" content=\""joomla"" || body=""Joomla! - Open Source Content Management"" || body=""Joomla! 1.5 - Open Source Content Management""))) && body!=""couchdb"" && body!=""whmcscontainer"" && title!=""Waiting for the redirectiron..."" && body!=""name=\""generator\"" content=\""WordPress"" && header!=""wp-json"" && header!=""WordPress"" && body!=""<title>Posibolt ERP</title>"" && body!=""content=\""JIRA""","2634271","7.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"metersphere /api/jmeter/download/files 路径文件读取漏洞 (CVE-2023-25573)","MeterSphere 是一站式开源持续测试平台, 涵盖测试跟踪、接口测试、UI 测试和性能测试等功能,全面兼容 JMeter、Selenium 等主流开源标准。攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","FIT2CLOUD-MeterSphere","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://github.com/metersphere/metersphere2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","MeterSphere /api/jmeter/download/files Path File Read Vulnerability (CVE-2023-25573)","MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing, and is fully compatible with mainstream open source standards such as JMeter and Selenium.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","FIT2CLOUD-MeterSphere","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:https://github.com/metersphere/metersphere2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","File Read","CVE-2023-25573","title=""MeterSphere""","2421","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Cockpit assetsmanager/upload 文件上传漏洞(CVE-2023-1313)","Cockpit 是一个自托管、灵活且用户友好的无头内容平台,用于创建自定义数字体验。Cockpit 存在文件上传漏洞,攻击者可通过该漏洞在服务器端任意上传代码,写入后门,获取服务器权限,进而控制整个web服务器。","cockpit","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。 ","厂商已发布了漏洞修复程序,请及时关注更新:https://github.com/cockpit-hq/cockpit","文件上传","Cockpit assetsmanager/upload file upload vulnerability (CVE-2023-1313)","Cockpit is a self-hosted, flexible and user-friendly headless content platform for creating custom digital experiences.Cockpit has a file upload vulnerability, which allows attackers to upload arbitrary files, leading to server control, etc.","cockpit","Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:https://github.com/cockpit-hq/cockpit","File Upload","CVE-2023-1313","title=""Authenticate Please!"" || body=""password:this.refs.password.value"" || body=""UIkit.components.formPassword.prototype.defaults.lblShow"" || body=""App.request('/auth/check'""","3185","7.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Smartbi DB2 JDBC 任意代码执行漏洞","Smartbi 是思迈特软件推出的商业智能BI软件,满足 BI 产品的发展阶段。思迈特软件整合了各行业的数据分析和决策支持的功能需求,满足最终用户在企业级报表、数据可视化分析、自助探索分析、数据挖掘建模、AI 智能分析等场景的大数据分析需求。Smartbi V7 与 V10.5.8 版本之间存在越权访问后台接口漏洞,结合 DB2 JDBC 利用方式,绕过防御检查,可导致 JNDI 注入漏洞,执行任意代码,获取服务器权限。","SMARTBI","Smartbi V7 与 V10.5.8 版本之间存在越权访问后台接口漏洞,结合 DB2 JDBC 利用方式,绕过防御检查,可导致 JNDI 注入漏洞,执行任意代码,获取服务器权限。","目前官方已经发布安全补丁,请更新至 V10.5.8 版本。补丁地址:https://www.smartbi.com.cn/patchinfo","代码执行","Smartbi DB2 JDBC Arbitrary Code Execution Vulnerability","Smartbi is a business intelligence BI software launched by Smart Software, which meets the development stage of BI products. Smart software integrates the functional requirements of data analysis and decision support in various industries to meet the big data analysis needs of end users in enterprise-level reports, data visualization analysis, self-service exploration analysis, data mining modeling, AI intelligent analysis and other scenarios.There is an unauthorized access background interface vulnerability between Smartbi V7 and V10.5.8. Combining DB2 JDBC exploitation and bypassing defense checks can lead to JNDI injection vulnerabilities, executing arbitrary code, and obtaining server privileges.","SMARTBI","There is an unauthorized access background interface vulnerability between Smartbi V7 and V10.5.8. Combining DB2 JDBC exploitation and bypassing defense checks can lead to JNDI injection vulnerabilities, executing arbitrary code, and obtaining server privileges.","Currently, the official security patch has been released. Please update to V10.5.8. Patch address: https://www.smartbi.com.cn/patchinfo","Code Execution","","(body=""gcfutil = jsloader.resolve('smartbi.gcf.gcfutil')"") || body=""gcfutil = jsloader.resolve('smartbi.gcf.gcfutil')""","291","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"JeecgBoot 开发平台默认口令漏洞","JeecgBoot是一款基于代码生成器的低代码开发平台。JeecgBoot 存在默认口令 admin/123456。","JeecgBoot-企业级低代码平台","攻击者可通过默认口令漏洞控制整个平台,使用管理员权限操作核心的功能。 ","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","JeecgBoot Default Password Vulnerability","JeecgBoot is a low -code development platform based on code generator.JeecgBoot has a default password of admin/123456.","JEECGBOOT-Ent-Low-CP","Attackers can control the entire platform through default password vulnerabilities and use administrator privileges to operate core functions.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.2. If not necessary, prohibit public network access to the system.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","title==""JeecgBoot 企业级低代码平台""","4004","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"大华 DSS 数字监控系统 itcBulletin 路径 netMarkings 参数 SQL 注入漏洞","大华 DSS 数字监控系统是大华开发的一款安防视频监控系统,拥有实时监视、云台操作、录像回放、报警处理、设备管理等功能。攻击者可向 /portal/services/itcBulletin 路由发送特殊构造的数据包,利用报错注入获取数据库敏感信息。","dahua-DSS","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","目前没有详细的解决方案提供,请关注厂商主页更新:https://www.dahuatech.com/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","SQL注入","Dahua DSS Digital Surveillance System itcBulletin netMarkings SQL Injection Vulnerability","Dahua DSS digital surveillance system is a security video surveillance system developed by Dahua. It has functions such as real-time monitoring, PTZ operation, video playback, alarm processing, and equipment management.An attacker can send specially constructed data packets to the /portal/services/itcBulletin route and use error injection to obtain sensitive database information.","dahua-DSS","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://www.dahuatech.com/Temporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","SQL Injection","","body=""<meta http-equiv=\""refresh\"" content=\""1;url='/admin'\""/>"" || body=""dahuaDefined/headCommon.js"" || title==""DSS""","0","7.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WeiPHP 微信开发平台 _send_by_group 文件 group_id 参数 SQL 注入漏洞","weiphp 是一个开源,高效,简洁的微信开发平台,基于 oneThink 内容管理框架实现。 weiphp 5.0 版本 _send_by_group 存在 SQL 注入漏洞,攻击者可获取数据库用户名密码等敏感信息。","WeiPHP","除了利用 SQL 注入漏洞获取数据库中的信息(例如管理员后台密码、站点用户个人信息)之外,攻击者甚至可以在高权限下向服务器写入命令,进一步获取服务器系统权限。","厂商已发布了漏洞修复程序,请及时关注更新:http://www.weiphp.cn/","SQL注入","WeiPHP _send_by_group group_id SQL Injection Vulnerability","weiphp is an open source, efficient and concise WeChat development platform, implemented based on the oneThink content management framework.Weiphp version 5.0 _send_by_group has a SQL injection vulnerability, which allows an attacker to obtain sensitive information such as database username and password.","WeiPHP","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","The vendor has released a bug fix, please pay attention to the update in time: http://www.weiphp.cn/.","SQL Injection","","body=""/css/weiphp.css"" || body=""WeiPHP""","4642","8.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"CommScope ARRIS TR4400 无线路由器 basic_sett.html 信息泄露漏洞(CVE-2019-15806)","CommScope ARRIS TR4400是美国康普(CommScope)公司的一款无线路由器。攻击者通过构造特殊URL地址,读取系统敏感信息。","ARRIS-TR4400","攻击者通过构造特殊URL地址,读取系统敏感信息。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://www.commscope.com2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","信息泄露","CommScope ARRIS TR4400 Wireless Router basic_sett.html Information Disclosure Vulnerability (CVE-2019-15806)","CommScope ARRIS TR4400 is a wireless router made by CommScope.The attacker reads the sensitive information of the system by constructing a special URL address.","ARRIS-TR4400","The attacker reads the sensitive information of the system by constructing a special URL address.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:https://www.commscope.com2. Set access policies and whitelist access through security devices such as firewalls. 3. If not necessary, prohibit public network access to the system.","Information Disclosure","CVE-2019-15806","body=""base64encode(document.tF.pws.value)"" || body=""ARRIS TR3300""","224","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"EduSoho 教培系统 open 文件 file 参数文件读取漏洞","EduSoho 教培系统是由杭州阔知网络科技研发的开源网校系统。通过向 /app_dev.php/_profiler/open 端点发送 ?file 参数可以读取到 app/config/parameters.yml 文件的内容,拿到该文件中保存的 secret 值以及数据库账号密码等敏感信息。","EduSoho-开源网络课堂","攻击者可以利用该漏洞读取重要的系统文件(如数据库配置文件、系统配置文件)、数据库配置文件等,使得网站不安全。","目前没有详细的解决方案提供,请关注厂商主页更新:http://www.edusoho.com/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件读取","EduSoho education and training system open file file parameter file reading vulnerability","EduSoho education and training system is an open source online school system developed by Hangzhou Kuozhi Network Technology.By sending the ?file parameter to the /app_dev.php/_profiler/open endpoint, you can read the contents of the app/config/parameters.yml file and get sensitive information such as the secret value and database account password saved in the file.","EduSoho-Network-Classroom","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, resulting in an extremely insecure state of the website.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: http://www.edusoho.com/Temporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","File Read","","body=""Powered By EduSoho"" || body=""www.edusoho.com""","17387","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"ADVANTECH WebAccess 默认口令漏洞","Advantech WebAccess 是一款完全基于IE浏览器的 HMI/SCADA 监控软件。该系统存在默认口令,攻击者可通过默认口令(admin:空)控制整个平台,使用管理员权限操作核心功能。","ADVANTECH-WebAccess","攻击者可通过默认口令漏洞控制整个平台,使用管理员权限操作核心的功能。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","ADVANTECH WebAccess Default Password Vulnerability","Advantech WebAccess is a HMI/SCADA monitoring software completely based on IE browser. The system has a default password. An attacker can control the entire platform with the default password (admin:null) and operate the core functions with administrator privileges.","ADVANTECH-WebAccess","Attackers can control the entire platform through the default password vulnerability, and use administrator privileges to operate core functions.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers and special characters, and the number of digits is greater than 8.2. If it is not necessary, it is forbidden to access the system from the public network.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","body=""broadweb""","696","7.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Masa CMS /_api/json/v1/default/content/ 路径 fields 参数未授权访问漏洞(CVE-2022-47002)","Masa CMS是一个基于开源技术的企业内容管理平台。Masa CMS 允许您快速有效地提供个性化的互联网和内联网网站以及移动应用程序。攻击者可通过未授权访问漏洞控制整个系统,最终导致系统处于极度不安全状态。","masa-cms","攻击者可通过未授权访问漏洞控制整个系统,最终导致系统处于极度不安全状态。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://www.murasoftware.com/mura-cms2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","权限绕过","Masa CMS /_api/json/v1/default/content/ Path fields Parameter Permission Bypass Vulnerability (CVE-2022-47002)","Masa CMS is an enterprise content management platform based on open source technology. Masa CMS allows you to quickly and effectively provide personalized internet and intranet websites as well as mobile applications.Attackers can control the entire system through unauthorized access vulnerabilities, and ultimately lead to an extremely insecure state of the system.","Masa-cms","Attackers can control the entire system through unauthorized access vulnerabilities, and ultimately lead to an extremely insecure state of the system.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:https://www.murasoftware.com/mura-cms.2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Permission Bypass","CVE-2022-47002","body=""Mura CMS"" || header=""Mura CMS"" || banner=""Mura CMS""","11332","8.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"万户 ezOFFICE DocumentEdit_deal.jsp 文件 RecordID 参数 SQL 注入漏洞","万户 ezOFFICE 是面向政府组织及企事业单位的 FlexOffice 自主安全协同办公平台。万户 ezOFFICE DocumentEdit_deal.jsp 文件存在 SQL 注入漏洞,攻击者可通过该漏洞获取数据库敏感信息。","万户ezOFFICE协同管理平台","除了利用 SQL 注入漏洞获取数据库中的信息(例如管理员后台密码、站点用户个人信息)之外,攻击者甚至可以在高权限下向服务器写入命令,进一步获取服务器系统权限。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.whir.net/","SQL注入","Whir ezOFFICE DocumentEdit_deal.jsp file RecordID parameter SQL injection vulnerability","Whir ezOFFICE is a FlexOffice independent and secure collaborative office platform for government organizations, enterprises and institutions.Whir ezOFFICE DocumentEdit_deal.jsp file has a SQL injection vulnerability, which allows an attacker to obtain sensitive database information.","Wanjia-EZOffice-Collaborative-MP","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","The vendor has released a bug fix, please pay attention to the update in time: https://www.whir.net/.","SQL Injection","","title=""ezOFFICE协同管理平台"" || title=""Wanhu ezOFFICE"" || title=""ezOffice for iPhone"" || body=""EZOFFICEUSERNAME"" || body=""whirRootPath"" || body=""/defaultroot/js/cookie.js"" || header=""LocLan"" || banner=""LocLan"" || header=""OASESSIONID="" || banner=""OASESSIONID="" || banner=""/defaultroot/sp/login.jsp"" || header=""/defaultroot/sp/login.jsp"" || body=""whir.util.js"" || body=""var ezofficeUserPortal_""","6706","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"HWL-2511-SS popen.cgi 命令执行漏洞(CVE-2022-36553)","Hytec Inter HWL-2511-SS 是日本Hytec Inter公司的一种工业 LTE 路由器和 Wi-Fi 接入点。Hytec Inter HWL-2511-SS v1.05 及之前存在安全漏洞,该漏洞源于 CLI 允许攻击者以 root 权限执行任意命令。","Hytec Inter HWL-2511-SS","Hytec Inter HWL-2511-SS v1.05 及之前存在安全漏洞,该漏洞源于 CLI 允许攻击者以 root 权限执行任意命令。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://hytec.co.jp/eng/wordpress/wp-content/uploads/2019/09/hwl-2511-ss-ds.3.0.pdf","命令执行","HWL-2511-SS popen.cgi command execution vulnerability (CVE-2022-36553)","Hytec Inter HWL-2511-SS is an industrial LTE router and Wi-Fi access point from Hytec Inter, Japan.Hytec Inter HWL-2511-SS v1.05 and earlier has a security vulnerability that stems from the CLI allowing attackers to execute arbitrary commands with root privileges.","Hytec Inter HWL-2511-SS","Hytec Inter HWL-2511-SS v1.05 and earlier has a security vulnerability that stems from the CLI allowing attackers to execute arbitrary commands with root privileges.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch: https://hytec.co.jp/eng/wordpress/wp-content/uploads/2019/09/hwl-2511-ss-ds.3.0.pdf","Command Execution","CVE-2022-36553","body=""app/feature/portForwarding.js"" || body=""app/app.translate-config.js""","3176","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"万户 ezOFFICE DocumentEdit.jsp SQL注入漏洞","万户 ezOFFICE 是面向政府组织及企事业单位的 FlexOffice 自主安全协同办公平台。万户 ezOFFICE DocumentEdit.jsp 存在SQL注入漏洞。由于'DocumentID'参数缺乏过滤,允许攻击者利用漏洞获取数据库敏感信息。","万户网络-ezOFFICE","万户 ezOFFICE DocumentEdit.jsp 存在SQL注入漏洞。由于'DocumentID'参数缺乏过滤,允许攻击者利用漏洞获取数据库敏感信息。","厂商尚未提供漏洞修补方案,请关注厂商主页及时更新: http://www.whir.net/","SQL注入","Whir ezOFFICE DocumentEdit.jsp SQL injection vulnerability","Whir ezOFFICE is a FlexOffice independent and secure collaborative office platform for government organizations, enterprises and institutions.Whir ezOFFICE DocumentEdit.jsp has a SQL injection vulnerability. The lack of filtering on the 'DocumentID' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information.","Whir-ezOFFICE","Wanhu ezOFFICE DocumentEdit.jsp has a SQL injection vulnerability. The lack of filtering on the 'DocumentID' parameter allows an attacker to exploit the vulnerability to obtain sensitive database information.","The manufacturer has not yet provided a vulnerability patching solution, please pay attention to the manufacturer's homepage for timely updates: http://www.whir.net/","SQL Injection","","title=""ezOFFICE协同管理平台"" || title=""Wanhu ezOFFICE"" || title=""ezOffice for iPhone"" || body=""EZOFFICEUSERNAME"" || body=""whirRootPath"" || body=""/defaultroot/js/cookie.js"" || header=""LocLan"" || banner=""LocLan"" || header=""OASESSIONID="" || banner=""OASESSIONID="" || banner=""/defaultroot/sp/login.jsp"" || header=""/defaultroot/sp/login.jsp"" || body=""whir.util.js"" || body=""var ezofficeUserPortal_""","6730","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"PHP User-Agentt 远程代码执行漏洞","PHP 是一种流行的服务器端脚本语言,主要用于开发动态网站和 Web 应用程序。PHP 在 8.1.0-dev 版本中存在后门漏洞,攻击者可以通过发送 User-Agentt 头来执行任意代码,获取服务器权限,进而控制整个 web 服务器。","php","PHP 在 8.1.0-dev 版本中存在后门漏洞,攻击者可以通过发送User-Agentt头来执行任意代码,获取服务器权限,进而控制整个web服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.php.net/downloads","代码执行,文件上传","PHP User-Agentt remote code execution vulnerability","PHP is a popular server-side scripting language primarily used for developing dynamic websites and web applications.PHP has a backdoor vulnerability in version 8.1.0-dev, which allows attackers to execute arbitrary code by sending a User Agent header, gain server privileges, and then control the entire web server.","php","PHP has a backdoor vulnerability in version 8.1.0-dev, which allows attackers to execute arbitrary code by sending a User Agent header, gain server privileges, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time: https://www.php.net/downloads","Code Execution,File Upload","","header=""PHP/8.1.0-dev"" || banner=""PHP/8.1.0-dev""","70","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"万户 ezOFFICE convertFile 文件读取漏洞","万户 ezOFFICE 是面向政府组织及企事业单位的FlexOffice自主安全协同办公平台。万户ezOFFICE协同管理平台存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","万户网络-ezOFFICE","万户ezOFFICE协同管理平台存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.whir.net/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","Whir ezOFFICE convertFile file reading vulnerability","Whir ezOFFICE is a FlexOffice independent and secure collaborative office platform for government organizations, enterprises and institutions.There is a file reading vulnerability in the Wanhu ezOFFICE collaborative management platform. An attacker can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely unsafe state.","Whir-ezOFFICE","There are file reading vulnerabilities in the Wanhu ezOFFICE Collaborative Management Platform.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://www.whir.net/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","File Read","","title=""ezOFFICE协同管理平台"" || title=""Wanhu ezOFFICE"" || title=""ezOffice for iPhone"" || body=""EZOFFICEUSERNAME"" || body=""whirRootPath"" || body=""/defaultroot/js/cookie.js"" || header=""LocLan"" || banner=""LocLan"" || header=""OASESSIONID="" || banner=""OASESSIONID="" || banner=""/defaultroot/sp/login.jsp"" || header=""/defaultroot/sp/login.jsp"" || body=""whir.util.js"" || body=""var ezofficeUserPortal_""","6730","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"泛微 E-office json_common.php tfs SQL 注入漏洞","泛微 e-office 是泛微公司面向中小型组织推出的 OA 产品。泛微 e-office 在向 /building/json_common.php POST 发送 tfs 参数时存在 SQL 注入漏洞。","泛微-EOffice","除了利用 SQL 注入漏洞获取数据库中的信息(例如管理员后台密码、站点用户个人信息)之外,攻击者甚至可以在高权限下向服务器写入命令,进一步获取服务器系统权限。","目前没有详细的解决方案提供,请关注厂商主页更新:https://service.e-office.cn/download临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","SQL注入","Weaver e-office json_common.php tfs SQL injection vulnerability","Weaver E-office is an OA product launched by Weaver for small and medium-sized organizations.There is a SQL injection vulnerability in Weaver E-office when sending tfs parameters to /building/json_common.php POST.","Weaver-EOffice","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://service.e-office.cn/downloadTemporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","SQL Injection","","body=""href=\""/eoffice"" || body=""/eoffice10/client"" || body=""eoffice_loading_tip"" || body=""eoffice_init"" || header=""general/login/index.php"" || banner=""general/login/index.php"" || body=""/general/login/view//images/updateLoad.gif"" || (body=""szFeatures"" && body=""eoffice"") || header=""eOffice"" || banner=""eOffice""","21647","7.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"泛微 E-office flow_xml.php 文件 SORT_ID 参数 SQL 注入漏洞","泛微 E-Office 是面向中小型组织推出的 OA 产品,由泛微网络科技股份有限公司开发。泛微 E-office 在 flow_xml.php 存在SQL注入漏洞,攻击者可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)。","泛微-EOffice","攻击者可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)。","1、对漏洞点传入的参数进行严格的过滤,防止sql注入。2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","Weaver E-office flow_xml.php file SORT_ID parameter SQL injection vulnerability","Weaver e-office is an OA product for small and medium-sized organizations, developed by Weaver Network Technology Co., LTD.There is an SQL injection vulnerability in flow_xml.php, which can be used by attackers to obtain information in the database (for example, administrator background password, site user personal information).","Weaver-EOffice","An attacker can exploit the SQL injection vulnerability to obtain information from the database (for example, administrator background passwords, site user personal information).","1. Strictly filter the parameters passed into the vulnerability point to prevent sql injection.2. Deploy the Web application firewall to monitor database operations.3. Disable public network access to the system if necessary.","SQL Injection","","body=""href=\""/eoffice"" || body=""/eoffice10/client"" || body=""eoffice_loading_tip"" || body=""eoffice_init"" || header=""general/login/index.php"" || banner=""general/login/index.php"" || body=""/general/login/view//images/updateLoad.gif"" || (body=""szFeatures"" && body=""eoffice"") || header=""eOffice"" || banner=""eOffice""","21632","7.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Revive Adserver 广告管理系统 adxmlrpc.php 文件远程代码执行漏洞(CVE-2019-5434)","Revive Adserver是Revive Adserver团队的一套开源的广告管理系统。该系统提供广告投放、广告位管理、数据统计等功能。Revive Adserver 4.2.0之前版本中delivery XML-RPC脚本存在代码问题漏洞,攻击者可执行任意代码获取服务器权限。","Revive-Adserver","Revive Adserver 4.2.0之前版本中delivery XML-RPC脚本存在代码问题漏洞,攻击者可执行任意代码获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://www.revive-adserver.com/security/revive-sa-2019-001/","代码执行","Revive Adserver adxmlrpc.php Remote Code Execution Vulnerability (CVE-2019-5434)","Revive Adserver is an open source advertising management system developed by the Revive Adserver team. The system provides functions such as advertising placement, advertising space management, and data statistics.The delivery XML-RPC script in versions prior to Revive Adserver 4.2.0 has a code problem vulnerability, and an attacker can execute arbitrary code to obtain server permissions.","Revive-Adserver","The delivery XML-RPC script in versions prior to Revive Adserver 4.2.0 has a code problem vulnerability, and an attacker can execute arbitrary code to obtain server permissions.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://www.revive-adserver.com/security/revive-sa-2019-001/","Code Execution","CVE-2019-5434","title=""Revive Adserver"" || body=""strPasswordMinLength"" || body=""Welcome to Revive Adserver""","5667","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Eclipse BIRT 软件 document 文件 sample 参数任意文件上传漏洞 (CVE-2021-34427)","Eclipse BIRT是Eclipse基金会的一套为富客户端应用和Web应用提供报表和商业智能功能的开源软件。Eclipse BIRT 存在代码问题漏洞,该漏洞源于在Eclipse BIRT版本4.8.0及更早的版本中,可以使用查询参数创建一个可以从远程(当前BIRT查看器dir)访问的JSP文件,攻击者可上传恶意木马获取服务器权限。","Eclipse-BIRT","Eclipse BIRT 存在代码问题漏洞,该漏洞源于在Eclipse BIRT版本4.8.0及更早的版本中,可以使用查询参数创建一个可以从远程(当前BIRT查看器dir)访问的JSP文件,攻击者可上传恶意木马获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142。","文件上传","Eclipse BIRT document sample Arbitrary File Upload Vulnerability (CVE-2021-34427)","Eclipse BIRT is a set of open source software provided by the Eclipse Foundation to provide reporting and business intelligence functions for rich client applications and Web applications.There is a code problem vulnerability in Eclipse BIRT. The vulnerability stems from the fact that in Eclipse BIRT version 4.8.0 and earlier, query parameters can be used to create a JSP file that can be accessed remotely (the current BIRT viewer dir), and an attacker can upload Malicious Trojans gain server privileges.","Eclipse-BIRT","There is a code problem vulnerability in Eclipse BIRT. The vulnerability stems from the fact that in Eclipse BIRT version 4.8.0 and earlier, query parameters can be used to create a JSP file that can be accessed remotely (the current BIRT viewer dir), and an attacker can upload Malicious Trojans gain server privileges.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. For details, please visit the manufacturer's homepage: https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142.","File Upload","CVE-2021-34427","title=""Eclipse BIRT Home"" || body=""/birt/images"" || body=""Business Intelligence Reporting Tool""","259","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Sme.UP ERP ResourceService 文件读取漏洞(CVE-2023-26758)","Sme.UP ERP 是 Sme.UP 开发的一套组织用于管理日常业务活动的软件。Sme.UP ERP 版本 TOKYO V6R1M220406 在 /ResourceService 路由下存在任意文件读取漏洞。","Sme.UP ERP","攻击者可以利用该漏洞读取重要的系统文件(如数据库配置文件、系统配置文件)、数据库配置文件等,使得网站不安全。","目前没有详细的解决方案提供,请关注厂商主页更新:https://www.smeup.com/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件读取","Sme.UP ERP ResourceService File Read Vulnerability (CVE-2023-26758)","Sme.UP ERP is a suite of software developed by Sme.UP that organizations use to manage their daily business activities.Sme.UP ERP version TOKYO V6R1M220406 has an arbitrary file reading vulnerability under the /ResourceService route.","Sme.UP ERP","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, resulting in an extremely insecure state of the website.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://www.smeup.com/Temporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","File Read","CVE-2023-26758","body=""jetty-dir.css""","10785","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"ShopsN commentUpload 路径文件上传漏洞","ShopsN 是一款符合企业级商用标准全功能的真正允许免费商业用途的开源网店全网系统。攻击者可以利用文件上传漏洞执行恶意代码、写入后门、读取敏感文件,从而可能导致服务器受到攻击并被控制。","ShopsN","ShopsN commentUpload 存在任意文件上传漏洞,攻击者可上传恶意木马获取服务器权限。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:http://www.shopsn.net/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件上传","ShopsN commentUpload Path File Upload Vulnerability","ShopsN is an open-source online store full-network system that complies with enterprise-level commercial standards and is fully functional and truly allows free commercial use.There is an arbitrary file upload vulnerability in ShopsN commentUpload, attackers can upload malicious Trojan horses to gain server privileges.","ShopsN","There is an arbitrary file upload vulnerability in ShopsN commentUpload, attackers can upload malicious Trojan horses to gain server privileges.Attackers can use file upload vulnerabilities to execute malicious code, write backdoors, and read sensitive files, which may cause the server to be attacked and controlled.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:http://www.shopsn.net/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","File Upload","","title=""上海盈赛电子商务有限公司"" || body=""/Supermarket/ProductList"" || body=""/Uploads/conf/supermarket"" || body=""/Uploads/intnet/""","95","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Cockpit 内容平台默认口令漏洞","Cockpit 是一个自托管、灵活且用户友好的无头内容平台,用于创建自定义数字体验。Cockpit 存在默认口令漏洞,攻击者可通过默认口令漏洞控制整个平台,使用管理员权限操作核心的功能。","cockpit","攻击者可通过默认口令漏洞控制整个平台,使用管理员权限操作核心的功能。 ","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","Cockpit Default Password Vulnerability","Cockpit is a self-hosted, flexible and user-friendly headless content platform for creating custom digital experiences.The default password vulnerability in the Cockpit allows attackers to take control of the entire platform and operate core functions with administrator rights.","cockpit","attackers can control the entire platform through default password vulnerabilities and use administrator privileges to operate core functions.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.2. If not necessary, prohibit public network access to the system.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","title=""Authenticate Please!"" || header=""Cockpit_"" || banner=""Cockpit_"" || body=""Cockpit/assets/cockpit.js""","2985","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"360 天擎终端安全管理系统未授权管理员登录","360天擎企业版是360推出的一款集终端安全管控功能的防病毒软件,专门面向政府企业等大型企事业单位而推出,作为新一代企业终端安全产品,采用了全新的安全防御技术。在6.6及以下版本中,登录接口存在绕过登录的漏洞,攻击者可以使用管理员的身份登录后台,控制系统管理的用户终端。","奇安信-天擎","登录接口存在绕过登录的漏洞,攻击者可以使用管理员的身份登录后台,控制系统管理的用户终端。","前往官网升级天擎至6.7版本.https://www.360.cn/","权限绕过","360 SkyRock Terminal Security Management System is not authorized for administrator login","360 tianqin is an anti-virus software with terminal security control function launched by 360, specifically for government enterprises and other large enterprises and institutions, as a new generation of enterprise terminal security products, using a new security defense technology.In version 6.6 and below, the login interface is vulnerable to bypass login.","Qianxin-TianQing","It can cause an attacker to log into the backend as an administrator and control the user terminals managed by the system.","Go to the official website to upgrade tianqin to version 6.7.https://www.360.cn/","Permission Bypass","","title=""360新天擎""","501","10","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud ServiceDispatcher 远程代码执行漏洞","用友 U8 Cloud 是一种基于企业互联网理念设计的云 ERP 整体解决方案,集成了人力资源、财务会计、物流库存、客户关系和生产制造等功能,旨在推动企业实现敏捷经营、轻量化管理和简化IT操作,并提供安全可信、合规可靠的服务。用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","用友-U8-Cloud","用友 U8 Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://security.yonyou.com/#/patchInfo?foreignKey=7bd5b43e2c984a618b2b1d3f288110ae","代码执行","Yonyou U8 Cloud ServiceDispatcher Api Deserialize Code Execution Vulnerability","Yonyou U8 Cloud is a cloud ERP overall solution designed based on the concept of enterprise internet, integrating functions such as human resources, financial accounting, logistics inventory, customer relations, and production manufacturing. It aims to promote agile operation, lightweight management, and simplified IT operations for enterprises, and provide safe, trustworthy, compliant, and reliable services.There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-U8-Cloud","There is a deserialization code execution vulnerability in Yonyou U8 Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time: https://security.yonyou.com/#/patchInfo?foreignKey=7bd5b43e2c984a618b2b1d3f288110ae","Code Execution","","body=""请下载新版UClient""","13731","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"宇视科技视频监控 main-cgi 文件信息泄露漏洞","宇视(Uniview)高清网络摄像机是一种高性能的网络摄像机,它可以通过网络进行视频传输和监控。该摄像机采用先进的视频技术,具有高清晰度、低照度、宽动态等特点,能够提供高质量的视频图像。宇视(Uniview)高清网络摄像机存在信息泄露漏洞,攻击者可以通过解密泄露信息获取管理员账号密码,登陆后台控制整个系统,最终导致系统处于极度不安全状态。","uniview-视频监控","宇视(Uniview)高清网络摄像机存在信息泄露漏洞,攻击者可以通过解密泄露信息获取管理员账号密码,登陆后台控制整个系统,最终导致系统处于极度不安全状态。","厂商已发布了漏洞修复程序,请及时关注更新:https://cn.uniview.com/Service/Service_Training/Download/Tools/Front_End/","命令执行,信息泄露","Uniview Video Monitor System main-cgi File Information Leakage Vulnerability","Uniview high-definition network camera is a high-performance network camera that can transmit and monitor videos over the network. This camera adopts advanced video technology and has characteristics such as high definition, low illumination, and wide dynamic range, which can provide high-quality video images The Uniview high-definition network camera has an information leakage vulnerability. Attackers can decrypt the leaked information to obtain administrator account passwords, log in to the background and control the entire system, ultimately causing the system to be in an extremely insecure state","uniview-Video-Monitoring"," The Uniview high-definition network camera has an information leakage vulnerability. Attackers can decrypt the leaked information to obtain administrator account passwords, log in to the background and control the entire system, ultimately causing the system to be in an extremely insecure state","The vendor has released a bug fix, please pay attention to the update in time:https://cn.uniview.com/Service/Service_Training/Download/Tools/Front_End/","Command Execution,Information Disclosure","","(body=""to=\""href_version_div\"">版本<"" || body=""gjs_oemtype = \""Uniview"") || (server=""Unisvr "" && body=""H3CMPP.Lang.DevManage"") || body=""<!-- <embed src=\""null.wav\"" loop="" || body=""var GJS_"" || banner=""Zhejiang Uniview Technologies Co."" || title=""ISC2500"" || title=""公安图像应用平台"" || body=""<iframe name=\""banner\"" id=\""banner\"" hidefocus=\""hideFocus\"" marginwidth=\""0\"" marginheight=\""0\"" src=\"" ../index.htm?clientipaddr="" || (body=""isun = true;"" && body=""id=\""userName\"" onkeypress=\""check_username(this)\"" value=\""admin"") || (body=""<a href=\""#\"" onclick=\""popHelp(varHelpAncValue);\"">"" && body=""classid=\""clsid:0796C71F-AA80-4921-B6D1-AA4252D097AE\"" id=\""recordManager_activeX"") || body=""<meta http-equiv=\""refresh\"" content=\""0; url=cgi-bin/main.cgi?webid=1\"" />"" || server=""uniser"" || title=""国标配置系统"" || (body=""recordManager_activeX"" && body=""popHelp(varHelpAncValue);"" ) || (protocol=""snmp"" && (banner=""HIC6622X22-5CIR-H"" || banner=""HIC3121ES-DF36IR"" || banner=""HIC6621EX22I-5LA-IT"" || banner=""HIC6622I-HX30IR"" || banner=""HIC3121ES-DF60IR"")) || banner=""Uniview login:"" || banner=""ISC2500-E login:"" || (body=""cgi-bin/main.cgi?web_id=1&langinfo=-3"" && body=""<FORM id=loginForm name=loginForm action=cgi-bin/main.cgi method=post >"") || title=""ISC3500-"" || banner=""DVR102-16 login:"" || banner=""HIC6622X22-5CIR"" || banner=""HIC2221E-CF60IR"" || banner=""NVR208-32 login:"" || title=""ISC3616"" || (body=""<label for='autoLogin' class=\""login_autoLoginLabel\"">"" && body=""Text.VideoManageSystem"" && body=""wanlanswitch"") || (protocol=""snmp"" && banner=""HC121"") || (body=""GJS_PRODUCTTYPE"" && (body=""uniview"" || body=""宇视""))","1322416","7.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Junos webauth_operation.php 文件上传漏洞(CVE-2023-36844)","Junos 是 Juniper Networks 生产的一款可靠的高性能网络操作系统。攻击者可利用 Junos 操作系统的 J-Web 服务 /webauth_operation.php 路由上传 php webshell,通过 ?PHPRC 参数进行包含,进入控制整个 web 服务器。","JUNIPer-Web-Device-Manager","攻击者可通过该漏洞在服务器端写入后门,执行代码,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://supportportal.juniper.net/JSA72300","文件上传,文件包含","Junos webauth_operation.php File Upload Vulnerability (CVE-2023-36844)","Junos is a reliable, high-performance network operating system from Juniper Networks.An attacker can use the J-Web service /webauth_operation.php route of the Junos operating system to upload a php webshell, include it through the ?PHPRC parameter, and gain control of the entire web server.","JUNIPer-Web-EQPT-Manager","Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The manufacturer has released a vulnerability fix, please pay attention to updates in time: https://supportportal.juniper.net/JSA72300","File Upload,File Inclusion","CVE-2023-36844","title=""Juniper Web Device Manager"" || banner=""juniper"" || header=""juniper"" || body=""svg4everybody/svg4everybody.js"" || body=""juniper.net/us/en/legal-notices"" || body=""nativelogin_login_credentials""","47518","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"东胜物流软件 /TruckMng/MsWlDriver/GetDataList 文件 condition 参数 SQL 注入漏洞","东胜物流软件是一款集订单管理、仓库管理、运输管理等多种功能于一体的物流管理软件。攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","东胜物流软件","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.dongshengsoft.com/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","Dongsheng logistics software /TruckMng/MsWlDriver/GetDataList file condition parameter SQL injection vulnerability","Dongsheng logistics software is a logistics management software that integrates order management, warehouse management, transportation management and other functions.In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","东胜物流软件","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.dongshengsoft.com/2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","SQL Injection","","body=""dongshengsoft"" || body=""theme/dhtmlxcombo.css""","1268","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"东胜物流软件 /MvcShipping/MsBaseInfo/SaveUserQuerySetting 接口 formname 参数 SQL 注入漏洞","东胜物流软件是一款集订单管理、仓库管理、运输管理等多种功能于一体的物流管理软件。攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","东胜物流软件","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.dongshengsoft.com/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","Dongsheng logistics software /MvcShipping/MsBaseInfo/SaveUserQuerySetting interface formname parameter SQL injection vulnerability","Dongsheng logistics software is a logistics management software that integrates order management, warehouse management, transportation management and other functions.In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","东胜物流软件","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.dongshengsoft.com/2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","SQL Injection","","body=""dongshengsoft"" || body=""theme/dhtmlxcombo.css""","1268","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友时空 KSOA linkadd.jsp 文件 id 参数 SQL 注入漏洞","用友时空 KSOA 是一款企业级应用性能管理(APM)软件,旨在为企业提供应用程序的性能监测和管理服务,帮助企业及时识别和解决应用程序的性能问题,提升应用程序的质量和稳定性。该软件在 linkadd.jsp 文件的参数 id 处存在 SQL 注入漏洞,攻击者可以利用该漏洞获取数据库中的信息,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","用友-时空KSOA","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。 ","1、升级用友时空企业信息融通平台系统到最新版本:https://www.yonyou.com/2、临时使用WAF等手段限制路径访问","SQL注入","Yonyou KSOA linkadd.jsp id SQL Injection Vulnerability","UFIDA KSOA is an enterprise-level application performance management (APM) software designed to provide enterprises with application performance monitoring and management services, help enterprises identify and solve application performance problems in a timely manner, and improve application quality and stability .The software has a SQL injection vulnerability in the parameter id of the linkadd.jsp file. Attackers can use this vulnerability to obtain information in the database, and even write Trojan horses into the server under high-privilege conditions to further obtain server system permissions.","yonyou-Time-and-Space-KSOA","The software has a SQL injection vulnerability in the parameter id of the linkadd.jsp file. Attackers can use this vulnerability to obtain information in the database, and even write Trojan horses into the server under high-privilege conditions to further obtain server system permissions.","1. Upgrade Yonyou Time and Space Enterprise Information Integration Platform System to the latest version: https://www.yonyou.com/2. Temporarily use WAF and other means to restrict path access","SQL Injection","","body=""onmouseout=\""this.classname='btn btnOff'\""""","4879","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"泛微 e-cology XmlRpcServlet 接口文件读取漏洞","泛微e-cology是专为大中型企业制作的OA办公系统,支持PC端、移动端和微信端同时办公等。攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","泛微-OA(e-cology)","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方已修复该漏洞,请用户联系厂商修复漏洞: https://www.weaver.com.cn/cs/securityDownload.html2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","Weaver ecology XmlRpcServlet Path File Read Vulnerability","Weaver e-cology is an OA office system specifically designed for large and medium-sized enterprises, supporting simultaneous work on PC, mobile, and WeChat platforms.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","Weaver-OA(E-COLOGY)","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","1. The official has fixed the vulnerability, please pay attention to the manufacturer's homepage update:https://www.weaver.com.cn/cs/securityDownload.html2. Set access policies and whitelist access through security devices such as firewalls. 3. If not necessary, prohibit public network access to the system.","File Read","","((body=""szFeatures"" && body=""redirectUrl"") || (body=""rndData"" && body=""isdx"") || (body=""typeof poppedWindow"" && body=""client/jquery.client_wev8.js"") || body=""/theme/ecology8/jquery/js/zDialog_wev8.js"" || body=""ecology8/lang/weaver_lang_7_wev8.js"" || body=""src=\""/js/jquery/jquery_wev8.js"" || (header=""Server: WVS"" && (title!=""404 Not Found"" && header!=""404 Not Found""))) && header!=""testBanCookie"" && header!=""Couchdb"" && header!=""JoomlaWor"" && body!=""<title>28ZE</title>""","111321","7.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E6%B3%9B%E5%BE%AE-e-cology-XmlRpcServlet-%E6%8E%A5%E5%8F%A3%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E-drdrpfsa.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"思福迪运维安全管理系统 test_qrcode_b 命令执行漏洞","思福迪运维安全管理系统是思福迪开发的一款运维安全管理堡垒机。思福迪运维安全管理系统 test_qrcode_b 路由存在命令执行漏洞。","思福迪-LOGBASE 堡垒机","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:http://www.logbase.cn/","命令执行","LOGBASE test_qrcode_b Remote Command Execution Vulnerability","LOGBASE is an operation and maintenance security management bastion machine developed by Sifudi.There is a command execution vulnerability in the test_qrcode_b route of this operation and maintenance security management system.","Sifudi-LOGBASE","Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:http://www.logbase.cn/","Command Execution","","((title=""Logbase"" || header=""Server: dummy"" || body=""onclick=\""location.href='trustcert.cgi'"") && body!=""couchdb"") || banner=""Server: dummy""","918","9.6","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"浙大恩特客户资源管理系统 fileupload.jsp 任意文件上传漏洞","浙大恩特客户资源管理系统是恩特软件开发的一款客户资源管理系统。浙大恩特客户资源管理系统 fileupload.jsp 存在任意文件上传漏洞。","浙大恩特客户资源管理系统","攻击者可通过该漏洞在服务器端上传后门,执行代码,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:http://www.entersoft.cn/","文件上传","Entersoft Customer Resource Management System fileupload.jsp file upload vulnerability","Enter Customer Resource Management System is a customer resource management system developed by Enter Software.There is a file upload vulnerability in fileupload.jsp of Enter customer resource management system.","Zhejiang-Duite-Customer-Resource-MS","Attackers can use this vulnerability to upload a backdoor on the server side, execute code, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:http://www.entersoft.cn/","File Upload","","title=""欢迎使用浙大恩特客户资源管理系统""","8629","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Panabit Panalog sprog_deletevent.php SQL 注入漏洞","Panalog大数据日志审计系统定位于将大数据产品应用于高校、 公安、 政企、 医疗、 金融、 能源等行业之中,针对网络流量的信息进行日志留存,可对用户上网行为进行审计,逐渐形成大数据采集、 大数据分析、 大数据整合的工作模式,为各种网络用户提供服务。该产品中 /Maintain/sprog_deletevent.php 文件的id参数存在SQL注入漏洞,可导致数据库信息泄露从而获取敏感信息,甚至可能被攻击者进一步利用造成更大危害。","Panabit-Panalog","Panabit /Maintain/sprog_deletevent.php 文件的 id 参数存在 SQL 注入漏洞,可导致数据库信息泄露从而获取敏感信息,甚至可能被攻击者进一步利用造成更大危害。","1、对传入的 sql 语句进行预编译处理。2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","Panabit Panalog sprog_deletevent.php SQL injection vulnerability","Panabit was developed by Beijing Paiwang Software Co., LTD.The id parameter of the /Maintain/sprog_deletevent.php file in this product has an SQL injection vulnerability, which can lead to database information leakage.","Panabit-Panalog","The id parameter of the Panabit /Maintain/sprog_deletevent.php file has SQL injection vulnerability, which can cause database information leakage and obtain sensitive information, and may even be further exploited by attackers to cause greater harm.","1. Precompile the incoming sql statement.2. Deploy the Web application firewall to monitor database operations.3. Disable public network access to the system if necessary.","SQL Injection","","((body=""id=\\\""codeno\\\""""||body=""id=\""codeno\"""") && body=""日志系统"") || title=""panalog"" ","13334","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"帮管客 CRM message 文件 pai 参数 SQL 注入漏洞","帮管客CRM客户管理系统是一款专业CRM营销理念设计管理的辅助工具,由湖北点点点科技有限公司开发。帮管客CRM客户管理系统 /index.php/message 接口存在 sql 注入漏洞,可导致数据库信息泄露。","帮管客-CRM","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.bgk100.com/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","BANGGUANME CRM message SQL injection vulnerability","BANGGUANKE CRM Customer management system is a professional CRM marketing concept design and management of auxiliary tools, developed by Hubei Diandian Technology Co., LTD.sql injection vulnerability exists in the CRM customer management system /index.php/message interface, which may cause database information leakage.","BANGGUANKE-CRM","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, administrator background password, site user personal information), attackers can even write trojans to the server in the case of high permissions to further obtain server system permissions.","1, the official has not repaired the vulnerability, please contact the manufacturer to repair the vulnerability: https://www.bgk100.com .2. Deploy the Web application firewall to monitor database operations.3. Disable public network access to the system if necessary.","SQL Injection","","(title=""用户登录"" && body=""/themes/default/js/jquery.code.js"") || header=""Set-Cookie: bgk_session=a%3A5"" || body=""<p id=\""admintips\"" >初始账号:admin"" || banner=""Set-Cookie: bgk_session=a%3A5""","5346","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Mirth Connect 接口引擎系统默认口令漏洞","Mirth Connect是一款接口引擎系统。该应用存在默认口令,攻击者可通过默认口令(admin/admin)控制整个平台,使用管理员权限操作核心功能。","nextgen-Mirth-Connect-Admin","攻击者可通过默认口令(admin/admin)漏洞控制整个平台,使用管理员权限操作核心的功能。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","Mirth Connect Default Password Vulnerability","Mirth Connect is an interface engine system.There is a default password for this application. An attacker can control the entire platform through the default password (admin/admin) and operate the core functions with administrator privileges.","Mirth Connect","Attackers can control the entire platform through the default password(admin/admin) vulnerability, and use administrator privileges to operate core functions.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers and special characters, and the number of digits is greater than 8.2. If it is not necessary, it is forbidden to access the system from the public network.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","title=""Mirth Connect Administrator""","6605","5.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Ruijie-EWEB 网管系统 flwo.control.php 文件 type 参数任意命令执行漏洞","锐捷网管系统是由北京锐捷数据时代科技有限公司开发的新一代基于云的网络管理软件,以“数据时代创新网管与信息安全”为口号,定位于终端安全、IT运营及企业服务化管理统一解决方案。Ruijie-EWEB 网管系统 flwo.control.php 中的 type 参数存在命令执行漏洞,攻击者可利用该漏洞执行任意命令。","Ruijie-EWEB网管系统","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","请及时关注厂商官网,并更新最新系统:https://www.ruijie.com.cn/","命令执行","Ruijie EWEB Network Management System flwo.control.php type Arbitrary Command Execution Vulnerability","Ruijie Network Management System is a new generation of cloud based network management software developed by Beijing Ruijie Data Era Technology Co., Ltd. With the slogan of ""Innovative Network Management and Information Security in the Data Age"", it is positioned as a unified solution for terminal security, IT operations, and enterprise service-oriented management.Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","Ruijie-EWEB-NMS","Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","Please pay attention to the manufacturer's official website and update the latest system: https://www.ruijie.com.cn/","Command Execution","","(body=""<span class=\""resource\"" mark=\""login.copyRight\"">锐捷网络</span>"" && body=""login.getDeviceInfo"") || title=""锐捷网络-EWEB网管系统""","11544","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"node static 文件读取漏洞(CVE-2023-26111)","node-static 是 Node.js 兼容 RFC 2616的 HTTP 静态文件服务器处理模块,提供内置的缓存支持。node-static 存在任意文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","node-static","node-static 存在任意文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","目前没有详细的解决方案提供,请关注厂商主页更新:https://github.com/cloudhead/node-static1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件读取","node static File Read Vulnerability (CVE-2023-26111)","node-static is a Node.js RFC 2616 compliant HTTP static file server processing module that provides built-in caching support.There is an arbitrary file read vulnerability in node-static. Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","node-static","There is an arbitrary file read vulnerability in node-static. Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://github.com/cloudhead/node-static1、Set up access policies through firewalls and other security devices, and set up whitelist access.2、If not necessary, prohibit public network access to the system.","File Read","CVE-2023-26111","header=""server: node-static"" || banner=""server: node-static""","5318","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"HA-Bridge 网关应用 /api/devices/backup/download 文件读取漏洞","HA Bridge是家庭自动化桥,模拟 Philips Hue 灯光系统,可以控制其他系统,例如 Vera、Harmony Hub、Nest、MiLight 灯泡或具有 http/https/tcp/udp 接口的任何其他系统。攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","ha bridge","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://github.com/bwssytems/ha-bridge2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","HA-Bridge gateway application /api/devices/backup/download file reading vulnerability","HA Bridge is a home automation bridge that simulates a Philips Hue light system and can control other systems such as Vera, Harmony Hub, Nest, MiLight bulbs or any other system with http/https/tcp/udp interface. Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., making the website extremely insecure.","ha bridge","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","1.There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://github.com/bwssytems/ha-bridge2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","File Read","","title=""HA Bridge"" || body=""https://github.com/bwssytems/ha-bridge/blob/master/README.md""","507","5.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"MM-Wiki /page/display 文件 document_id 参数信息泄露漏洞","MM-Wiki 一个轻量级的企业知识分享与团队协同软件,可用于快速构建企业 Wiki 和团队知识分享平台。部署方便,使用简单,帮助团队构建一个信息共享、文档管理的协作环境。攻击者通过构造特殊 URL 地址,读取系统敏感信息。","MM-Wiki","攻击者通过构造特殊URL地址,读取系统敏感信息。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://github.com/phachon/MM-Wiki2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","信息泄露","MM-Wiki /page/display file document_id parameter information disclosure vulnerability","MM-Wiki is a lightweight enterprise knowledge sharing and team collaboration software that can be used to quickly build enterprise Wikis and team knowledge sharing platforms. Easy to deploy and easy to use, it helps teams build a collaborative environment for information sharing and document management.The attacker reads sensitive system information by constructing a special URL address.","MM-Wiki","The attacker reads the sensitive information of the system by constructing a special URL address.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://github.com/phachon/MM-Wiki2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Information Disclosure","","title=""MM-Wiki"" || header=""mmwikissid"" || banner=""mmwikissid""","2042","6.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"DrayTek Vigor AP910C 路由器默认口令漏洞","DrayTek Vigor AP910C 是 DrayTek 推出的一款带有防火墙功能的无线路由器产品。 攻击者可以通过默认密码 admin:admin 控制整个平台,并利用管理员权限操作核心功能。","DrayTek-Vigor-AP910C","攻击者可通过默认口令 admin:admin 控制整个平台,使用管理员权限操作核心的功能。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","DrayTek Vigor AP910C Router Default Password Vulnerability","DrayTek Vigor AP910C is a wireless router product with firewall function launched by DrayTek.Attackers can control the entire platform through the default password admin:admin and use administrator privileges to operate core functions.","DrayTek-Vigor-AP910C","Attackers can control the entire platform through the default password admin:admin and use administrator privileges to operate core functions.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, special characters, and more than 8 digits.2. If not necessary, the public network is prohibited from accessing the system.3. Set access policy and whitelist access through firewall and other security devices.","Default Password","","header=""VigorAP910C"" || banner=""VigorAP910C""","2268","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"DrayTek Vigor AP910C 路由器后台命令执行漏洞","DrayTek Vigor AP910C 是居易科技(DrayTek)公司的一款带有防火墙功能的无线路由器产品。DrayTek Vigor AP910C 存在后台 RCE 漏洞。攻击者可通过该漏洞在设备任意执行代码写入后门,获取设备权限,进而控制整个设备。","DrayTek-Vigor-AP910C","攻击者可通过该漏洞在设备任意执行代码写入后门,获取设备权限,进而控制整个设备。","官方暂未修复该漏洞,请关注厂商主页更新:https://www.draytek.com/en/products/products-a-z/wireless-ap.all/vigorap-910c/","命令执行","DrayTek Vigor AP910C Router Background Command Execution Vulnerability","DrayTek Vigor AP910C is a wireless router product with firewall function from DrayTek. DrayTek Vigor AP910C has a background RCE vulnerability.Attackers can use this vulnerability to arbitrarily execute code on the device to write backdoors, obtain device permissions, and then control the entire device.","DrayTek-Vigor-AP910C","Attackers can use this vulnerability to arbitrarily execute code on the device to write backdoors, obtain device permissions, and then control the entire device.","The official has not fixed the vulnerability yet, please pay attention to the update of the manufacturer's homepage: https://www.draytek.com/en/products/products-a-z/wireless-ap.all/vigorap-910c/","Command Execution","","header=""realm=\""VigorAP910C"" || banner=""realm=\""VigorAP910C""","2271","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"东胜物流软件 TCodeVoynoAdapter.aspx 文件 strVESSEL 参数 SQL注入漏洞","东胜物流软件是一款致力于为客户提供IT支撑的 SOP, 帮助客户大幅提高工作效率,降低各个环节潜在风险的物流软件。东胜物流软件 TCodeVoynoAdapter.aspx 处存在 SQL 注入漏洞,攻击者可利用该漏洞获取数据库敏感信息。","东胜物流软件","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、对存在危害得参数进行严格过滤。2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","Dongsheng Logistics Software TCodeVoynoAdapter.aspx SQL Injection Vulnerability","Dongsheng Logistics Software is a SOP dedicated to providing IT support for customers, helping customers greatly improve their work efficiency and reduce the potential risks of each link.There is a SQL injection vulnerability at TCodeVoynoAdapter.aspx, the Dongsheng logistics software. An attacker can use this vulnerability to obtain sensitive database information.","Dongsheng Logistics Software","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","1. Strictly filter the harmful parameters.2. Deploy the Web application firewall to monitor database operations.3. Disable public network access to the system if necessary.","SQL Injection","","body=""CompanysAdapter.aspx"" || (body=""dhtmlxcombo_whp.js"" && body=""dhtmlxcommon.js"")","1363","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 U8 Cloud upload.jsp 文件上传漏洞","用友 U8 cloud 是用友开发的一款云 ERP。用友 U8 upload.jsp 存在任意文件上传漏洞,攻击者可利用该漏洞获取服务器权限。","用友-U8-Cloud","攻击者可通过该漏洞在服务器端上传任意文件,执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","目前没有详细的解决方案提供,请关注厂商主页更新:https://www.yonyou.com/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件上传","UF U8 Cloud upload.jsp file upload vulnerability","yonyou U8 cloud is a cloud ERP developed by yonyou.There is a file upload vulnerability in yonyou U8 upload.jsp, which can be exploited by attackers to gain server privileges.","yonyou-U8-Cloud","Attackers can use this vulnerability to upload file, execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://www.yonyou.com/Temporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","File Upload","","body=""开启U8 cloud云端之旅""","13473","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC ActionHandlerServlet 接口远程代码执行漏洞","用友 NC Cloud 是一种商业级的企业资源规划云平台,为企业提供全面的管理解决方案,包括财务管理、采购管理、销售管理、人力资源管理等功能,实现企业的数字化转型和业务流程优化。用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","用友-NC-Cloud","用友 NC Cloud 存在反序列化代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:http://www.yonyougz.com/yonyou/yonyou-nc/","代码执行","Yonyou NC ActionHandlerServlet Api Remote Code Execute Vulnerability","Yonyou NC Cloud is a commercial level enterprise resource planning cloud platform that provides comprehensive management solutions for enterprises, including financial management, procurement management, sales management, human resource management, and other functions, achieving digital transformation and business process optimization for enterprises.There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","yonyou-NC-Cloud","There is a deserialization code execution vulnerability in Yonyou NC Cloud, which allows attackers to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time:http://www.yonyougz.com/yonyou/yonyou-nc/","Code Execution","","banner=""nccloud"" || header=""nccloud"" || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";"" || (body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"" || (title==""产品登录界面"" && body=""UFIDA NC"") || body=""../Client/Uclient/UClient.dmg""","21428","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"金蝶云星空 CommonFileServer 文件读取漏洞","金蝶云星空管理中心 是一款基于领先的可组装低代码 PaaS 平台,全面服务客户研发、生产、营销、供应链、财务等领域转型。攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","金蝶云星空-管理中心","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方已经修复该漏洞,请用户联系厂商修复漏洞:http://www.kingdee.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","Kingdee Cloud Starry Sky CommonFileServer file reading vulnerability","Kingdee Cloud Starry Sky-Management Center is based on a leading assembleable low-code PaaS platform, which comprehensively serves customers' transformation in R&D, production, marketing, supply chain, finance and other fields.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., making the website extremely insecure.","Kingde-Cloud-Stars-Management-Center","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","1. The official has fixed the vulnerability, please contact the manufacturer to fix the vulnerability: http://www.kingdee.com/2. Set access policies through security devices such as firewalls, and set whitelist access.3. If it is not necessary, the public network is prohibited from accessing the system.","File Read","","title=""金蝶云星空""","6014","6.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"大华智慧园区综合管理平台 /ipms/barpay/pay 远程代码执行漏洞","大华智慧园区解决方案围绕运营管理、综合安防、便捷通行、协同办公等多个业务领域展开,依托AI、物联网、大数据技术实现园区管理数字化升级,实现安全等级提升、工作效率提升、管理成本下降。大华智慧园区 /ipms/barpay/pay 存在代码执行漏洞,攻击者可通过该漏洞在服务器端执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","dahua-智慧园区综合管理平台","大华智慧园区 /ipms/barpay/pay 存在代码执行漏洞,攻击者可通过该漏洞在服务器端执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.dahuatech.com/cases/info/76.html","代码执行","Dahua DSS /ipms/barpay/pay Remote Code Execution Vulnerability","Dahua smart park solutions focus on multiple business areas such as operation management, comprehensive security, convenient traffic, and collaborative office. Relying on AI, Internet of Things, and big data technologies to realize the digital upgrade of park management, improve security levels, improve work efficiency, and manage Cost reduction.There is a code execution vulnerability in Dahua Smart Park /ipms/barpay/pay, through which an attacker can execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","dahua-Smart-Park-GMP","There is a code execution vulnerability in Dahua Smart Park /ipms/barpay/pay, through which an attacker can execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","The manufacturer has released a bug fix, please pay attention to the update in time: https://www.dahuatech.com/cases/info/76.html","Code Execution","","body=""src=\""/WPMS/asset/common/js/jsencrypt.min.js\"""" || (cert=""Dahua"" && cert=""DSS"")","7433","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Jeecg Boot jmreport/queryFieldBySql 接口代码执行漏洞","Jeecg Boot(或者称为 Jeecg-Boot)是一款基于代码生成器的开源企业级快速开发平台,专注于开发后台管理系统、企业信息管理系统(MIS)等应用。它提供了一系列工具和模板,帮助开发者快速构建和部署现代化的 Web 应用程序。攻击者可以通过操纵应用程序的模板引擎来执行恶意代码或获取敏感信息。这种漏洞可能会导致整个应用程序被入侵,造成严重的安全问题。","JEECG","攻击者可以通过操纵应用程序的模板引擎来执行恶意代码或获取敏感信息。这种漏洞可能会导致整个应用程序被入侵,造成严重的安全问题。","厂商已发布了漏洞修复程序,请及时关注更新:http://www.jeecg.com/","代码执行","Jeecg Boot jmreport/queryFieldBySql interface code execution vulnerability","Jeecg Boot (or Jeecg-Boot) is an open source enterprise-level rapid development platform based on code generators, focusing on the development of background management systems, enterprise information management systems (MIS) and other applications. It provides a series of tools and templates to help developers quickly build and deploy modern web applications.An attacker can manipulate an application's templating engine to execute malicious code or obtain sensitive information. This kind of vulnerability may lead to the compromise of the entire application, causing serious security problems.","JEECG","attackers manipulate the application's template engine to execute malicious code or retrieve sensitive information. This type of vulnerability can lead to the entire application being compromised, resulting in significant security issues.","The vendor has released a bug fix, please pay attention to the update in time:http://www.jeecg.com/","Code Execution","","title==""JeecgBoot 企业级低代码平台"" || body=""window._CONFIG['imgDomainURL'] = 'http://localhost:8080/jeecg-boot/"" || title=""Jeecg-Boot 企业级快速开发平台"" || title=""Jeecg 快速开发平台"" || body=""'http://fileview.jeecg.com/onlinePreview'"" || title==""JeecgBoot 企业级低代码平台"" || title==""Jeecg-Boot 企业级快速开发平台"" || title==""JeecgBoot 企业级快速开发平台"" || title==""JeecgBoot 企业级快速开发平台"" || title=""Jeecg 快速开发平台"" || title=""Jeecg-Boot 快速开发平台"" || body=""积木报表"" || body=""jmreport""","32269","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Jeecg Boot JimuReport testConnection 远程代码执行漏洞","JeecgBoot 是一款开源的的低代码开发平台,积木报表是其中的低代码报表组件。JeecgBoot 的 jeecg-boot/jmreport/testConnection 未进行身份验证,并且未对 dbUrl 参数进行限制,当应用端存在H2数据库驱动依赖时,攻击者发送包含恶意 dbUrl 参数的 http 请求远程执行任意代码。","JEECG","JeecgBoot 的 jeecg-boot/jmreport/testConnection 未进行身份验证,并且未对 dbUrl 参数进行限制,当应用端存在H2数据库驱动依赖时,攻击者发送包含恶意 dbUrl 参数的 http 请求远程执行任意代码。","厂商已发布了漏洞修复程序,请及时关注更新:https://github.com/jeecgboot/jeecg-boot","代码执行","Jeecg Boot JimuReport testConnection Remote Code Execution Vulnerability","JeecgBoot is an open source low-code development platform, and building block reports are the low-code report components.The jeecg-boot/jmreport/testConnection of JeecgBoot is not authenticated, and the dbUrl parameter is not restricted. When the H2 database driver dependency exists on the application side, the attacker sends an http request containing a malicious dbUrl parameter to remotely execute arbitrary code.","JEECG","Since the jeecg-boot/jmreport/testConnection Api interface is not authenticated and the dbUrl parameter is not restricted, when there is an H2 database driver dependency on the application side, the attacker sends an http request containing a malicious dbUrl parameter to remotely execute arbitrary code.","The manufacturer has released a bug fix, please pay attention to the update in time: https://github.com/jeecgboot/jeecg-boot","Code Execution","","title==""JeecgBoot 企业级低代码平台"" || body=""window._CONFIG['imgDomainURL'] = 'http://localhost:8080/jeecg-boot/"" || title=""Jeecg-Boot 企业级快速开发平台"" || title=""Jeecg 快速开发平台"" || body=""'http://fileview.jeecg.com/onlinePreview'"" || title==""JeecgBoot 企业级低代码平台"" || title==""Jeecg-Boot 企业级快速开发平台"" || title==""JeecgBoot 企业级快速开发平台"" || title==""JeecgBoot 企业级快速开发平台"" || title=""Jeecg 快速开发平台"" || title=""Jeecg-Boot 快速开发平台"" || body=""积木报表"" || body=""jmreport""","32269","10","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"奇安信网神 SecSSL VPN 安全接入网关权限绕过漏洞","奇安信网神安全接入网关系统(SecSSL VPN)是一种安全产品,旨在为政府、企业、金融、能源、运营商等行业客户提供远程办公和远程接入功能。奇安信网神安全接入网关系统存在权限绕过漏洞,攻击者可通过构造特定的恶意请求包,获取系统管理员信息和修改系统管理员密码等恶意操作。","网神-VPN","奇安信网神安全接入网关系统存在权限绕过漏洞,攻击者可通过构造特定的恶意请求包,获取系统管理员信息和修改系统管理员密码等恶意操作。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://www.legendsec.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","权限绕过","QAX Legendsec SecSSL VPN Permission Bypass Vulnerability","The Qax Netgod Secure Access Gateway System (SecSSL VPN) is a secure product designed to provide remote office and access capabilities for industry clients such as governments, enterprises, finance, energy, and operators.There is a privilege bypass vulnerability in the Qax Netgod secure access gateway system, which allows attackers to construct specific malicious request packets, obtain system administrator information, and modify system administrator passwords for malicious operations.","legendsec-VPN","There is a privilege bypass vulnerability in the Qax Netgod secure access gateway system, which allows attackers to construct specific malicious request packets, obtain system administrator information, and modify system administrator passwords for malicious operations.","1. The official has fixed the vulnerability, please contact the manufacturer to fix the vulnerability: https://www.legendsec.com/2. Set access policies through security devices such as firewalls, and set whitelist access.3. If it is not necessary, the public network is prohibited from accessing the system.","Permission Bypass","","((title=""奇安信VPN"" && body=""href=\""/download/GWSetup.exe\"" target=\""_blank\"" style=\""\"">点此链接下载奇安信VPN客户端</a>"") || title==""奇安信VPN"" || (body=""QianxinVPN"" && body=""href=\""fw/app_list.php"" && body=""href=\""cert.php?placeValuesBeforeTB_=savedValues"")) || (((body=""admin/js/virtual_keyboard.js"" && body=""src=\""images/login_logo.gif\"""" && body!=""couchdb"") || (title=""网关"" && body=""/images/sslvpnportallogo.jpg"") || (header=""host_for_cookie"" && body=""证书认证"" && body=""SECWORLD"") || title=""网神VPN安全网关系统"" || (header=""Set-Cookie: mod_pass_param"" && (body=""<span id=\""qr_confirm\"">请在手机上打开360ID确认登录</span>"" || body=""<span id=\""qr_confirm\"">请在手机上打开奇安信ID确认登录</span>"" || body=""<div id=\""popup\"">如果您需要卸载客户端程序,请从‘开始’>‘所有程序’>‘Gateway SSLVPN’>‘卸载网关客户端’来操作</div>"")) || (cert=""Organization: SecWorld"" && cert=""Organizational Unit: vpn"" && banner!=""ETag"")) && title!=""奇安信网神零信任身份服务系统"" && title!=""奇安信VPN"" && title!=""mfa-obstruct"")","17894","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Nacos Nacos-Server 权限绕过漏洞(CVE-2021-29441)","Nacos 是构建云原生应用的动态服务发现、配置管理和服务管理的平台。Nacos 使用 AuthFilter servlet 过滤器来强制身份验证,此过滤器可以通过修改 user-agent 为 Nacos-Server 绕过身份认证,此问题可能允许任何用户在 Nacos 服务器上执行任何管理任务。","NACOS","Nacos 存在未授权访问漏洞,可以通过修改 user-agent 绕过身份认证,此问题可能允许任何用户在 Nacos 服务器上执行任何管理任务。","⼚商已发布了漏洞修复程序,请及时关注更新: https://github.com/alibaba/nacos/releases","权限绕过","Nacos Nacos-Server Permission Bypass Vulnerability (CVE-2021-29441)","Nacos is a platform for building dynamic service discovery, configuration management, and service management for cloud-native applications.Nacos uses the AuthFilter servlet filter to enforce authentication. This filter can bypass authentication by modifying the user-agent to Nacos-Server. This problem may allow any user to perform any administrative tasks on the Nacos server.","NACOS","Nacos uses the AuthFilter servlet filter to enforce authentication. This filter can bypass authentication by modifying the user-agent to Nacos-Server. This problem may allow any user to perform any administrative tasks on the Nacos server.","The manufacturer has released a bug fix, please pay attention to the update in time: https://github.com/alibaba/nacos/releases","Permission Bypass","CVE-2021-29441","title=""Nacos"" || (body=""Alibaba Group Holding Ltd."" && body=""src=\""js/main.js"" && body=""console-fe"") || (banner=""/nacos/"" && (banner=""HTTP/1.1 302"" || banner=""HTTP/1.1 301 Moved Permanently"")) || banner=""realm=\""nacos""","8224","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"OfficeWeb365 SaveDraw 文件上传漏洞","OfficeWeb365 是专注于 Office 文档在线预览及PDF文档在线预览云服务,包括 Microsoft Word 文档在线预览、Excel 表格在线预览、Powerpoint 演示文档在线预览,WPS 文字处理、WPS 表格、WPS 演示及 Adobe PDF 文档在线预览。OfficeWeb365 存在文件上传漏洞,攻击者可通过该漏洞直接上传一个 webshell 到服务器上,获取服务器权限,进⽽控制整个 web 服务器。","大西科技-OfficeWeb365","OfficeWeb365 存在文件上传漏洞,攻击者可通过该漏洞直接上传一个webshell到服务器上,获取服务器权限,进⽽控制整个web服务器。","1、官⽅暂已修复该漏洞,请⽤户联系⼚商修复漏洞:https://officeweb365.com/Default/Feat2、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。3、如⾮必要,禁⽌公⽹访问该系统。","文件上传","OfficeWeb365 frontend SaveDraw file upload vulnerability","OfficeWeb365 is a cloud service focusing on online preview of Office documents and PDF documents, including online preview of Microsoft Word documents, online preview of Excel tables, online preview of Powerpoint presentation documents, online preview of WPS word processing, WPS spreadsheets, WPS presentations and Adobe PDF documents.There is a file upload vulnerability in OfficeWeb365. Through this vulnerability, an attacker can directly upload a webshell to the server, obtain server permissions, and then control the entire web server.","DAXI-OfficeWeb365","There is a file upload vulnerability in OfficeWeb365. Through this vulnerability, an attacker can directly upload a webshell to the server, obtain server permissions, and then control the entire web server.","1. The official has fixed the vulnerability, please contact the manufacturer to fix the vulnerability: https://officeweb365.com/Default/Feat2. Set access policies through security devices such as firewalls, and set whitelist access.3. If it is not necessary, prohibit the public network from accessing the system.","File Upload","","body=""请输入furl参数"" || header=""OfficeWeb365"" || banner=""OfficeWeb365""","4224","10","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"启明星辰 4A 统一安全管控平台 accountApi/getMaster.do 文件信息泄露漏洞","4A统一安全管控平台(以下简称4A企业版),实现IT资源(包括系统资源和业务资源)集中管理,为企业提供集中的账号(Account) 、认证(Authentication)、授权(Authorization) 、审计(Audit)管理技术支撑及配套流程,提升系统安全性和可管理能力。攻击者通过构造特殊URL地址,读取系统敏感信息。","启明星辰-4A统一安全管控平台","攻击者通过构造特殊URL地址,读取系统敏感信息。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.venusgroup.com.cn/new_type/4Aglpt/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","信息泄露","Venustech 4A unified security management platform accountApi/getMaster.do file information disclosure vulnerability","4A unified security management and control platform (hereinafter referred to as 4A enterprise version), realizes centralized management of IT resources (including system resources and business resources), and provides enterprises with centralized accounts (Account), authentication (Authentication), authorization (Authorization), audit (Audit) ) Management technical support and supporting processes to improve system security and manageability.The attacker reads sensitive system information by constructing a special URL address.","4A-Unified-Sec-Control-Platform","The attacker reads the sensitive information of the system by constructing a special URL address.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://www.venusgroup.com.cn/new_type/4Aglpt/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Information Disclosure","","title=""4A统一安全管控平台""","26","6.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"广联达 linkworks GB/LK/ArchiveManagement/Js/GWGDWebService.asmx 文件上传漏洞","广联达 LinkWorks(也称为 GlinkLink 或 GTP-LinkWorks)是广联达公司(Glodon)开发的一种BIM(建筑信息模型)协同平台。广联达是中国领先的数字建造技术提供商之一,专注于为建筑、工程和建筑设计行业提供数字化解决方案。攻击者通过该漏洞上传恶意文件,可能导致恶意代码执行、身份伪造、后门植入、敏感数据泄露等问题。","广联达-LinkWorks","攻击者通过该漏洞上传恶意文件,可能导致恶意代码执行、身份伪造、后门植入、敏感数据泄露等问题。","1、官方暂已修复该漏洞,请用户联系厂商修复漏洞:http://www.glinkworks.com/office.html2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件上传","Glodon linkworks GB/LK/ArchiveManagement/Js/GWGDWebService.asmx file upload vulnerability","Glodon LinkWorks (also known as GlinkLink or GTP-LinkWorks) is a BIM (Building Information Modeling) collaboration platform developed by Glodon. Glodon is one of the leading digital construction technology providers in China, focusing on providing digital solutions for the architecture, engineering and architectural design industries.Attackers upload malicious files through this vulnerability, which may lead to problems such as malicious code execution, identity forgery, backdoor implantation, and sensitive data leakage.","Glodon-LinkWorks","Attackers upload malicious files through this vulnerability, which may lead to problems such as malicious code execution, identity forgery, backdoor implantation, and sensitive data leakage.","1. The official has fixed the vulnerability temporarily, please contact the manufacturer to fix the vulnerability: http://www.glinkworks.com/office.html2. Set access policies through security devices such as firewalls, and set whitelist access.3. If it is not necessary, the public network is prohibited from accessing the system.","File Upload","","body=""Services/Identification/login.ashx"" || header=""Services/Identification/login.ashx"" || banner=""Services/Identification/login.ashx""","28776","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"新开普智慧校园系统 service.action 远程代码执行漏洞","新开普智慧校园系统是一个校园管理平台。新开普智慧校园系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","新开普-智慧校园系统","攻击者可通过该漏洞在服务器端执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","目前已提供解决方案,请关注厂商主页更新:http://www.newcapec.com.cn/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","代码执行,文件上传","New Cape Smart Campus System service.action Remote Code Execution Vulnerability","New Cape Smart Campus System is a campus management platform.There is a code execution vulnerability in the New Cape Smart Campus system. Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","newcapec-smartcampussystem","There is a code execution vulnerability in the New Cape Smart Campus system. Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The solution has been provided, please pay attention to the update of the manufacturer's homepage: http://www.newcapec.com.cn/Temporary fix:1. Set access policies through security devices such as firewalls, and set whitelist access.2. If it is not necessary, the public network is prohibited from accessing the system.","Code Execution,File Upload","","body=""掌上校园服务管理平台""","14438","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"HIKVISION iVMS-8700 综合安防管理平台 download 文件读取漏洞","HIKVISION iVMS-8700 综合安防管理平台是海康威视生产的一款安全防护平台。HIKVISION iVMS-8700 综合安防管理平台存在任意文件读取漏洞,攻击者通过发送特定的请求包可以读取服务器中的目录信息与敏感文件。","海康威视iVMS-8700安防综合管理平台","攻击者可以利用该漏洞读取重要的系统文件(如数据库配置文件、系统配置文件)、数据库配置文件等,使得网站不安全。","目前没有详细的解决方案提供,请关注厂商主页更新:https://www.hikvision.com/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","目录遍历,文件读取","HIKVISION iVMS-8700 integrated security management platform download file disclosure vulnerability","HIKVISION iVMS-8700 integrated security management platform is a security protection platform produced by Hikvision.The HIKVISION iVMS-8700 integrated security management platform has an arbitrary file reading vulnerability. An attacker can read directory information and sensitive files in the server by sending a specific request packet.","Haikang-Weiwei-IVMS-8700-Security-Integrated-MP","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, resulting in an extremely insecure state of the website.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://www.hikvision.com/Temporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","Directory Traversal,File Read","","cert=""o=Hikvision, ou=louyu, cn=ivms8700"" || (((body=""g_szCacheTime"" && body=""iVMS"") || title=""iVMS-"" || body=""tab-border code-iivms\"">"" || body="" window.document.location = '/license!getExpireDateOfDays.action';"" || body=""var uuid = \""2b73083e-9b29-4005-a123-1d4ec47a36d5\""; // 用于检测VMS是否超时, chenliangyf1"" || (body=""class=\""enname\"">iVMS-4200"" && body=""laRemPassword"") || (body=""//caoshiyan modify 2015-06-30 中转页面"" && body=""/home/locationIndex.action?time="") || body=""<div class=\""enname\"">iVMS-4200"" || header=""Server: If you want know, you can ask me"" || body=""if (refreshurl == null || refreshurl == '') { window.location.reload();}"" || body=""class=\""out\""><a href=\""download/iVMS-"") && body!=""Server: couchdb"")","9564","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"新开普智慧校园系统 service.action 远程代码执行漏洞","新开普智慧校园系统是一个校园管理平台。新开普智慧校园系统存在代码执行漏洞,攻击者可通过该漏洞在服务器端执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","新开普-智慧校园系统","攻击者可通过该漏洞在服务器端执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","目前已提供解决方案,请关注厂商主页更新:http://www.newcapec.com.cn/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","代码执行,文件上传","New Cape Smart Campus System service.action Remote Code Execution Vulnerability","New Cape Smart Campus System is a campus management platform.There is a code execution vulnerability in the New Cape Smart Campus system. Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","newcapec-smartcampussystem","There is a code execution vulnerability in the New Cape Smart Campus system. Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The solution has been provided, please pay attention to the update of the manufacturer's homepage: http://www.newcapec.com.cn/Temporary fix:1. Set access policies through security devices such as firewalls, and set whitelist access.2. If it is not necessary, the public network is prohibited from accessing the system.","Code Execution,File Upload","","body=""掌上校园服务管理平台""","14438","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"HIKVISION iVMS-8700 综合安防管理平台 download 文件读取漏洞","HIKVISION iVMS-8700 综合安防管理平台是海康威视生产的一款安全防护平台。HIKVISION iVMS-8700 综合安防管理平台存在任意文件读取漏洞,攻击者通过发送特定的请求包可以读取服务器中的目录信息与敏感文件。","海康威视iVMS-8700安防综合管理平台","攻击者可以利用该漏洞读取重要的系统文件(如数据库配置文件、系统配置文件)、数据库配置文件等,使得网站不安全。","目前没有详细的解决方案提供,请关注厂商主页更新:https://www.hikvision.com/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","目录遍历,文件读取","HIKVISION iVMS-8700 integrated security management platform download file disclosure vulnerability","HIKVISION iVMS-8700 integrated security management platform is a security protection platform produced by Hikvision.The HIKVISION iVMS-8700 integrated security management platform has an arbitrary file reading vulnerability. An attacker can read directory information and sensitive files in the server by sending a specific request packet.","Haikang-Weiwei-IVMS-8700-Security-Integrated-MP","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, resulting in an extremely insecure state of the website.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://www.hikvision.com/Temporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","Directory Traversal,File Read","","app=""HIKVISION-iVMS""","9558","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"MinIO verify 接口敏感信息泄露漏洞(CVE-2023-28432)","MinIO 是一种开源的对象存储服务,它兼容 Amazon S3 API,可以在私有云或公有云中使用。MinIO 是一种高性能、高可用性的分布式存储系统,它可以存储大量数据,并提供对数据的高速读写能力。MinIO 采用分布式架构,可以在多个节点上运行,从而实现数据的分布式存储和处理。MinIO verify接口存在敏感信息泄漏漏洞,攻击者通过构造特殊URL地址,读取系统敏感信息。","minio","MinIO verify接口存在敏感信息泄漏漏洞,攻击者通过构造特殊URL地址,读取系统敏感信息。","厂商已发布了漏洞修复程序,请及时关注更新:https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q","信息泄露","MiniO verify interface sensitive information disclosure vulnerability (CVE-2023-28432)","MinIO is an open source object storage service that is compatible with the Amazon S3 API and can be used in private or public clouds. MinIO is a high-performance, high-availability distributed storage system that can store large amounts of data and provide high-speed read and write capabilities for data. MinIO adopts a distributed architecture and can run on multiple nodes to realize distributed storage and processing of data.There is a sensitive information disclosure vulnerability in the MiniO verify interface, which allows attackers to read sensitive system information by constructing special URL addresses.","minio","There is a sensitive information disclosure vulnerability in the MiniO verify interface, which allows attackers to read sensitive system information by constructing special URL addresses.","The manufacturer has released a bug fix, please pay attention to the update in time:https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q","Information Disclosure","CVE-2023-28432","banner=""MinIO"" || header=""MinIO"" || title=""MinIO""","393685","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通文档安全管理系统 syn_user_policy 文件上传漏洞","亿赛通电子文档安全管理系统是一款电子文档安全加密软件。亿赛通电子文档安全管理系统存在文件上传漏洞,攻击者可以通过该漏洞获取服务器控制权限。","亿赛通-电子文档安全管理系统","攻击者可通过该漏洞在服务器端上传 webshell,执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","目前已提供详细的解决方案提供,请关注厂商主页更新:http://www.esafenet.com/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件上传,信创","Esaiton document security management system syn_user_policy file upload vulnerability","Easyton electronic document security management system is an electronic document security encryption software.There is a file upload vulnerability in the Easyton electronic document security management system, through which an attacker can gain control over the server.","ESAFENET-CDG","There is a file upload vulnerability in the security management system of Yisaitong electronic documents, through which an attacker can obtain server control permissions.","At present, detailed solutions have been provided, please pay attention to the update of the manufacturer's homepage: http://www.esafenet.com/Temporary fix:1. Set access policies through security devices such as firewalls, and set whitelist access.2. If it is not necessary, the public network is prohibited from accessing the system.","File Upload,Information technology application innovation industry","","(body=""CDGServer3"" && body!=""DLP"") || ((((title=""电子文档安全管理系统"" && (cert=""esafenet"" || body=""CDGServer3"")) || (body=""CDGServer3/3g"" && body=""/help/getEditionInfo.jsp"")) || body=""CDGServer3/index.jsp"") && title!=""数据泄露"")","20489","10.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"KubePi JWT 默认密钥权限绕过漏洞(CVE-2023-22463)","KubePi 是一款简单易用的开源 Kubernetes 可视化管理面板。KubePi 存在权限绕过漏洞,攻击者可通过默认 JWT 密钥获取管理员权限控制整个平台,使用管理员权限操作核心的功能。","KubePi","KubePi 存在权限绕过漏洞,攻击者可通过默认 JWT 密钥获取权限控制整个平台,使用管理员权限操作核心的功能。","官方已修复该漏洞:https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-vjhf-8vqx-vqpq临时解决方案:1、修改默认 JWT 密钥,密钥最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","权限绕过","KubePi JWT Default Key Permission Bypass Vulnerability (CVE-2023-22463)","KubePi is a simple and easy-to-use open source Kubernetes visual management panelKubePi has a privilege bypass vulnerability, which allows attackers to control the entire platform through the default JWT user and operate core functions with administrator privileges.","KubePi","KubePi has a privilege bypass vulnerability, which allows attackers to control the entire platform through the default JWT user and operate core functions with administrator privileges.","The product has fixed the vulnerability: https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-vjhf-8vqx-vqpq1. Modify the default JWT key, preferably containing uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.2. If not necessary, prohibit public network access to the system.3. Set access policies and whitelist access through security devices such as firewalls.","Permission Bypass","CVE-2023-22463","title=""KubePi"" || body=""/kubepi/css/"" || body=""kubepi doesn't work"" || header=""KubePi"" || banner=""KubePi""","338","7.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"KubePi 默认密码漏洞","KubePi 是一款简单易用的开源 Kubernetes 可视化管理面板。KubePi 存在默认口令漏洞,攻击者可通过默认口令登陆管理员账号控制整个平台,使用管理员权限操作核心的功能。","KubePi","KubePi 存在默认口令漏洞,攻击者可通过默认口令登陆管理员账号控制整个平台,使用管理员权限操作核心的功能。","临时解决方案:1、修改默认口令,密钥最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","KubePi Default Password Vulnerability","KubePi is a simple and easy-to-use open source Kubernetes visual management panelKubePi has a default password vulnerability, which allows attackers to control the entire platform through the default JWT user and operate core functions with administrator privileges.","KubePi","KubePi has a default password vulnerability, which allows attackers to control the entire platform through the default user and operate core functions with administrator privileges.","1. Modify the default password, preferably containing uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.2. If not necessary, prohibit public network access to the system.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","title=""KubePi"" || body=""/kubepi/css/"" || body=""kubepi doesn't work"" || header=""KubePi"" || banner=""KubePi""","338","7.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Milesight VPN server.js 任意文件读取漏洞","MilesightVPN 是一款软件,一个 Milesight 产品的 VPN 通道设置过程更加完善,并可通过网络服务器界面连接状态。攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","Milesight","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.milesight.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","Milesight VPN server.js Arbitrary File Read Vulnerability","MilesightVPN is a software, a Milesight product that completes the VPN tunnel setup process and enables connection status through the web server interface.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., making the website extremely insecure.","Milesight","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://www.milesight.com/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","File Read","","body=""glyphicon-remove"" && body=""$randdt;""","103","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Tenda 路由器 DownloadCfg 信息泄露漏洞","Tenda 路由器是深圳市吉祥腾达科技有限公司的一款智能无限路由器。Tenda 路由器存在信息泄露漏洞,攻击者通过构造特殊 URL 地址,读取系统敏感信息。","Tenda-路由器","Tenda 路由器存在信息泄露漏洞,攻击者通过构造特殊 URL 地址,读取系统敏感信息。","1、将关键信息进行加密处理。2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","信息泄露","Tenda router DownloadCfg information leakage vulnerability","Tenda router is an intelligent unlimited router from Shenzhen Jixiang Tenda Technology Co., LTD.Tenda router has information leakage vulnerability, attackers can read sensitive system information by constructing special URL addresses.","Tenda-Router","Tenda router has information leakage vulnerability, attackers can read sensitive system information by constructing special URL addresses.","1. Encrypt key information.2. Set access policies and whitelist access through security devices such as firewalls.3. Disable public network access to the system if necessary.","Information Disclosure","","(title=""Tenda | LOGIN"" || title=""Tenda|登录"" || title==""Tenda"" || (title=""Tenda "" && title=""Router"") || (body=""('TENDA '+sys_target+' Router');"" && body!=""href=\\\""http://www.nexxtsolutions.com/"") || server=""access to tenda "" || body=""background:url(tenda-logo-big.png)"" || body=""/css/tenda.css"" || title=""TENDA 11N无线路由器登录界面"" || (title=""Tenda Web Master"" && (body=""router to restore"" || body=""router and reset"")) || title==""Tenda Wireless Router"") && header!=""360 web server"" && body!=""Server: couchdb""","176229","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"OneNav 书签管理应用 index.php 默认口令漏洞","OneNav 是一款书签管理应用。该应用存在默认口令,攻击者可通过默认口令(admin/admin)控制整个平台,使用管理员权限操作核心功能。","OneNav-书签管理","攻击者可通过默认口令(admin/admin)漏洞控制整个平台,使用管理员权限操作核心的功能。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","OneNav index.php Default Password Vulnerability","OneNav is a bookmark management application. There is a default password for this application. An attacker can control the entire platform through the default password (admin/admin) and operate the core functions with administrator privileges.","onenav","Attackers can control the entire platform through the default password(admin/admin) vulnerability, and use administrator privileges to operate core functions.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers and special characters, and the number of digits is greater than 8.2. If it is not necessary, it is forbidden to access the system from the public network.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","body=""https://github.com/helloxz/onenav"" || body=""href=\""/index.php?c=login\"" title = \""登录OneNav"" || title=""OneNav - 开源书签管理程序"" || body=""<meta name=\""description\"" content=\""OneNav""","13503","5.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友-时空 KSOA PayBill 文件 name 参数 SQL 注入漏洞","用友-时空 KSOA 是建立在 SOA 理念指导下研发的新一代产品,是根据流通企业前沿的 IT 需求推出的统一的IT基础架构,它可以让流通企业各个时期建立的 IT 系统之间彼此轻松对话。用友-时空 KSOA PayBill 存在 sql 注入漏洞,攻击者可通过 xp_cmdshell 执行任意命令获取服务器权限。","用友-时空KSOA","用友-时空 KSOA PayBill 存在 sql 注入漏洞,攻击者可通过 xp_cmdshell 执行任意命令获取服务器权限。","1、目前厂商已发布安全补丁,请及时更新:https://www.yonyou.com/。2、部署 Web 应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","Yongyou-KSOA PayBill SQL Injection Vulnerability","Yonyou-Timespace KSOA is a new generation of product developed under the guidance of the SOA concept. It is a unified IT infrastructure launched according to the cutting-edge IT needs of distribution enterprises. It allows the IT systems established in various periods of distribution enterprises to communicate with each other easily.There is a sql injection vulnerability in UFIDA-Timespace KSOA PayBill, attackers can execute arbitrary commands through xp_cmdshell to obtain server privileges.","yonyou-Time-and-Space-KSOA","There is a sql injection vulnerability in UFIDA-Timespace KSOA PayBill, attackers can execute arbitrary commands through xp_cmdshell to obtain server privileges.","At present, the manufacturer has released security patches, please update in time: https://www.yonyou.com/.","SQL Injection","","body=""onmouseout=\""this.classname='btn btnOff'\""""","4524","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友时空 KSOA servlet/imagefield 文件 sKeyvalue 参数 SQL 注入漏洞","用友时空 KSOA 是建立在 SOA 理念指导下研发的新一代产品,是根据流通企业前沿的IT需求推出的统一的 IT 基础架构,它可以让流通企业各个时期建立的IT系统之间彼此轻松对话,帮助流通企业保护原有的 IT 投资,简化 IT 管理,提升竞争能力,确保企业整体的战略目标以及创新活动的实现。攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","用友-时空KSOA","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.yonyou.com/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","UFIDA KSOA servlet/imagefield file sKeyvalue parameter SQL injection vulnerability","UFIDA KSOA is a new-generation product developed under the guidance of the SOA concept. It is a unified IT infrastructure launched according to the cutting-edge IT needs of distribution companies. Circulation enterprises can protect the original IT investment, simplify IT management, enhance competitiveness, and ensure the realization of the overall strategic goals and innovation activities of the enterprise.In addition to using SQL injection vulnerabilities to obtain information in the database (for example, administrator background passwords, site user personal information), attackers can even write Trojan horses into the server under high-privilege conditions to further obtain server system permissions.","yonyou-Time-and-Space-KSOA","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://www.yonyou.com/2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","SQL Injection","","body=""onmouseout=\""this.classname='btn btnOff'\""""","4551","10","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Draytek Vigor 2960 网关文件读取漏洞","Vigor2960 是一款双 WAN 宽带路由器 VPN 网关。Vigor2960 v1.5.1.4 存在任意文件读取漏洞。攻击者可通过该漏洞读取泄露源码、数据库配置文件等等,导致网站处于极度不安全状态。","DrayTek-Vigor2960","Vigor2960 v1.5.1.4 存在任意文件读取漏洞。攻击者可通过该漏洞读取泄露源码、数据库配置文件等等,导致网站处于极度不安全状态。","目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:https://www.draytek.com/","文件读取","Draytek Vigor 2960 File Read Vulnerability","Vigor2960 is a dual-WAN broadband router/VPN gateway.Vigor2960 v1.5.1.4 has arbitrary file read vulnerability.","DrayTek-Vigor2960","Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website.","The vendor has released a bug fix, please pay attention to the update in time:https://www.draytek.com/","File Read","","banner=""Model: Vigor2960"" || body=""src=\""V2960/excanvas.js"" || title==""Vigor 2960"" || body=""src=\""V2960/V2960.nocache.js\"">""","41643","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"飞企互联 FE 业务协作平台 ShowImageServlet 文件 magePath 参数文件读取漏洞","FE 办公协作平台是实现应用开发、运行、管理、维护的信息管理平台。飞企互联 FE 业务协作平台存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","飞企互联-FE企业运营管理平台","飞企互联 FE 业务协作平台存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.flyrise.cn/","文件读取","FlyEnterprise Internet FE Business Collaboration Platform ShowImageServlet Arbitrary File Read Vulnerability","FE office collaboration platform is an information management platform for application development, operation, management and maintenance.There is a file reading vulnerability in the Feiqi Internet FE business collaboration platform, through which attackers can read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","Flyrise-FE-Ent-Operation-MP","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","The vendor has released a bug fix, please pay attention to the update in time:https://www.flyrise.cn/","File Read","","body=""js39/flyrise.stopBackspace.js"" || body=""src=\""/js39/flyrise.dialog.js"" || body=""src=\""/js39/external/jquery""","1650","5.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"万户 ezOFFICE 协同办公平台 wpsservlet 接口文件上传漏洞","万户网络ezOFFICE协同办公平台是一款OA办公自动化,具有良好的易用性,系统设置更加灵活。攻击者可以利用该漏洞上传恶意文件,获取服务器权限和执行恶意操作。","万户网络-ezOFFICE","攻击者可以利用该漏洞上传恶意文件,获取服务器权限和执行恶意操作。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.wanhu.com.cn2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","文件上传","ezOFFICE collaborative office platform wpsservlet interface file upload vulnerability","Wanhu Network's ezOFFICE collaborative office platform is an OA office automation platform with good ease of use and more flexible system settings.Attackers can exploit this vulnerability to upload malicious files, obtain server permissions and perform malicious operations.","Whir-ezOFFICE","Attackers can exploit this vulnerability to upload malicious files, obtain server permissions and perform malicious operations.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.whir.net/2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","File Upload","","title=""ezOFFICE协同管理平台"" || title=""Wanhu ezOFFICE"" || title=""ezOffice for iPhone"" || body=""EZOFFICEUSERNAME"" || body=""whirRootPath"" || body=""/defaultroot/js/cookie.js"" || header=""LocLan"" || (banner=""/defaultroot/sp/login.jsp"" && banner=""Set-Cookie: JSESSIONID="") || (header=""Set-Cookie: OASESSIONID="" && (title=""ezOFFICE"" || body=""whir.util.js"" || body=""var ezofficeUserPortal_ = Cookie(\""ezofficeUserPortal\"");""))","2080","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"安恒明御安全网关 aaa_local_web_preview 文件上传漏洞","明御安全网关秉持安全可视、简单有效的理念,以资产为视角,构建全流程防御的下一代安全防护体系,并融合传统防火墙、入侵检测、入侵防御系统、防病毒网关、上网行为管控、VPN网关、威胁情报等安全模块于一体的智慧化安全网关。明御安全网关在aaa_local_web_preview文件处存在文件上传漏洞。攻击者可以利用该漏洞上传恶意文件进而获取服务器权限等。","安恒信息-明御安全网关","攻击者可以利用该漏洞上传恶意文件进而进行敏感操作获取服务器权限。","厂商已发布了漏洞修复程序,请及时关注更新: https://www.dbappsecurity.com.cn/","文件上传","Dbappsecurity Mingyu Security Gateway aaa_local_web_preview File Upload Vulnerability","Mingyu Security Gateway adheres to the concept of security visibility, simplicity and effectiveness, and builds a next-generation security protection system for full-process defense from the perspective of assets, and integrates traditional firewalls, intrusion detection, intrusion prevention systems, anti-virus gateways, Internet behavior control, An intelligent security gateway integrating security modules such as VPN gateway and threat intelligence. There is a file upload vulnerability in the aaa_local_web_preview file of Mingyu Security Gateway.Attackers can use this vulnerability to upload malicious files and obtain server permissions.","DAS_Security-Mingyu-SecGW","Attackers can exploit this vulnerability to upload malicious files and perform sensitive operations to obtain server permissions.","The vendor has released a bug fix, please pay attention to the update in time: https://www.dbappsecurity.com.cn/","File Upload","","title=""明御安全网关""","2382","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"SuperShell JWT 硬编码凭证漏洞","Supershell 是一个通过 WEB 服务访问的 C2 远程控制平台。SuperShell 存在默认 JWT 令牌漏洞,可登录获取系统权限。","SuperShell","攻击者可利用默认 JWT token 登录后台,夺取管理员权限,控制整个网站。","1、修改默认 JWT token,salt 最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","SuperShell Default JWT Vulnerability","Supershell is a C2 remote control platform accessed through WEB services.There is a default JWT token vulnerability in SuperShell, and you can log in to obtain system privileges.","SuperShell","Attackers can use the default JWT token to log in to the background, seize administrator privileges, and control the entire website.","1. Modify the default JWT token. The salt should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.2. If not necessary, prohibit public network access to the system.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","title=""Supershell"" || header=""supershell"" || banner=""supershell""","1381","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"SuperShell share_pwd 权限绕过漏洞","Supershell 是一个通过 WEB 服务访问的 C2 远程控制平台。SuperShell 存在默认共享账户,并未检测用户名权限,可登录获取系统权限。","SuperShell","攻击者可利用默认共享账户登录后台,夺取管理员权限,控制整个网站。","1、修改默认共享账户,salt 最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","权限绕过","SuperShell share_pwd permission bypass vulnerability","Supershell is a C2 remote control platform accessed through WEB services.There is a default share account vulnerability in SuperShell, and you can log in to obtain system privileges.","SuperShell","Attackers can use the default share account to log in to the background, seize administrator privileges, and control the entire website.","1. Modify the default share account. The salt should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.2. If not necessary, prohibit public network access to the system.3. Set access policies and whitelist access through security devices such as firewalls.","Permission Bypass","","title=""Supershell"" || header=""supershell"" || banner=""supershell""","1381","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"普元低代码开发平台 default remote 远程代码执行漏洞","普元低代码开发平台EOS Platform是企业级“一体化数字应用支撑平台”,为企业提供分布式架构下的“应用孵化”与“运维管理”的支撑环境。普元低代码开发平台EOS具备复杂代码开发、敏捷拖拽开发、流程协同开发、服务集成开发、数据分析开发等多种功能开发能力,支持微服务应用的开发、部署、监控、运维、治理等应用生命周期管理工作。defualt 模块 remote 拦截器存在远程代码执行漏洞,攻击者可通过该方式执行任意代码从而控制服务器。","普元-低代码开发平台","defualt 模块 remote 拦截器存在远程代码执行漏洞,攻击者可通过该方式执行任意代码从而控制服务器。","厂商已提供漏洞修补方案,请关注厂商主页及时更新:https://www.primeton.com/","代码执行,信创","primeton EOS default remote Remote Code Execution Vulnerability","EOS Platform, the low-code development platform developed by PuYuan, is an enterprise-level ""integrated digital application support platform"" that provides a supportive environment for ""application incubation"" and ""operation and maintenance management"" for enterprises under a distributed architecture. EOS Platform has various functional development capabilities such as complex code development, agile drag-and-drop development, process collaborative development, service integration development, and data analysis development. It supports the development, deployment, monitoring, operation and governance of microservice applications, as well as application lifecycle management.In the default module of the platform, there is a remote code execution vulnerability in the remote interceptor, which allows attackers to execute arbitrary code and take control of the server.","primeton EOS","In the default module of the platform, there is a remote code execution vulnerability in the remote interceptor, which allows attackers to execute arbitrary code and take control of the server.","Currently, the vendor has released an upgrade patch to fix the vulnerability. Users are advised to install the patch to fix the vulnerability. The patch can be obtained from the following link: https://www.primeton.com/","Code Execution,Information technology application innovation industry","","title=""404"" && body=""Tomcat""","820984","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"普元低代码开发平台 default jmx 远程代码执行漏洞","普元低代码开发平台EOS Platform是企业级“一体化数字应用支撑平台”,为企业提供分布式架构下的“应用孵化”与“运维管理”的支撑环境。普元低代码开发平台EOS具备复杂代码开发、敏捷拖拽开发、流程协同开发、服务集成开发、数据分析开发等多种功能开发能力,支持微服务应用的开发、部署、监控、运维、治理等应用生命周期管理工作。defualt 模块 jmx 拦截器存在远程代码执行漏洞,攻击者可通过该方式执行任意代码从而控制服务器。","普元-低代码开发平台","defualt 模块 jmx 拦截器存在远程代码执行漏洞,攻击者可通过该方式执行任意代码从而控制服务器。","厂商已提供漏洞修补方案,请关注厂商主页及时更新:https://www.primeton.com/","代码执行,信创","primeton EOS default jmx Remote Code Execution Vulnerability","EOS Platform, the low-code development platform developed by PuYuan, is an enterprise-level ""integrated digital application support platform"" that provides a supportive environment for ""application incubation"" and ""operation and maintenance management"" for enterprises under a distributed architecture. EOS Platform has various functional development capabilities such as complex code development, agile drag-and-drop development, process collaborative development, service integration development, and data analysis development. It supports the development, deployment, monitoring, operation and governance of microservice applications, as well as application lifecycle management.In the default module of the platform, there is a remote code execution vulnerability in the jmx interceptor, which allows attackers to execute arbitrary code and take control of the server.","primeton EOS","In the default module of the platform, there is a remote code execution vulnerability in the jmx interceptor, which allows attackers to execute arbitrary code and take control of the server.","Currently, the vendor has released an upgrade patch to fix the vulnerability. Users are advised to install the patch to fix the vulnerability. The patch can be obtained from the following link: https://www.primeton.com/","Code Execution,Information technology application innovation industry","","title=""404"" && body=""Tomcat""","820984","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"海康威视 iVMS 综合安防系统 svm/api/external/report 接口文件上传漏洞","海康威视的 iVMS(Intelligent Video Management System)综合安防系统是一种全面的视频监控和安全管理平台,旨在帮助用户实现对多个安防设备、摄像机和传感器的集中管理和监控。iVMS 是海康威视公司开发的软件,具有强大的功能,适用于各种场景,包括企业、政府机构、教育机构、医疗机构、交通、金融等。攻击者利用文件上传漏洞将恶意文件上传到目标系统。这些文件可以执行任意代码、建立后门,并危害整个系统的安全性。","HIKVISION-iSecure-Center","攻击者利用文件上传漏洞将恶意文件上传到目标系统。这些文件可以执行任意代码、建立后门,并危害整个系统的安全性。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.hikvision.com/","文件上传","Hikvision iVMS integrated security system svm/api/external/report interface file upload vulnerability","Hikvision's iVMS (Intelligent Video Management System) integrated security system is a comprehensive video surveillance and security management platform designed to help users achieve centralized management and monitoring of multiple security devices, cameras and sensors. iVMS is a software developed by Hikvision. It has powerful functions and is suitable for various scenarios, including enterprises, government agencies, educational institutions, medical institutions, transportation, finance, etc.Attackers exploit the file upload vulnerability to upload malicious files to the target system. These files can execute arbitrary code, establish backdoors, and compromise the security of the entire system.","HIKVISION-iSecure-Center","Attackers exploit file upload vulnerabilities to upload malicious files onto a target system. These files can execute arbitrary code, establish backdoors, and compromise the security of the entire system.","The vendor has released a bug fix, please pay attention to the update in time:https://www.hikvision.com/","File Upload","","app=""HIKVISION-iSecure-Center""","6267","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"绿盟运维安全管理系统 GetFile/index 接口 path 参数文件读取漏洞","绿盟运维安全管理系统(俗称堡垒机,英文简称OSMS)以满足等级保护下“身份鉴别、访问控制、安全审计”等监管要求为核心,基于“账号、认证、授权和审计”4A管理理念,采用三权分立和最小访问权限原则,实现精准的事前识别、精细的事中控制和精确的事后审计。攻击者可以利用此漏洞读取系统重要文件,如数据库配置文件和系统配置文件等。这可能导致网站极度不安全。","NSFOCUS-堡垒机","攻击者可以利用此漏洞读取系统重要文件,如数据库配置文件和系统配置文件等。这可能导致网站极度不安全。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.nsfocus.com.cn/html/2019/212_0926/20.html","文件读取","NSFOCUS Operation and Maintenance Security Management System GetFile/index api path parameter file read vulnerability","NSFOCUS Operation and Maintenance Security Management System (commonly known as Fortress Machine, also known as OSMS) is centered around meeting regulatory requirements such as ""identity authentication, access control, and security audit"" under hierarchical protection. Based on the 4A management concept of ""account, authentication, authorization, and audit"", it adopts the principles of separation of powers and minimum access rights to achieve precise pre identification, precise in-process control, and precise post audit.Attackers can use this vulnerability to read important system files, such as database configuration files and system configuration files. This can make the site extremely unsafe.","NSFOCUS-Bastion-Host","attackers can exploit to access crucial system files, such as database and system configuration files. This could result in a highly insecure state of the website.","The vendor has released a bug fix, please pay attention to the update in time:https://www.nsfocus.com.cn/html/2019/212_0926/20.html","File Read","","title=""NSFOCUS"" || (body=""needUsbkey.php"" && body=""/otp_auth.php"")","18113","7.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"SuperShell 默认口令","Supershell 是一个通过 WEB 服务访问的 C2 远控平台。SuperShell 存在默认口令漏洞,可通过 tdragon6:tdragon6 登陆获取系统权限。","SuperShell","SuperShell 存在默认口令漏洞,可通过 tdragon6:tdragon6 登陆获取系统权限。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","SuperShell default password","Supershell is a C2 remote control platform accessed through WEB services.There is a default password vulnerability in SuperShell, and you can log in through tdragon6:tdragon6 to obtain system privileges.","SuperShell","Attackers can use the default password to log in to the background, seize administrator privileges, and control the entire website.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.2. If not necessary, prohibit public network access to the system.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","title=""Supershell"" || header=""supershell"" || banner=""supershell""","1381","10","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"大华智慧园区综合管理平台 deleteFtp 接口远程命令执行漏洞","大华智慧园区系列综合管理平台是为一般公共建筑提供安全高效的管理,打造智慧园区综合管理平台,通过融合大华在安防领域的专业经验和智能化前沿技术,集成视频、门禁、报警、停车场、考勤、访客、可视对讲机、信息发布等业务子系统。攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","dahua-智慧园区综合管理平台","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://dahuatech.corp.dav01.com2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","命令执行,信创","Dahua Wisdom park System deleteFtp Api Command Execution Vulnerability","Dahua wisdom park series integrated management platform is for the general public to provide a safe and efficient management, build wisdom zone comprehensive management platform, by the fusion of dahua professional experience in the field of security and intelligent cutting-edge technology, integrated video, access control, alarm, car parks, attendance, visitors, visible interphone, information release and other business subsystem.Through this vulnerability, the attacker can arbitrarily execute the code on the server side, write the back door, obtain the server permission, and then control the whole Web server.","dahua-Smart-Park-GMP","Through this vulnerability, the attacker can arbitrarily execute the code on the server side, write the back door, obtain the server permission, and then control the whole Web server.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://dahuatech.corp.dav01.com2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Command Execution,Information technology application innovation industry","","body=""src=\""/WPMS/asset/common/js/jsencrypt.min.js\"""" || body=""/WPMS/asset/lib/json2.js""","5525","10.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"泛微 E-Office mobile_upload_save 组件任意文件上传漏洞(CVE-2023-2523)","泛微e-officeOA系统是面向中小型组织的专业协同OA软件。泛微e-office的mobile_upload_save模块由于参数处理不当,导致存在文件上传漏洞,攻击者可以通过该漏洞直接获取网站权限。","泛微-EOffice","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、使用WAF过滤2、关注官方补丁及时更新:https://www.weaver.com.cn/","文件上传,信创","weaver E-Office mobile_upload_save component arbitrary file upload vulnerability (CVE-2023-2523)","weaver e-officeOA system is a professional collaborative OA software for small and medium-sized organizations.The mobile_upload_save module of weaver e-office has a file upload vulnerability due to improper parameter processing. Attackers can directly obtain website permissions through this vulnerability.","Weaver-EOffice","Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","1. Use WAF filtering2. Pay attention to the timely update of official patches: https://www.weaver.com.cn/","File Upload,Information technology application innovation industry","CVE-2023-2523","((header=""general/login/index.php"" || body=""/general/login/view//images/updateLoad.gif"" || (body=""szFeatures"" && body=""eoffice"") || header=""Server: eOffice"") && body!=""Server: couchdb"") || banner=""general/login/index.php""","3679","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友畅捷通 T+ GetStoreWarehouseByStore 方法远程命令执行漏洞","用友畅捷通T+ 是一款智慧、灵动、时尚的基于互联网时代的企业管理软件。畅捷通T+存在远程命令执行漏洞,攻击者可利用该漏洞在目标服务器上执行任意命令。","畅捷通-TPlus","畅捷通T+存在远程命令执行漏洞,攻击者可利用该漏洞在目标服务器上执行任意命令。","厂商已发布修复补丁,请用户尽快修复:https://www.chanjetvip.com/product/goods","命令执行","Yonyou Chanjet T+ GetStoreWarehouseByStore Method Remote Command Execution Vulnerability","Yonyou changjietong T+is a smart, flexible and fashionable enterprise management software based on the The Internet Age.Yonyou changjietong T+ has a remote command execution vulnerability, which allows attackers to execute arbitrary commands on the target server.","Chanjet-TPlus","Yonyou changjietong T+ has a remote command execution vulnerability, which allows attackers to execute arbitrary commands on the target server.","The manufacturer has released a repair patch, please fix it as soon as possible: https://www.chanjetvip.com/product/goods","Command Execution","","body=""><script>location='/tplus/';</script></body>"" || title==""畅捷通 T+""","160070","9.3","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"宏景人力资源信息管理系统 codesettree 接口 SQL 注入漏洞","宏景HCM是一款全面的人力资源管理软件产品,旨在帮助企业提高人力资源管理效率和员工体验,实现人力资源数字化转型。攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","HJSOFT-HCM","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","厂商已发布了漏洞修复程序,请及时关注更新:http://hjsoft.com.cn/#/product/type=01/id=2?title=%E5%AE%8F%E6%99%AFHCM&target=1","SQL注入","Hjsoft HCM codesettree Interface SQL Injection Vulnerability","Hongjing HCM is a comprehensive human resource management software product, which aims to help enterprises improve the efficiency of human resource management and employee experience, and achieve Digital transformation of human resourcesIn addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's background password, the site's user's personal information), attackers can even write trojans to the server in the case of high permissions to further obtain server system permissions.","HJSoft-HCM","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's background password, the site's user's personal information), attackers can even write trojans to the server in the case of high permissions to further obtain server system permissions.","The manufacturer has released a vulnerability fix program, please keep an eye on the updates:http://hjsoft.com.cn/#/product/type=01/id=2?title=%E5%AE%8F%E6%99%AFHCM&target=1","SQL Injection","","(title=""人力资源信息管理系统"" && body=""src=\""/images/hcm/copyright.gif\"""") || body=""src=\""/images/hcm/themes/default/login/login_banner2.png?v=12334\"""" || body=""src=\""/general/sys/hjaxmanage.js\""""","3877","7.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Arris VAP2500 list_mac_address 未授权远程命令执行漏洞","Arris VAP2500是美国Arris集团公司的一款无线接入器产品。攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","ARRIS-Netopia-2000","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.arris.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","命令执行","Arris VAP2500 list_mac_address Unauthorized Remote Command Execution Vulnerability","Arris VAP2500 is a wireless access point product of Arris Group Corporation of the United States.Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","ARRIS-Netopia-2000","Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://www.arris.com/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Command Execution","","body=""./images/lg_05_1.gif""","44139","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"HiKVISION 综合安防管理平台 files 文件上传漏洞","HiKVISION 综合安防管理平台是一套安防信息化集成平台。HiKVISION 综合安防管理平台存在任意文件上传漏洞,攻击者可通过该漏洞在服务器端上传任意文件,执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","HIKVISION-安防平台","攻击者可通过该漏洞在服务器端上传任意文件,执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","目前没有详细的解决方案提供,请关注厂商主页更新:https://www.hikvision.com/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件上传","HiKVISION security management platform files file upload vulnerability","HiKVISION comprehensive security management platform is a security information integration platform.There is an arbitrary file upload vulnerability in the HiKVISION comprehensive security management platform. Through this vulnerability, an attacker can upload arbitrary files on the server side, execute code, write backdoors, obtain server permissions, and then control the entire web server.","HIKVISION-Security-Platform","Attackers can use this vulnerability to upload files, execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: https://www.hikvision.com/Temporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","File Upload","","body=""top.location.href = ctx+\""/error/browser.do\"";""","6471","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"LiveBos ScriptVariable.jsp 远程代码执行漏洞","LiveBOS 灵动业务架构平台,是面向对象的业务支撑平台与建模工具,在 LiveBOS 支持下,用户只需要基于业务和管理的层面,而非技术的层面来理解、设计、构架和集成企业的信息系统(基于业务层面是指开发人员只需描述企业的组织机构、业务流程、业务信息、业务资源、业务逻辑、业务事件等业务内容,而不考虑技术层面的东西),就可以实现各类基于WEB的高层次信息化应用。LiveBos 存在远程代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","apex-LiveBPM","LiveBos 存在远程代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","官方已修复该漏洞,请用户联系厂商修复漏洞:https://pms.crm.apexsoft.com.cn/1、通过防火墙等安全设备设置访问策略,设置⽩名单访问。2、如非必要,禁止公网访问该系统。","权限绕过,代码执行","LiveBos ScriptVariable.jsp Remote Code Execution Vulnerability","LiveBOS smart business architecture platform is an object-oriented business support platform and modeling tool. With the support of LiveBOS, users only need to understand, design, structure and integrate enterprise information systems based on the business and management level rather than the technical level (Based on the business level means that developers only need to describe the organization, business process, business information, business resources, business logic, business events and other business content of the enterprise, regardless of the technical level), and can realize various web-based high-level information applications.There is a remote code execution vulnerability in LiveBos, through which an attacker can arbitrarily execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","apex-LiveBPM","There is a remote code execution vulnerability in LiveBos, through which an attacker can arbitrarily execute code on the server side, write a backdoor, obtain server permissions, and then control the entire web server.","The official has fixed the vulnerability, please contact the manufacturer to fix the vulnerability: https://pms.crm.apexsoft.com.cn/1. Set access policies through security devices such as firewalls, and set whitelist access.2. If it is not necessary, the public network is prohibited from accessing the system.","Permission Bypass,Code Execution","","body=""LiveBos"" || body=""/react/browser/loginBackground.png""","836","10","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"绿盟 SAS 堡垒机 local_user.php 权限绕过漏洞","SAS 安全审计系统是绿盟科技开发的一款堡垒机。攻击者可以访问他们通常无权访问的敏感资源,最终导致系统处于极度不安全状态。","NSFOCUS-堡垒机","攻击者可以访问他们通常无权访问的敏感资源,最终导致系统处于极度不安全状态。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.nsfocus.com.cn/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","权限绕过","NSFOCUS SAS bastion machine local_user.php permission bypass vulnerability","The SAS security audit system is a bastion host developed by NSFOCUS.Attackers can gain access to sensitive resources to which they normally do not have access, ultimately leaving the system in a highly insecure state.","NSFOCUS-Bastion-Host","Attackers can gain access to sensitive resources to which they normally do not have access, ultimately leaving the system in a highly insecure state.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: http://www.nsfocus.com.cn/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Permission Bypass","","body=""'/needUsbkey.php'"" || body=""/login_logo_sas_h_zh_CN.png""","2862","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"金和 OA C6/Control/GetSqlData.aspx/.ashx 文件 SQL 注入漏洞","金和网络是专业信息化服务商,为城市监管部门提供了互联网+监管解决方案,为企事业单位提供组织协同OA系统开发平台,电子政务一体化平台,智慧电商平台等服务。攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","金和网络-金和OA","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.jinher.com/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入,命令执行","Jinhe OA C6/Control/GetSqlData.aspx/.ashx file SQL injection vulnerability","Jinhe Network is a professional information service provider. It provides Internet + supervision solutions for urban supervision departments, and provides services such as organizational collaboration OA system development platform, e-government integration platform, and smart e-commerce platform for enterprises and institutions.In addition to using SQL injection vulnerabilities to obtain information in the database (for example, administrator background passwords, site user personal information), attackers can even write Trojan horses into the server under high-privilege conditions to further obtain server system permissions.","Jinher-OA","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.jinher.com/2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","SQL Injection,Command Execution","","title=""金和协同管理平台"" || body=""js/PasswordCommon.js"" || body=""js/PasswordNew.js"" || body=""Jinher Network"" || (body=""c6/Jhsoft.Web.login"" && body=""CloseWindowNoAsk"") || header=""Path=/jc6"" || (body=""JC6金和协同管理平台"" && body=""src=\""/jc6/platform/"") || body=""window.location = \""JHSoft.MobileApp/Default.htm\"";"" || banner=""Path=/jc6""","777","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"汉得 SRM tomcat.jsp 权限绕过漏洞","汉得 SRM 云是面向企业采购流程信息化建设的完整解决方案。基于汉得供应商关系管理体系在战略寻源与集中采购、供应链协同和优益采购三大采购管理领域的成功实践,形成了深度契合业务实体的三项组件级解决方案。汉得 SRM tomcat.jsp 权限绕过漏洞控制整个系统,最终导致系统处于极度不安全状态。","汉得SRM云平台(Going-Link)","汉得 SRM tomcat.jsp 权限绕过漏洞控制整个系统,最终导致系统处于极度不安全状态。","1、官方未修复该漏洞,请用户联系厂商修复漏洞:https://www.hand-china.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","权限绕过","Hande SRM tomcat.jsp permission bypass vulnerability","Hande SRM Cloud is a complete solution for the information construction of enterprise procurement process. Based on the successful practice of the HAND supplier relationship management system in the three major procurement management areas of strategic sourcing and centralized procurement, supply chain collaboration and preferential procurement, three component-level solutions that deeply fit business entities have been formed.The Hande SRM tomcat.jsp authority bypasses the vulnerability to control the entire system, which ultimately leads to an extremely insecure state of the system.","Han-SRM-Cloud-Platform-(Going-Link)","The Hande SRM tomcat.jsp authority bypasses the vulnerability to control the entire system, which ultimately leads to an extremely insecure state of the system.","1. The official has not fixed the vulnerability, please contact the manufacturer to fix the vulnerability: https://www.hand-china.com/2. Set access policies through security devices such as firewalls, and set whitelist access.3. If it is not necessary, the public network is prohibited from accessing the system.","Permission Bypass","","title=""汉得SRM云平台"" || title=""汉得SRM云平台(Going-Link)""","123","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"腾讯企业微信 gateway/agentinfo 接口信息泄漏漏洞","腾讯企业微信是一款专注于企业通信和协作的即时通讯工具,提供了企业内部聊天、文件共享、日程管理、在线会议等功能,帮助企业高效沟通和协同工作。腾讯企业微信存在信息泄露漏洞,攻击者通过构造特殊URL地址,读取系统敏感信息。","Tencent-企业微信","腾讯企业微信存在信息泄露漏洞,攻击者通过构造特殊 URL 地址,读取系统敏感信息。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:https://security.tencent.com/qywx。2、通过防火墙等安全设备设置访问策略,设置白名单访问。 3、如非必要,禁止公网访问该系统。","信息泄露","Tencent WeCom gateway/agentinfo api Information Disclosure Vulnerability","Tencent WeCom is an instant messaging tool that focuses on enterprise communication and collaboration, providing functions such as internal chatting, file sharing, schedule management, and online meetings to help enterprises communicate and collaborate efficiently. Tencent WeCom has an information leakage vulnerability, where attackers can read sensitive system information by constructing special URL addresses.","Tencent-Ent-WeChat"," Tencent WeCom has an information leakage vulnerability, where attackers can read sensitive system information by constructing special URL addresses.","1. The official has fixed this vulnerability. Please contact the manufacturer to fix the vulnerability: https://security.tencent.com/qywx.2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Information Disclosure","","title==""企业微信"" || body=""<a class=\""index_foot_nav_item_link\"" href=\""/wework_admin/eula""","4703","8.0","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"LiveBos ShowImage.do 文件 imgName 参数读取漏洞","LiveBOS(简称LiveBOS)是顶点软件股份有限公司开发的一个对象型业务架构中间件及其集成开发工具。它以业务模型建立为中心,直接完成软件开发的创新软件开发模式。适合于各类基于WEB的专业应用软件与行业大型应用的开发。攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","apex-LiveBPM","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方暂已修复该漏洞,请用户联系厂商修复漏洞:https://www.livebos.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","LiveBos ShowImage.do file imgName parameter reading vulnerability","LiveBOS (LiveBOS for short) is an object-based business architecture middleware and its integrated development tool developed by Vertex Software Co., Ltd. It centers on the establishment of business models and directly completes the innovative software development mode of software development. It is suitable for the development of various WEB-based professional application software and large-scale industry applications.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., making the website extremely insecure.","apex-LiveBPM","Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","1. The official has temporarily fixed the vulnerability, please contact the manufacturer to fix the vulnerability: https://www.livebos.com/2. Set access policies through security devices such as firewalls, and set whitelist access.3. If it is not necessary, the public network is prohibited from accessing the system.","File Read",""," body=""LiveBos"" || body=""/react/browser/loginBackground.png""","839","8.0","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"广联达 OA GetIMDictionary SQL 注入漏洞","广联达 OA 由广联达科技股份有限公司开发,广联达科技股份有限公司为客户提供建筑全生命周期的数字化解决方案等。当下广联达 OA 存在 SQL 注入漏洞,攻击者可利用该漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息),进一步获取服务器系统权限。","广联达OA","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,存在可能进一步获取服务器系统权限。","1、对存在漏洞的参数进行严格的传入过滤。2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","Glodon OA GetIMDictionary SQL Injection Vulnerability","Glodon OA was developed by GLOdon Technology Co., LTD. Glodon Technology Co., Ltd. provides customers with digital solutions for the whole life cycle of buildings.At present, there is an SQL injection vulnerability in Glodon OA. Attackers can use this vulnerability to obtain information in the database (such as administrator background password and site user personal information) and further obtain server system permissions.","广联达OA","In addition to using SQL injection vulnerability to obtain information in the database (for example, administrator background password, site user personal information), attackers can further obtain server system permissions.","1. Strict incoming filtering of parameters with loopholes.2. Deploy the Web application firewall to monitor database operations.3. Disable public network access to the system if necessary.","SQL Injection","","body=""GTPTDT.ASPX""","12867","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"金盘微信管理平台 getsysteminfo 信息泄漏漏洞","金盘微信管理平台是北京金盘鹏图软件技术有限公司研发的一款微信公众号管理平台。金盘微信管理平台 getsysteminfo 存在信息泄漏,攻击者可通过该漏洞窃取系统管理权限口令并控制系统。","微信管理后台","金盘微信管理平台 getsysteminfo 存在信息泄漏,攻击者可通过该漏洞窃取系统管理权限口令并控制系统。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:http://www.goldlib.com.cn/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","信息泄露","Jinpan WeChat management platform getsysteminfo information leakage vulnerability","Jinpan WeChat management platform is a WeChat public account management platform developed by Beijing Jinpan Pengtu Software Technology Co., Ltd.There is an information leak in the Jinpan WeChat management platform getsysteminfo. Attackers can use this vulnerability to steal system management authority passwords and control the system.","WeChat-Management-Background","There is an information leak in the Jinpan WeChat management platform getsysteminfo. Attackers can use this vulnerability to steal system management authority passwords and control the system.","1. The official has fixed the vulnerability, please contact the manufacturer to fix the vulnerability: http://www.goldlib.com.cn/2. Set access policies through security devices such as firewalls, and set whitelist access.3. If it is not necessary, the public network is prohibited from accessing the system.","Information Disclosure","","body=""weichatcfgcontroller.js"" || title=""微信管理后台""","1098","8.5","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"明源云 ERP ApiUpdate.ashx 文件上传漏洞","明源云 ERP 是一套以房地产信息化为核心的解决方案。明源云 ERP 存在任意文件上传漏洞,攻击者通过构造恶意数据包,导致系统被攻击与控制。","明源云-ERP","攻击者可通过该漏洞在服务器端上传文件,执行代码,写入后门,获取服务器权限,进而控制整个 web 服务器。","目前没有详细的解决方案提供,请关注厂商主页更新:http://www.myunke.com/临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件上传","Mingyuan cloud ERP ApiUpdate.ashx file upload vulnerability","Mingyuan Cloud ERP is a set of solutions with real estate informatization as the core.There is a file upload vulnerability in Mingyuan Cloud ERP. Attackers construct malicious data packets, causing the system to be attacked and controlled.","Mingyuan-Yun-ERP","Attackers can use this vulnerability to upload files, execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: http://www.myunke.com/Temporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","File Upload","","body=""hibot.js"" || body="".hibot"" || body=""f96699bbadafca894f3c1b7a"" || title=""明源云ERP"" || (body="" window.location.replace('/_base/Home/Error/browser.html?enablemip=0');"" && body=""深圳市明源云科技有限公司"")","15585","9.8","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"Weaver OA weaver.common.Ctrl","Weaver OA is a platform which t by Shanghai Weaver Network Co., LTD.Users can read and deal with workflow、news、contacts and other kinds of information of OA. Upload vulnerability exists of '/weaver/weaver.common.Ctrl/.css'","Weaver","An attacker can exploit this vulnerability to cause remote code execution","An official patch has been released to fix this vulnerability. Affected users can also take the following protective measures for temporary protection against this vulnerability.","RCE","Weaver OA weaver.common.Ctrl","Weaver OA is a platform which t by Shanghai Weaver Network Co., LTD.Users can read and deal with workflow、news、contacts and other kinds of information of OA. Upload vulnerability exists of '/weaver/weaver.common.Ctrl/.css'","Weaver","An attacker can exploit this vulnerability to cause remote code execution","An official patch has been released to fix this vulnerability. Affected users can also take the following protective measures for temporary protection against this vulnerability.","RCE","","product=""Weaver-OA"" || app=""Wild - collaborative office OA""","0","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友 NC bsh.servlet.BshServlet 远程代码执行漏洞","用友NC是面向集团企业的世界级高端管理软件。用友NC存在命令执行漏洞,攻击者可利用该漏洞获取服务器权限。","用友-NC-Cloud","攻击者可以通过精心构造的请求包对受影响的用友 NC 版本执行远程代码执行。","厂商已提供漏洞修补方案,补丁下载地址: http://umc.yonyou.com/ump/querypatchdetailedmng?PK=18981c7af483007db179a236016f594d37c01f22aa5f5d19","代码执行","Yongyou NC bsh.servlet.BshServlet Remote Code Execution Vulnerability","A command execution vulnerability exists in Yongyou NC.Which can be exploited by attackers to obtain server privileges.","yonyou-NC-Cloud","Which can be exploited by attackers to obtain server privileges.","The vendor has provided a vulnerability patch. You can download the patch from the following URL: http://umc.yonyou.com/ump/querypatchdetailedmng?PK=18981c7af483007db179a236016f594d37c01f22aa5f5d19","Code Execution","","((((body=""UFIDA"" && body=""logo/images/"") || body=""logo/images/ufida_nc.png"" || title=""Yonyou NC"" || body=""<div id=\""nc_text\"">"" || body=""<div id=\""nc_img\"" onmouseover=\""overImage('nc');"") && body!=""couchdb"" && body!=""drupal"") || (title==""产品登录界面"" && body=""UFIDA NC"") || (title=""powered by UFIDA"" && body=""/activity/testsupport.php"" && title=""用友""))","9515","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"泛微E-Mobile login.do Struts2 命令执行漏洞","'E-Mobile'是上海维沃网络有限公司开发的一个平台。用户可以通过维沃的“E-Mobile”平台在手机上阅读和处理OA的工作流、新闻、联系人等各类信息。 满足使用Weaver OA系统处理移动办公信息的需求。","泛微E-Mobile","黑客可在服务器上执行任意命令,写入后门,从而入侵服务器,获取服务器的管理员权限,危害巨大。","1、严格过滤用户输入的数据,禁止执行系统命令。官方已发布补丁修复此漏洞。 受影响的用户还可以采取以下防护措施,针对该漏洞进行临时防护。","命令执行","Weaver-EMobile login.do Struts2 RCE","'E-Mobile' is a platform which t by Shanghai Weaver Network Co., LTD.Users can read and deal with workflow、news、contacts and other kinds of information of OA by Weaver’s “E-Mobile” plarform on mobile.It can meet the needs of those who use Weaver’s OA System to deal with the information on Mobile Office","Weaver","Weaver-EMobile login.do Struts2 RCE","An official patch has been released to fix this vulnerability. Affected users can also take the following protective measures for temporary protection against this vulnerability.","Command Execution","","(body=""content=\""Weaver E-mobile\"""" || (body=""E-Mobile "" && body=""action=\""/verifyLogin.do"") || body=""/images/login_logo@2x.png"" || (body=""window.apiprifix = \""/emp\"";"" && title=""移动管理平台""))","39789","","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Smartbi smartbi/vision/RMIServlet 接口权限绕过漏洞","Smartbi 是企业级商业智能应用平台,已经过多年的持续发展,凝聚了多年的商业智能最佳实践经验,整合了各行业的数据分析和决策支持的功能需求。满足最终用户在企业级报表、数据可视化分析、自助探索分析、数据挖掘建模、AI 智能分析等大数据分析需求。攻击者通过利用权限绕过漏洞,突破原有权限限制,获得管理员或更高权限,从而能够执行核心操作。","SMARTBI","攻击者通过利用权限绕过漏洞,突破原有权限限制,获得管理员或更高权限,从而能够执行核心操作。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.smartbi.com.cn/patchinfo","权限绕过","Smartbi smartbi/vision/RMIServlet interface permission bypass vulnerability","Smartbi is an enterprise-level business intelligence application platform. After years of continuous development, it has gathered years of best practice experience in business intelligence and integrated the functional requirements of data analysis and decision support in various industries. Meet end users' big data analysis needs in enterprise-level reports, data visualization analysis, self-service exploration analysis, data mining modeling, AI intelligent analysis, etc.The attacker bypasses the vulnerability by exploiting permissions, breaks through the original permission restrictions, and obtains administrator or higher permissions, so as to be able to perform core operations.","SMARTBI","The attacker bypasses the vulnerability by exploiting permissions, breaks through the original permission restrictions, and obtains administrator or higher permissions, so as to be able to perform core operations.","The vendor has released a bug fix, please pay attention to the update in time:https://www.smartbi.com.cn/patchinfo","Permission Bypass","","body=""gcfutil = jsloader.resolve('smartbi.gcf.gcfutil')""","315","8.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"亿赛通 DLP UploadFileFromClientServiceForClient 文件上传漏洞","亿赛通数据泄露防护系统是对用户泄密行为进行记录、告警、阻断,并对用户行为进行审计的平台。亿赛通数据泄露防护系统存在文件上传漏洞。","亿赛通-DLP","攻击者可直接上传 webshell 执行任意代码,控制服务器。","目前没有详细的解决方案提供,请关注厂商主页更新:http://www.esafenet.com临时修复方案:1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件上传","Esaiton DLP UploadFileFromClientServiceForClient file upload vulnerability","Easyton Data Leakage Protection System is a platform that records, warns, and blocks user leaks, and audits user behavior.There is a file upload vulnerability in the Easyton data leakage prevention system."," Easyton DLP","Attackers can directly upload a webshell to execute arbitrary code and control the server.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update: http://www.esafenet.comTemporary fix:1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","File Upload","","(title==""数据泄露防护(DLP)系统"" && body=""/CDGServer3/index.jsp"") || (body=""CDGServer3"" && body=""DLP"") || (body=""亿赛通数据脱敏系统"" && body=""mainBtnPanel"")","304","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"锐捷 NBR 路由器 fileupload.php 文件任意文件上传漏洞","锐捷nbr系列路由器,是使用国际先进控制技术,半导体技术和通信由福建星网锐捷网络有限公司开发的一个路由器,攻击者可以任意在服务器端代码执行漏洞,编写后门,让服务器权限,并控制web服务器。","锐捷 NBR 路由器","攻击者可以任意在服务器端代码执行漏洞,编写后门,让服务器权限,并控制web服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.ruijie.com.cn","文件上传","Ruijie NBR fileupload.php file File Upload Vulnerability","Sharp Czech n b r series router, is the use of international advanced control technology, semiconductor technology and communication by fujian starnet red-giant co., LTD., developed a router, the attacker can be arbitrary code execution on the server side by the vulnerability, write the back door, get the server permissions, and control the web server.","Ruijie NBR","Attackers can arbitrarily execute vulnerabilities in server-side code, write backdoors, give server permissions, and take control of web servers.","Vendor has released leaks fixes, please pay attention to update: https://www.ruijie.com.cn","File Upload","","body=""/resource/resource.php?a=c""","162928","10.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Cellinx NVT 摄像机 GetFileContent.cgi 任意文件读取漏洞 (CVE-2023-23063)","Cellinx NVT IP PTZ是韩国Cellinx公司的一个摄像机设备。Cellinx NVT v1.0.6.002b版本存在安全漏洞,该漏洞源于存在本地文件泄露漏洞,攻击者可读取系统密码等敏感信息。","Cellinx-NVT","Cellinx NVT v1.0.6.002b版本存在安全漏洞,该漏洞源于存在本地文件泄露漏洞,攻击者可读取系统密码等敏感信息。","1、对相关文件中传入的参数进行限制。2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","Cellinx NVT GetFileContent.cgi Arbitrary File Read Vulnerability (CVE-2023-23063)","Cellinx NVT IP PTZ is a camera device of Cellinx Corporation in South Korea.Cellinx NVT v1.0.6.002b version has a security vulnerability. The vulnerability is due to a local file disclosure vulnerability, which allows attackers to read sensitive information such as system passwords.","Cellinx-NVT","Cellinx NVT v1.0.6.002b version has a security vulnerability. The vulnerability is due to a local file disclosure vulnerability, which allows attackers to read sensitive information such as system passwords.","1. Limit the parameters passed in the relevant file.2. Set access policies and whitelist access through security devices such as firewalls.3. Disable public network access to the system if necessary.","File Read","CVE-2023-23063","body=""local/NVT-string.js""","864","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"三未信安 SRJ1909 设备默认密码漏洞","三未信安服务器密码机是由三未信安科技股份有限公司自主研发的高性能密码设备,可以满足应用系统数据的签名/验证、加密/解密的要求,保证传输信息的机密性、完整性和有效性,同时提供安全、完善的密钥管理机制,型号SRJ1909存在默认口令漏洞。攻击者可通过默认口令漏洞控制整个平台,使用管理员权限操作核心的功能。","三未信安SRJ1909密码机","SRJ1909密码机存在默认密码,攻击者可利用默认口令swxa@1234 登录系统后台,查看相关加密密钥以及日志流量。","1、目前没有详细的解决方案提供,请关注厂商主页更新:https://www.sansec.com.cn。2、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。3、如非必要,禁止公网访问该系统。 4、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","Sanwei Xin'an SRJ1909 device default password vulnerability","Sanwei Xinan server cipher machine is a high-performance cipher device independently developed by Sanwei Xinan Technology Co., Ltd. It can meet the requirements of signature/verification, encryption/decryption of application system data, ensure the confidentiality, integrity and validity of the transmitted information, and provide a safe and perfect key management mechanism. The model SRJ1909 has a default password.","sansec SRJ1909","SRJ1909 cipher machine has a default password, which can be used by attackers swxa@1234 Log in to the system background to view the relevant encryption keys and log traffic","1. There is no detailed solution available at present, please pay attention to the update of the manufacturer's homepage: https://www.sansec.com.cn.2. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers and special characters, etc., and the number of digits should be greater than 8.3. If it is not necessary, the public network is prohibited from accessing the system.4. Set access policies through security devices such as firewalls, and set whitelist access.","Default Password","","header=""sansec""&&body=""密码""","8","5.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"帮管客 CRM ajax_upload_chat 文件上传漏洞","帮管客CRM是一款集客户档案、销售记录、业务往来等功能于一体的客户管理系统。帮管客CRM ajax_upload_chat 存在文件上传漏洞,攻击者可利用该漏洞获取服务器权限。","帮管客CRM","攻击者可以通过该漏洞在网站上上传恶意文件,从而导致严重的安全风险。","1、厂商暂未发布漏洞补丁,请关注厂商主页及时获取更新:https://www.bgk100.com/。2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件上传","BgkCRM ajax_upload_chat File Upload Vulnerability","BgkCRM is a customer management system that integrates customer files, sales records, business transactions and other functions.BgkCRM ajax_ upload_ Chat has a file upload vulnerability, which can be exploited by an attacker to gain server privileges.","BgkCRM","Due to the lax filtering of the files uploaded by the file upload function in the code or the unfixed parsing vulnerability of the web server, the attacker can upload arbitrary files through the file upload point, including the website backdoor file (webshell) to control the entire website.","1.The manufacturer has not released a vulnerability patch yet. Please pay attention to the manufacturer's homepage for timely updates: https://www.bgk100.com/ .2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","File Upload","","(title=""用户登录"" && body=""/themes/default/js/jquery.code.js"") || header=""Set-Cookie: bgk_session=a%3A5"" || body=""<p id=\""admintips\"" >初始账号:admin"" || banner=""Set-Cookie: bgk_session=a%3A5""","5237","9.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E5%B8%AE%E7%AE%A1%E5%AE%A2-CRM-ajax_upload_chat-%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E-ev2mbzig.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"帮管客 CRM 敏感信息泄露漏洞","帮管客 CRM 是一款集客户档案、销售记录、业务往来等功能于一体的客户管理系统。帮管客 CRM 存在敏感信息泄露漏洞,攻击者通过构造特殊URL地址,读取系统敏感信息。","帮管客-CRM","帮管客 CRM 存在敏感信息泄露漏洞,攻击者通过构造特殊URL地址,读取系统敏感信息。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.bgk100.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","信息泄露","BGK CRM Sensitive Information Disclosure Vulnerability","BGK CRM is a customer management system that integrates customer files, sales records, business contacts and other functions.There is a sensitive information leakage vulnerability in the BGK CRM. Attackers can read sensitive system information by constructing a special URL address.","BANGGUANKE-CRM","The attacker reads the sensitive information of the system by constructing a special URL address.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://www.bgk100.com/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Information Disclosure","","body=""/themes/default/css/llq.css""","3256","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"泛微-协同办公 OA browser.jsp 文件 keyword 参数 SQL 注入漏洞","泛微OA办公系统也称为泛微协同办公系统,是一款以简单、适用、高效为原则打造的优质OA办公系统,该软件内置流程、门户、知识、人事、沟通的20多个功能模块,并采用智能语音交互办公模式,能够完美贴合企业实际需求,为企业打通全程数字化管理。其中 browser.jsp 文件存在SQL注入漏洞,攻击者通过漏洞可以获取数据库敏感信息。","泛微-协同办公OA","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","厂商已发布漏洞修复程序,请及时关注更新:https://www.weaver.com.cn","SQL注入","Weaver e-cology OA browser.jsp keyword SQL Injection Vulnerability","Weaver e-cology OA, also known as Ubiq Collaborative office system, is a high-quality office system built on the principle of simplicity, application and efficiency. The software has more than 20 functional modules including process, portal, knowledge, personnel and communication, and adopts intelligent voice interactive office mode, which can perfectly fit the actual needs of enterprises and open up the whole digital management for enterprisesThe browser.jsp file has the s q l injection vulnerability, through which the attacker can obtain sensitive database information.","Weaver-OA","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","The vendor has released a bug fix, please pay attention to the update in time: https://www.weaver.com.cn/","SQL Injection","","header=""testBanCookie"" || banner=""testBanCookie"" || body=""/wui/common/css/w7OVFont.css"" || (body=""typeof poppedWindow"" && body=""client/jquery.client_wev8.js"") || body=""/theme/ecology8/jquery/js/zDialog_wev8.js"" || body=""ecology8/lang/weaver_lang_7_wev8.js""","102261","7.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Frappe-Framework 框架默认口令漏洞","Frappe 是一个低代码框架。Frappe Framework 存在默认口令 Administrator:admin。攻击者可通过默认口令漏洞控制整个平台,使用管理员权限操作核心的功能。","Frappe-Framework","攻击者可通过默认口令漏洞控制整个平台,使用管理员权限操作核心的功能。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","Frappe-Framework default password vulnerability","Frappe is a low code framework. The default password Administrator: admin exists in the Frappe Framework.An attacker can control the entire platform through the default password vulnerability, and operate the core functions with administrator privileges.","Frappe-Framework","An attacker can control the entire platform through the default password vulnerability, and operate the core functions with administrator privileges.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, special characters, and more than 8 digits.2. If not necessary, the public network is prohibited from accessing the system.3. Set access policy and whitelist access through firewall and other security devices.","Default Password","","body=""<meta name=\""generator\"" content=\""frappe"" || body=""frappe.ready_events.push(fn);"" || header=""Link: </assets/frappe/js/lib/jquery/jquery.min.js"" || header=""</assets/frappe/dist/js/frappe-web.bundle.7XJQJMPF.js""","49139","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"enjoyscm 供应链管理系统 UploadFile 任意文件上传漏洞","enjoyscm是国内部分超市使用的一种供应链管理系统。enjoyscm UploadFile 存在任意文件上传漏洞,攻击者可上传恶意木马获取服务器权限。","enjoyscm","enjoyscm UploadFile 存在任意文件上传漏洞,攻击者可上传恶意木马获取服务器权限。","1、目前厂商已发布安全补丁,请及时更新:http://www.enjoyit.com.cn/。2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件上传","enjoyscm UploadFile Arbitrary File Upload Vulnerability","enjoyscm is a supply chain management system used by some domestic supermarkets.There is an arbitrary file upload vulnerability in enjoyscm UploadFile, attackers can upload malicious Trojan horses to obtain server permissions.","enjoyscm","There is an arbitrary file upload vulnerability in enjoyscm UploadFile, attackers can upload malicious Trojan horses to obtain server permissions.","1, at present, the vendor has released security patches, please update: http://www.enjoyit.com.cn/.2. Set access policies and whitelist access through security devices such as firewalls.3. Disable public network access to the system if necessary.","File Upload","","body=""供应商网上服务厅""","869","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Cellinx NVT 摄像机 UAC.cgi 未授权访问漏洞","Cellinx NVT IP PTZ 是韩国 Cellinx 公司的一个摄像机设备。Cellinx NVT UAC.cgi 存在未授权访问漏洞,攻击者可执行获取配置敏感信息和添加管理用户等操作,导致攻击者可以通过添加的管理账户登入摄像机后台,查看摄像机实时画面,控制设备。","Cellinx-NVT","Cellinx NVT UAC.cgi 存在未授权访问漏洞,攻击者可执行获取配置敏感信息和添加管理用户等操作,导致攻击者可以通过添加的管理账户登入摄像机后台,查看摄像机实时画面,控制设备。","1、对传入的数据进行严格过滤,防止通过数据包形式创建用户。2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","未授权访问","Cellinx NVT UAC.cgi Unauthorized Access Vulnerability","The Cellinx NVT IP PTZ is a camera device made by the South Korean company Cellinx.The unauthorized access vulnerability in Cellinx NVT UAC.cgi allows an attacker to obtain sensitive configuration information and add management users. As a result, the attacker can log in to the camera background through the added management account, view the real-time camera screen, and control the device.","Cellinx-NVT","The unauthorized access vulnerability in Cellinx NVT UAC.cgi allows an attacker to obtain sensitive configuration information and add management users. As a result, the attacker can log in to the camera background through the added management account, view the real-time camera screen, and control the device.","1, the incoming data is strictly filtered to prevent the creation of users through the form of packets.2. Set access policies and whitelist access through security devices such as firewalls.3. Disable public network access to the system if necessary.","Unauthorized Access","","body=""local/NVT-string.js""","863","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Cellinx NVT 摄像机 SetFileContent.cgi 文件 PATH 参数任意文件创建漏洞(CVE-2020-28250)","Cellinx NVT IP PTZ 是韩国 Cellinx 公司的一个摄像机设备。Cellinx NVT 5.0.0.014b.test 2019-09-05版本存在安全漏洞,攻击者可通过 SetFileContent.cgi 创建和写入任意文件,如覆盖 /etc/passwd 等获取服务器权限。","Cellinx-NVT","Cellinx NVT 5.0.0.014b.test 2019-09-05版本存在安全漏洞,攻击者可通过 SetFileContent.cgi 创建和写入任意文件,如覆盖 /etc/passwd 等获取服务器权限。","1、目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:https://www.ispyconnect.com/camera/cellinx。2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件创建","Cellinx NVT camera SetFileContent.cgi file PATH parameter Arbitrary file creation vulnerability (CVE-2020-28250)","The Cellinx NVT IP PTZ is a camera device made by the South Korean company Cellinx.Cellinx NVT 5.0.0.014 B.EST 2019-09-05 has a security vulnerability that allows an attacker to create and write arbitrary files through SetFileContent.cgi, such as overwriting /etc/passwd, to obtain server permissions.","Cellinx-NVT","Cellinx NVT 5.0.0.014 B.EST 2019-09-05 has a security vulnerability that allows an attacker to create and write arbitrary files through SetFileContent.cgi, such as overwriting /etc/passwd, to obtain server permissions.","1, the current manufacturer temporarily not repair measures to solve the security problem, it is recommended to use this software users pay close attention to manufacturer's home page or reference web site at any time to get a solution: https://www.ispyconnect.com/camera/cellinx.2. Set access policies and whitelist access through security devices such as firewalls.3. Disable public network access to the system if necessary.","File Creation","CVE-2020-28250","body=""local/NVT-string.js""","864","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"大华智慧园区综合管理平台 searchJson SQL 注入漏洞","大华智慧园区综合管理平台是通用性公共建筑物提供安全和高效管理而打造的智慧园区综合管理平台,通过融合大华在安防和智能化领域的经验和前沿技术,集成视频,门禁、报警,停车场,考勤,访客,可视对讲,信息发布等多个业务子系统,为客户提供一套集成、高效、开放、灵活可扩展的平台软件产品,形成面向“公共管理、基础配套、经济发展、生态保护、安全保障、社会服务”六大领域的综合安防解决方案。大华智慧园区综合管理平台存在sql注入漏洞,攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","dahua-智慧园区综合管理平台","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.dahuatech.com/cases/info/76.html","SQL注入","Dahua Smart Park Integrated Management Platform searchJson SQL injection vulnerability","Dahua Smart Park Integrated Management Platform is a comprehensive management platform for smart parks built to provide security and efficient management of general public buildings. By integrating Dahua’s experience and cutting-edge technologies in the field of security and intelligence, it integrates video, access control, alarm, parking lot, attendance, visitor, video intercom, information release and other business subsystems to provide customers with a set of integrated, efficient, open, flexible and scalable platform software products, forming a comprehensive security solution for the six major areas of ""public management, infrastructure, economic development, ecological protection, security, and social services"".There is a sql injection vulnerability in the comprehensive management platform of Dahua Smart Park. In addition to using the SQL injection vulnerability to obtain information in the database (for example, administrator background passwords, personal information of site users), attackers can even write Trojan horses into the server under high-privilege conditions to further obtain server system permissions.","dahua-Smart-Park-GMP","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","The manufacturer has released a bug fix, please pay attention to the update in time: https://www.dahuatech.com/cases/info/76.html","SQL Injection","","body=""src=\""/WPMS/asset/common/js/jsencrypt.min.js\""""","5415","8.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"大华智慧园区综合管理平台 source/publishing/publishing/material/file/video 文件上传漏洞","大华智慧园区综合管理平台 通用性公共建筑物提供安全和高效管理而打造的智慧园区综合管理平台,通过融合大华在安防和智能化领域的经验和前沿技术,集成视频,门禁、报警,停车场,考勤,访客,可视对讲,信息发布等多个业务子系统,为客户提供一套集成、高效、开放、灵活可扩展的平台软件产品,形成面向“公共管理、基础配套、经济发展、生态保护、安全保障、社会服务”六大领域的综合安防解决方案。大华 智慧园区系统 /publishing/ 存在文件上传漏洞,导致服务器被控制。","dahua-智慧园区综合管理平台","浙江大华技术股份有限公司智慧园区综合管理平台存在文件上传漏洞,攻击者可以通过上传特定构造文件,利用该漏洞获取服务器权限。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.dahuatech.com/cases/info/76.html","文件上传","Dahua Smart Park Integrated Management Platform source/publishing/publishing/material/file/video File Upload Vulnerability","Dahua Smart Park Comprehensive Management Platform The smart park comprehensive management platform is built to provide safe and efficient management for common public buildings. By integrating Dahua’s experience and cutting-edge technologies in the field of security and intelligence, it integrates video, access control, alarm, and parking Field, attendance, visitor, video intercom, information release and other business subsystems, providing customers with a set of integrated, efficient, open, flexible and scalable platform software products, forming a ""public management, infrastructure, economic development Comprehensive security solutions in the six major areas of , ecological protection, security, and social services.There is a file upload vulnerability in the Dahua Smart Park system /publishing/, which leads to the server being controlled.","dahua-Smart-Park-GMP","There is a file upload vulnerability in the comprehensive management platform of the smart park of Zhejiang Dahua Technology Co., Ltd. An attacker can use this vulnerability to obtain server permissions by uploading a specific configuration file.","The vendor has released a bug fix, please pay attention to the update in time:https://www.dahuatech.com/cases/info/76.html","File Upload","","body=""src=\""/WPMS/asset/common/js/jsencrypt.min.js\""""","5420","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"SolarView Compact downloader.php 任意命令执行漏洞(CVE-2023-23333)","Contec SolarView Compact是日本Contec公司的一个应用系统,提供光伏发电测量系统。SolarView Compact 6.00以下存在命令注入漏洞,攻击者可以通过downloader.php绕过内部限制执行命令。.","SolarView-Compact","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.contec.com/cn2、通过防火墙等安全设备设置访问策略,设置白名单访问。 3、如非必要,禁止公网访问该系统。","命令执行","SolarView Compact downloader.php RCE (CVE-2023-23333)","There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.","SolarView-Compact","Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage updatehttps://www.contec.com/2. Set access policies and whitelist access through security devices such as firewalls. 3. If not necessary, prohibit public network access to the system.","Command Execution","CVE-2023-23333","body=""SolarView Compact""","4941","10.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/SolarView-Compact-downloader.php-%E4%BB%BB%E6%84%8F%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2023-23333%EF%BC%89-3rvzxegv.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"EMERSON-XWEB-EVO upload.cgi 文件 path 参数目录遍历漏洞(CVE-2021-45427)","Emerson XWEB 300D EVO是美国Emerson公司的一款节能空调。Emerson XWEB 300D EVO 3.0.7--3ee403 存在目录遍历漏洞(CVE-2021-45427)。攻击者可能通过浏览目录结构,访问到某些隐秘文件包括配置文件、日志、源代码等,配合其它漏洞的综合利用,攻击者可以轻易的获取更高的权限。","EMERSON-XWEB-EVO","攻击者可能通过浏览目录结构,访问到某些隐秘文件包括配置文件、日志、源代码等,配合其它漏洞的综合利用,攻击者可以轻易的获取更高的权限。","厂商已发布了漏洞修复程序,请及时关注更新:https://drive.google.com/file/d/1IN7p9OKRgdszMVC1TKuZQDa4ySCPmQzO/view?usp=sharing","目录遍历","EMERSON-XWEB-EVO upload.cgi path Directory Traversal Vulnerability (CVE-2021-45427)","Emerson XWEB 300D EVO is an energy-saving air conditioner of Emerson Company in the United States.Emerson XWEB 300D EVO 3.0.7 -- 3ee403 has a directory traversal vulnerability (CVE-2021-45427). An attacker may access some secret files including configuration files, logs, source codes, etc. by browsing the directory structure. With the comprehensive utilization of other vulnerabilities, the attacker can easily obtain higher permissions.","EMERSON-XWEB-EVO","Emerson XWEB 300D EVO is an energy-saving air conditioner of Emerson Company in the United States.Emerson XWEB 300D EVO 3.0.7 -- 3ee403 has a directory traversal vulnerability (CVE-2021-45427). An attacker may access some secret files including configuration files, logs, source codes, etc. by browsing the directory structure. With the comprehensive utilization of other vulnerabilities, the attacker can easily obtain higher permissions.","The manufacturer has released a vulnerability fix, please pay attention to the update in time: https://drive.google.com/file/d/1IN7p9OKRgdszMVC1TKuZQDa4ySCPmQzO/view?usp=sharing","Directory Traversal","CVE-2021-45427","body=""src=\""img/xweb-logo.png\"""" || body=""src=\""/css/images/Logo_XWEB_alpha.png""","15849","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Acmailer 邮件系统 init_ctl.cgi 文件 sendmail_path 参数远程命令执行漏洞(CVE-2021-20617)","Acmailer 是一款用于支持邮件服务的CGI软件。Acmailer 4.0.2版本及之前版本存在安全漏洞,该漏洞源于 init_ctl.cgi 没有严格校验输入参数,攻击者可执行任意命令获取服务器权限。","acmailer-邮件系统","Acmailer 4.0.2 版本及之前版本存在安全漏洞,该漏洞源于 init_ctl.cg i没有严格校验输入参数,攻击者可执行任意命令获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://www.acmailer.jp/info/de.cgi?id=98","命令执行","Acmailer init_ctl.cgi sendmail_path Remote Command Execution Vulnerability (CVE-2021-20617)","Acmailer is a CGI software used to support mail services.Acmailer 4.0.2 and earlier versions have a security vulnerability. The vulnerability is due to the fact that init_ctl.cgi does not strictly verify input parameters, and attackers can execute arbitrary commands to obtain server permissions.","acmailer","Acmailer 4.0.2 and earlier versions have a security vulnerability. The vulnerability is due to the fact that init_ctl.cgi does not strictly verify input parameters, and attackers can execute arbitrary commands to obtain server permissions.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://www.acmailer.jp/info/de.cgi?id=98","Command Execution","CVE-2021-20617","body=""CGI acmailer""","557","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Acmailer 邮件系统 enq_form.cgi 认证绕过漏洞(CVE-2021-20618)","Acmailer 是一款用于支持邮件服务的CGI软件。Acmailer 4.0.2 版本及之前版本存在安全漏洞,该漏洞允许远程攻击者绕过身份验证,获得管理权限进一步控制系统。","acmailer-邮件系统","Acmailer 4.0.2 版本及之前版本存在安全漏洞,该漏洞允许远程攻击者绕过身份验证,获得管理权限进一步控制系统。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://www.acmailer.jp/info/de.cgi?id=98","权限绕过","Acmailer enq_form.cgi Authentication Bypass Vulnerability (CVE-2021-20618)","Acmailer is a CGI software used to support mail services.Acmailer 4.0.2 and earlier versions have security vulnerabilities, which allow remote attackers to bypass authentication and gain administrative privileges.","acmailer","Acmailer 4.0.2 and earlier versions have security vulnerabilities, which allow remote attackers to bypass authentication and gain administrative privileges.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://www.acmailer.jp/info/de.cgi?id=98","Permission Bypass","CVE-2021-20618","body=""CGI acmailer""","552","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Frappe-Framework 框架 frappe.core.doctype.data_import.data_import.get_preview_from_template 文件 import_file 参数任意文件读取漏洞(CVE-2022-41712)","Frappe Framework 是印度Frappe Technologies公司的一个基于Python、Mariadb的并集成前端页面的Web开发框架。Frappe Framework 14.10.0版本存在任意文件读取漏洞。攻击者可通过该漏洞读取泄露源码、数据库配置文件等等,导致网站处于极度不安全状态。 ","Frappe-Framework","攻击者可通过该漏洞读取泄露源码、数据库配置文件等等,导致网站处于极度不安全状态。 ","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/frappe/frappe/releases/tag/v14.12.0","文件读取","Frappe Framework frappe.core.doctype.data_import.data_import.get_preview_from_template import_file Arbitrary File Read Vulnerability (CVE-2022-41712)","Frappe Framework is a web development framework based on Python and Mariadb and integrated with front-end pages of Frappe Technologies in India.Frappe Framework version 14.10.0 has an arbitrary file read vulnerability. An attacker can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in the extremely insecure state of the website.","Frappe Framework","An attacker can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in the extremely insecure state of the website.","At present, the manufacturer has issued an upgrade patch to fix the vulnerability. The patch access link is:https://github.com/frappe/frappe/releases/tag/v14.12.0","File Read","CVE-2022-41712","body=""<meta name=\""generator\"" content=\""frappe"" || body=""frappe.ready_events.push(fn);"" || header=""Link: </assets/frappe/js/lib/jquery/jquery.min.js"" || header=""</assets/frappe/dist/js/frappe-web.bundle.7XJQJMPF.js""","48857","6.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Netgear 多款设备 boardDataWW.php 文件命令执行漏洞","Netgear是全球领先的企业网络解决方案,及数字家庭网络应用倡导者。Netgear多款设备存在验证绕过漏洞,攻击者利用漏洞可在未验证的网页直接传递输入命令行,发起命令注入攻击。","NETGEAR","Netgear是全球领先的企业网络解决方案,及数字家庭网络应用倡导者。Netgear多款设备存在验证绕过漏洞,攻击者利用漏洞可在未验证的网页直接传递输入命令行,发起命令注入攻击。","1、如非必要,禁止公网访问该系统。2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、厂商已发布了漏洞修复程序,请及时关注更新:https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic","命令执行","Netgear Devices boardDataWW.php Unauthenticated Remote Command Execution","(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.","NETGEAR","(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.","1. If it is not necessary, it is forbidden to access the system from the public network.2. Set access policies and whitelist access through security devices such as firewalls.3. The manufacturer has released a bug fix, please pay attention to the update in time:https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic","Command Execution","CVE-2016-1555","title==""Netgear""","0","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Netgear-%E5%A4%9A%E6%AC%BE%E8%AE%BE%E5%A4%87-boardDataWW.php-%E6%96%87%E4%BB%B6%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E-5cv20whs.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Metabase JDBC 远程代码执行漏洞(CVE-2023-38646)","Metabase是一个开源的数据分析和可视化工具,它可以帮助用户轻松地连接到各种数据源,包括数据库、云服务和API,然后使用直观的界面进行数据查询、分析和可视化。Metabase 存在远程代码执行漏洞,可导致攻击者在服务器上以运行 Metabase 服务器的权限执行任意代码。","Metabase","Metabase 存在远程代码执行漏洞,可导致攻击者在服务器上以运行 Metabase 服务器的权限执行任意代码。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.metabase.com/blog/security-advisory","代码执行","Metabase JDBC Remote Code Execution Vulnerability (CVE-2023-38646)","Metabase is an open source data analysis and visualization tool that helps users easily connect to various data sources, including databases, cloud services, and APIs, and then use an intuitive interface for data query, analysis, and visualization.A remote code execution vulnerability exists in Metabase that could allow an attacker to execute arbitrary code on a server running with Metabase server privileges.","Metabase","A remote code execution vulnerability exists in Metabase that could allow an attacker to execute arbitrary code on a server running with Metabase server privileges.","The manufacturer has released a bug fix, please pay attention to the update in time: https://www.metabase.com/blog/security-advisory","Code Execution","CVE-2023-38646","title==""Metabase"" || ((body=""<script type=\""application/json\"" id=\""_metabaseBootstrap\"">"" || body=""window.MetabaseLocalization = JSON.parse(document.getElementById(\""_metabaseLocalization\"").textContent);"") && body=""window.MetabaseRoot = actualRoot;"")","66604","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/CVE-2023-38646-gnmsvgeo.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Adobe ColdFusion 远程代码执行漏洞(CVE-2023-38203)","Adobe ColdFusion 是 Adobe 公司开发的用于 Web 应用程序开发的商业应用程序服务器。攻击者可向 ColdFusion 服务器发送不受信任的序列化数据并触发反序列化,从而执行任意代码。","Adobe-ColdFusion","攻击者可通过该漏洞在服务器端任意执行代码,获取服务器权限,进而控制整个web服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://helpx.adobe.com/ColdFusion/kb/coldfusion-2023-update-html","代码执行","Adobe Coldfusion remote code execution vulnerability (CVE-2023-38203)","Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code.","Adobe-ColdFusion","The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server.","The manufacturer has released the vulnerability repair process, please pay attention to the update in time: https://helpx.adobe.com/ColdFusion/kb/coldfusion-2023-update-html","Code Execution","CVE-2023-38023","(body=""crossdomain.xml"" && body=""CFIDE"") || (body=""#000808"" && body=""#e7e7e7"")","3740","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/CVE-2023-38203-yzpxexma.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"深信服上网优化管理系统 catjs.php 文件读取漏洞","深信服上网优化管理系统无需调整网络部署,支持以网桥模式透明串接在组织网络中;同时内网用户无视任何变动,保持原有上网习惯即可直接上网、立即加速,使所有的数据中心、链路和服务器都得到充分利用。其中 catjs.php 文件存在任意文件读取漏洞,攻击者通过漏洞可以下载服务器中的任意文件,泄漏服务器敏感信息。","SANGFOR-IOMS","攻击者可通过该漏洞读取服务器重要文件,如系统配置文件、数据库配置文件等等,导致网站处于极度不安全的状态。","厂商已发布了漏洞修复程序,请及时关注更新: https://www.sangfor.com.cn","文件读取","SANGFOR-IOMS catjs.php File Read Vulnerability","Convinced by the Internet optimization management system deployment does not need to be adjusted, and transparent bridging mode is supported in organizational networks. At the same time, Intranet users can directly access the Internet regardless of any changes and maintain the original Internet access habits. This enables all data centers, links, and servers to be fully utilized.catjs.php file has any file reading vulnerability, through which an attacker can download any file in the server and leak sensitive information of the server.","SANGFOR-IOMS","Attackers can use this vulnerability to read important server files, such as system configuration files, database configuration files, and so on, causing the website to be in an extremely insecure state.","The vendor has released a bug fix, please pay attention to the update in time: https://www.sangfor.com.cn","File Read","","title=""SANGFOR上网优化管理""","97","6.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"海康运行管理中心命令执行漏洞","海康威视是以视频为核心的智能物联网解决方案和大数据服务提供商。杭州海康威视数字技术股份有限公司运行管理中心系统存在命令执行漏洞,攻击者可利用该漏洞获取服务器权限。","海康运行管理中心","海康运行管理中心系统使用低版本的fastjson,攻击者可在未鉴权情况下获取服务器权限,且由于存在相关依赖,即使服务器不出网无法远程加载恶意类也可通过本地链直接命令执行,从而获取服务器权限。","最新版已修复该漏洞,升级系统版本至最新版即可:https://www.hikvision.com/cn/19th-asian-games/isecure-center/?q=%E6%B5%B7%E5%BA%B7%E5%9F%9F%E8%A7%81%E7%BB%BC%E5%90%88%E5%AE%89%E9%98%B2%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0","命令执行","Command Execution Vulnerability in Hikvision Operations Management Center","Hikvision is a video-centric provider of intelligent IoT solutions and big data services. A command execution vulnerability exists in the operation and management center system of Hangzhou Hikvision Digital Technology Co. An attacker could use the vulnerability to gain server privileges.","Haikang Operation Management Center","The attacker can obtain server privileges without authentication, and due to the existence of relevant dependencies, even if the server is not able to remotely load the malicious class without the network, it can be executed through the local chain directly command, thus obtaining server privileges.","The latest version has fixed the vulnerability, upgrade the system version to the latest version :https://www.hikvision.com/cn/19th-asian-games/isecure-center/?q=%E6%B5%B7%E5%BA%B7%E5%9F%9F%E8%A7%81%E7%BB%BC%E5%90%88%E5%AE%89%E9%98%B2%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0","Command Execution","","header=""X-Content-Type-Options: nosniff"" && body=""<h1>Welcome to OpenResty!</h1>"" && header=""X-Xss-Protection: 1; mode=block""","5905","9.6","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Command-Execution-Vulnerability-in-Hikvision-Operations-Management-Center-mi5s5afk.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"网神 SecGate 3600 防火墙 obj_area_import_save 文件上传漏洞","网神SecGate 3600防火墙是基于状态检测包过滤和应用级代理的复合型硬件防火墙,是专门面向大中型企业、政府、军队、高校等用户开发的新一代专业防火墙设备,支持外部攻击防范、内网安全、网络访问权限控制、网络流量监控和带宽管理、动态路由、网页内容过滤、邮件内容过滤、IP冲突检测等功能,能够有效地保证网络的安全;产品提供灵活的网络路由/桥接能力,支持策略路由,多出口链路聚合;提供多种智能分析和管理手段,支持邮件告警,支持日志审计,提供全面的网络管理监控,协助网络管理员完成网络的安全管理。网神SecGate 3600防火墙存在文件上传漏洞,攻击者可以通过该漏洞获取服务器控制权限。","网神SecGate-3600防火墙","网神SecGate 3600防火墙存在文件上传漏洞,攻击者可以通过该漏洞获取服务器控制权限。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.legendsec.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件上传","Netgod SecGate 3600 Firewall obj_area_import_save File Upload Vulnerability","Netgod SecGate 3600 firewall is a composite hardware firewall based on status detection packet filtering and application level agents. It is a new generation of professional firewall equipment specially developed for large and medium-sized enterprises, governments, military, universities and other users. It supports external attack prevention, internal network security, network access control, network traffic monitoring and bandwidth management, dynamic routing, web content filtering, email content filtering, IP conflict detection and other functions, It can effectively ensure the security of the network; The product provides flexible network routing/bridging capabilities, supports policy routing and multi outlet link aggregation; It provides a variety of intelligent analysis and management methods, supports email alarm, supports log audit, provides comprehensive network management monitoring, and assists network administrators in completing network security management.There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions.","legendsec-Secgate-3600-firewall","There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions.","1. The vulnerability has not been repaired officially. Please contact the manufacturer to repair the vulnerability: https://www.legendsec.com/2. Set access policies and white list access through security devices such as firewalls.3. If it is not necessary, public network access to the system is prohibited.","File Upload","","title=""网神SecGate 3600防火墙""","725","10.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E7%BD%91%E7%A5%9E-SecGate-3600-%E9%98%B2%E7%81%AB%E5%A2%99-obj_area_import_save-%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E-uh9kvmng.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"网神 SecGate 3600 防火墙 app_av_import_save 文件上传漏洞","网神SecGate 3600防火墙是基于状态检测包过滤和应用级代理的复合型硬件防火墙,是专门面向大中型企业、政府、军队、高校等用户开发的新一代专业防火墙设备,支持外部攻击防范、内网安全、网络访问权限控制、网络流量监控和带宽管理、动态路由、网页内容过滤、邮件内容过滤、IP冲突检测等功能,能够有效地保证网络的安全;产品提供灵活的网络路由/桥接能力,支持策略路由,多出口链路聚合;提供多种智能分析和管理手段,支持邮件告警,支持日志审计,提供全面的网络管理监控,协助网络管理员完成网络的安全管理。网神SecGate 3600防火墙存在文件上传漏洞,攻击者可以通过该漏洞获取服务器控制权限。","网神SecGate-3600防火墙","网神SecGate 3600防火墙存在文件上传漏洞,攻击者可以通过该漏洞获取服务器控制权限。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.legendsec.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件上传","Netgod SecGate 3600 Firewall app_av_import_save File Upload Vulnerability","Netgod SecGate 3600 firewall is a composite hardware firewall based on status detection packet filtering and application level agents. It is a new generation of professional firewall equipment specially developed for large and medium-sized enterprises, governments, military, universities and other users. It supports external attack prevention, internal network security, network access control, network traffic monitoring and bandwidth management, dynamic routing, web content filtering, email content filtering, IP conflict detection and other functions, It can effectively ensure the security of the network; The product provides flexible network routing/bridging capabilities, supports policy routing and multi outlet link aggregation; It provides a variety of intelligent analysis and management methods, supports email alarm, supports log audit, provides comprehensive network management monitoring, and assists network administrators in completing network security management.There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions.","legendsec-Secgate-3600-firewall","There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions.","1. The vulnerability has not been repaired officially. Please contact the manufacturer to repair the vulnerability: https://www.legendsec.com/2. Set access policies and white list access through security devices such as firewalls.3. If it is not necessary, public network access to the system is prohibited.","File Upload","","title=""网神SecGate 3600防火墙""","725","10.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E7%BD%91%E7%A5%9E-SecGate-3600-%E9%98%B2%E7%81%AB%E5%A2%99-app_av_import_save-%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E-ymjpzqvj.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"DOCBOX dynamiccontent.properties.xhtml 文件 cmd 参数远程代码执行漏洞","DOCBOX是一个可以改善医疗保健的解决方案,易于使用,并基于安全、开放的系统。DOCBOX系统 javax.faces.resource 存在代码执行漏洞,攻击者可执行任意代码获取服务器权限。","DOCBOX","DOCBOX系统 javax.faces.resource 存在代码执行漏洞,攻击者可执行任意代码获取服务器权限。","目前厂商已发布安全补丁,请及时更新:https://docboxmed.com/。","代码执行","DOCBOX dynamiccontent.properties.xhtml Remote Code Execution Vulnerability","DOCBOX is a solution that can improve healthcare, is easy to use, and is based on a secure, open system.There is a code execution vulnerability in the javax.faces.resource of the DOCBOX system, and an attacker can execute arbitrary code to obtain server permissions.","DOCBOX","There is a code execution vulnerability in the javax.faces.resource of the DOCBOX system, and an attacker can execute arbitrary code to obtain server permissions.","At present, the manufacturer has released security patches, please update in time: https://docboxmed.com/.","Code Execution","","body=""docbox.webapp""","657","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Apusic应用服务器 deployApp 任意文件上传漏洞","金蝶Apusic应用服务器是国内第一个遵循J2EE标准的自有知识产权的纯Java应用服务器。金蝶Apusic应用服务器 deployApp 接口存在任意文件上传漏洞,攻击者可通过双斜杠绕过鉴权并上传恶意压缩包接管服务器权限。","Apusic应用服务器","金蝶Apusic应用服务器 deployApp 接口存在任意文件上传漏洞,攻击者可通过双斜杠绕过鉴权并上传恶意压缩包接管服务器权限。","目前厂商已发布安全补丁,请及时更新:http://www.kingdee.com/。","信创,文件上传","Kingdee Apusic Application Server deployApp Arbitrary File Upload Vulnerability","Kingdee Apusic application server is the first pure Java application server in China with its own intellectual property rights following the J2EE standard.There is an arbitrary file upload vulnerability in the deployApp interface of the Kingdee Apusic application server. Attackers can use double slashes to bypass authentication and upload malicious compressed packages to take over server permissions.","APUSIC-App-Server","There is an arbitrary file upload vulnerability in the deployApp interface of the Kingdee Apusic application server. Attackers can use double slashes to bypass authentication and upload malicious compressed packages to take over server permissions.","Currently the manufacturer has released security patches, please update in time: http://www.kingdee.com/.","Information technology application innovation industry,File Upload","","title=""Apusic应用服务器""","232","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"金蝶-EAS easWebClient 任意文件下载漏洞","金蝶-EAS是领先的企业管理系统,帮助企业构筑业财资税票档一体化平台,涵盖人力资源管理,税务管理、财务共享、采购管理、库存管理、生产制造等内容。金蝶-EAS easWebClient 存在任意文件读取漏洞,攻击者可读取config.jar等敏感配置文件信息。","Kingdee-EAS","金蝶-EAS easWebClient 存在任意文件读取漏洞,攻击者可读取config.jar等敏感配置文件信息。","目前厂商已发布安全补丁,请及时更新:http://www.kingdee.com/。","文件读取","Kingdee-EAS easWebClient Arbitrary File Download Vulnerability","Kingdee-EAS is a leading enterprise management system, which helps enterprises to build an integrated platform for industry, treasury, tax and invoice files, covering human resource management, tax management, financial sharing, procurement management, inventory management, production and manufacturing, etc.There is an arbitrary file reading vulnerability in Kingdee-EAS easWebClient, and attackers can read sensitive configuration file information such as config.jar.","Kingdee-EAS","There is an arbitrary file reading vulnerability in Kingdee-EAS easWebClient, and attackers can read sensitive configuration file information such as config.jar.","Currently the manufacturer has released security patches, please update in time: http://www.kingdee.com/.","File Read","","body=""easSessionId"" || header=""easportal"" || header=""eassso/login"" || banner=""eassso/login"" || body=""/eassso/common"" || (title=""EAS系统登录"" && body=""金蝶"")","255","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"致远 M1 移动端 userTokenService 代码执行漏洞","致远 M1 Server是一个移动服务。致远 M1 Server userTokenService 代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","致远互联-M1移动端","致远 M1 Server userTokenService 代码执行漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.seeyon.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","代码执行","seeyon M1 Server userTokenService Code Execution Vulnerability","Seeyon M1 Server is a mobile device.Seeyon M1 Server userTokenService code execution vulnerability, attackers can arbitrarily execute code on the server side, write back door, obtain server permissions, and then control the entire web server.","SEEYON-M1-Mobile","Seeyon M1 Server userTokenService code execution vulnerability, attackers can arbitrarily execute code on the server side, write back door, obtain server permissions, and then control the entire web server.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://www.seeyon.com/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Code Execution","","title==""M1-Server 已启动""","7050","10.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-pzqyk4tx.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友时空 KSOA QueryService 处 content 参数 SQL 注入漏洞","用友时空KSOA是建立在SOA理念指导下研发的新一代产品,是根据流通企业前沿的IT需求推出的统一的IT基础架构,它可以让流通企业各个时期建立的IT系统之间彼此轻松对话,帮助流通企业保护原有的IT投资,简化IT管理,提升竞争能力,确保企业整体的战略目标以及创新活动的实现。用友时空KSOA系统中QueryService处存在sql注入漏洞,攻击者利用漏洞可以获取数据库敏感信息。","用友-时空KSOA","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.yonyou.com/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","Yonyou KSOA QueryService SQL Injection vulnerability","Yonyou KSOA spacetime is based on the KSOA concept under the guidance of research and development of a new generation of products, is according to the forefront of circulation enterprises IT requirements to launch the unification of the IT infrastructure, IT can make circulation enterprises established between IT systems in different historical periods, relaxed conversation with each other, help circulation enterprises to protect the existing IT investments, simplify IT management, enhance competition ability, Ensure that the overall strategic objectives and innovation activities of the enterprise are achieved. SQL injection vulnerability exists in some function of Yonyou spatio-temporal KSOA, which can be used by attackers to obtain database sensitive information.","yonyou-Time-and-Space-KSOA","In addition to using SQL injection vulnerability to obtain information in the database (for example, administrator background password, site user personal information), the attacker can even write Trojan horse to the server in the case of high permission to further obtain server system permission.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://www.yonyou.com/2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","SQL Injection","","body=""onmouseout=\""this.classname='btn btnOff'\""""","3995","10","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"奇安信天擎终端安全管理系统信息泄露漏洞","天擎终端安全管理系统是面向政企单位推出的一体化终端安全产品解决方案。天擎终端安全管理系统存在信息泄露漏洞,攻击者通过构造特殊URL地址,读取系统敏感信息。","奇安信-天擎","天擎终端安全管理系统存在信息泄露漏洞,攻击者通过构造特殊URL地址,读取系统敏感信息。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.qianxin.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","信息泄露","Qi An Xin Tianqing Terminal Security Management System information disclosure vulnerability","Tianqing Terminal Security Management System is an integrated terminal security product solution for government and enterprise units.Tianqing Terminal Security Management System has an information disclosure vulnerability,the attacker reads the sensitive information of the system by constructing a special URL address.","Qianxin-TianQing","Tianqing Terminal Security Management System has an information disclosure vulnerability,the attacker reads the sensitive information of the system by constructing a special URL address.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://www.qianxin.com/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","Information Disclosure","","title=""新天擎""","574","5.6","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"天擎终端安全管理系统 YII_CSRF_TOKEN 远程代码执行漏洞","奇安信天擎是奇安信集团旗下一款致力于一体化终端安全解决方案的终端安全管理系统(简称“天擎”)产品。奇安信天擎终端安全管理系统web部分使用yii框架 该版本框架自带反序列化入口点,攻击者可执行任意代码获取服务器权限。","奇安信-天擎","奇安信天擎终端安全管理系统web部分使用yii框架 该版本框架自带反序列化入口点,攻击者可执行任意代码获取服务器权限。","厂商已发布安全补丁,请及时更新:https://www.qianxin.com/。","代码执行","Tianqing terminal security management system YII_CSRF_TOKEN remote code execution vulnerability","Qi Anxin Tianqing is a terminal security management system (referred to as ""Tianqing"") product of Qi Anxin Group dedicated to integrated terminal security solutions.The web part of Qi'an Xintianqing terminal security management system uses the yii framework. This version of the framework has its own deserialization entry point, and the attacker can execute arbitrary code to obtain server permissions.","Qianxin-TianQing","The web part of Qi'an Xintianqing terminal security management system uses the yii framework. This version of the framework has its own deserialization entry point, and the attacker can execute arbitrary code to obtain server permissions.","The manufacturer has released security patches, please update them in time: https://www.qianxin.com/.","Code Execution","","title=""360新天擎"" || body=""appid\"":\""skylar6"" || body=""/task/index/detail?id={item.id}"" || body=""已过期或者未授权,购买请联系4008-136-360"" || title=""360天擎"" || title=""360天擎终端安全管理系统""","875","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-gdn0lgsh.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"时空智友企业流程化管控系统 login 文件读取漏洞","时空智友企业流程化管控系统是使用JAVA开发为企业提供流程化管控的一款系统。时空智友企业流程化管控系统 login 文件读取漏洞,攻击者可利用该漏洞获取系统的敏感信息等。","时空智友企业流程化管控系统","时空智友企业流程化管控系统login 文件读取漏洞,攻击者可利用该漏洞获取系统的敏感信息等。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.91skzy.net2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","文件读取","91skzy Enterprise process control system login File Read vulnerability","Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Zhiyou enterprise process control system login file read vulnerability, attackers can use the vulnerability to obtain sensitive information of the system.","时空智友企业流程化管控系统","Spatiotemporal Zhiyou enterprise process control system login file read vulnerability, attackers can use the vulnerability to obtain sensitive information of the system.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.91skzy.net2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","File Read","","body=""企业流程化管控系统"" && body=""密码(Password):""","1467","9","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"时空智友企业流程化管控系统 formservice 文件上传漏洞","时空智友企业流程化管控系统是使用JAVA开发为企业提供流程化管控的一款系统。时空智友企业流程化管控系统 formservice 文件上传漏洞,攻击者可利用该漏洞获取系统权限等.","时空智友企业流程化管控系统","时空智友企业流程化管控系统 formservice SQL注入漏洞,攻击者可利用该漏洞获取系统权限等.","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.91skzy.net","文件上传","91skzy Enterprise process control system formservice File Upload vulnerability","Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Zhiyou enterprise process control system formservice file upload vulnerability, attackers can use the vulnerability to obtain system permissions.","时空智友企业流程化管控系统","Spatiotemporal Zhiyou enterprise process control system formservice file upload vulnerability, attackers can use the vulnerability to obtain system permissions.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.91skzy.net","File Upload","","body=""企业流程化管控系统"" && body=""密码(Password):""","1467","9","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-sltukgs1.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"广联达-Linkworks 协同办公管理平台 GetUserByEmployeeCode 文件 employeeCode 参数 SQL注入漏洞","广联达-Linkworks协同办公管理平台是一款围绕工程项目的全生命周期,为客户提供数字化软硬件产品、解决方案的管理系统。广联达-Linkworks协同办公管理平台 GetUserByEmployeeCode存在 SQL注入漏洞,攻击者可获取用户名密码等敏感信息。","广联达-Linkworks协同办公管理平台","广联达-Linkworks协同办公管理平台 GetUserByEmployeeCode 存在 SQL注入漏洞,攻击者可获取用户名密码等敏感信息。","目前厂商已发布安全补丁,请及时更新:https://www.glodon.com/。","SQL注入","Glodon-Linkworks GetUserByEmployeeCode employeeCode SQL Injection Vulnerability","Glodon-Linkworks collaborative office management platform is a management system that focuses on the entire life cycle of engineering projects and provides customers with digital software and hardware products and solutions.Glodon-Linkworks collaborative office management platform GetUserByEmployeeCode has a SQL injection vulnerability, and attackers can obtain sensitive information such as usernames and passwords.","Glodon-Linkworks","Glodon-Linkworks collaborative office management platform GetUserByEmployeeCode has a SQL injection vulnerability, and attackers can obtain sensitive information such as usernames and passwords.","At present, the manufacturer has released security patches, please update in time: https://www.glodon.com/.","SQL Injection","","body=""Services/Identification/login.ashx"" || header=""Services/Identification/login.ashx"" || banner=""Services/Identification/login.ashx""","27341","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-wlynpaph.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"华天动力-OA8000 MyHttpServlet 文件 reportFile 参数文件上传漏洞","华天动力OA是一款将先进的管理思想、 管理模式和软件技术、网络技术相结合,为用户提供了低成本、 高效能的协同办公和管理平台。华天动力OA MyHttpServlet 存在任意文件上传漏洞,攻击者可上传恶意的raq文件并执行raq文件中的任意sql语句,获取用户账号密码等敏感信息。","华天动力-OA8000","华天动力OA MyHttpServlet 存在任意文件上传漏洞,攻击者可上传恶意的raq文件并执行raq文件中的任意sql语句,获取用户账号密码等敏感信息。","目前厂商已发布安全补丁,请及时更新:http://www.oa8000.com。","SQL注入","Huatian-OA8000 MyHttpServlet reportFile Arbitrary File Upload Vulnerability","Huatian-OA8000 is a combination of advanced management ideas, management models, software technology and network technology, providing users with a low-cost, high-efficiency collaborative office and management platform.There is an arbitrary file upload vulnerability in Huatian Power OA MyHttpServlet. Attackers can upload malicious raq files and execute arbitrary sql statements in the raq files to obtain sensitive information such as user account passwords.","Huatian-OA8000","There is an arbitrary file upload vulnerability in Huatian Power OA MyHttpServlet. Attackers can upload malicious raq files and execute arbitrary sql statements in the raq files to obtain sensitive information such as user account passwords.","Currently the manufacturer has released security patches, please update in time: http://www.oa8000.com.","SQL Injection","","body=""/OAapp/WebObjects/OAapp.woa""","2226","8.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E5%8D%8E%E5%A4%A9%E5%8A%A8%E5%8A%9B-OA8000-MyHttpServlet-%E6%96%87%E4%BB%B6-reportFile-%E5%8F%82%E6%95%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E-exezkvdd.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"锐捷交换机 WEB 管理系统 EXCU_SHELL 信息泄露漏洞","锐捷交换机WEB管理系统是一款被广泛应用于政府、教育、金融、医疗卫生、企业的交换机设备。锐捷交换机WEB管理系统 EXCU_SHELL 存在信息泄露漏洞,攻击者可获取系统密码等敏感信息进一步控制系统。","锐捷交换机WEB管理系统","锐捷交换机WEB管理系统 EXCU_SHELL 存在信息泄露漏洞,攻击者可获取系统密码等敏感信息进一步控制系统。","厂商已发布安全补丁,请及时更新:https://www.ruijie.com.cn/。","信息泄露","Ruijie WEB Management System EXCU_SHELL Information Disclosure Vulnerability","Ruijie WEB management system is a switch device widely used in government, education, finance, medical and health care, and enterprises.Ruijie WEB management system EXCU_SHELL has an information leakage vulnerability, and attackers can obtain sensitive information such as system passwords to further control the system.","Ruijie-WEB-management-system","Ruijie WEB management system EXCU_SHELL has an information leakage vulnerability, and attackers can obtain sensitive information such as system passwords to further control the system.","The manufacturer has released security patches, please update them in time: https://www.ruijie.com.cn/.","Information Disclosure","","body=""img/free_login_ge.gif"" && body=""./img/login_bg.gif""","912","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E9%94%90%E6%8D%B7%E4%BA%A4%E6%8D%A2%E6%9C%BA-WEB-%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F-EXCU_SHELL-%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E-0tqxbwjr.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"致远互联-OA wpsAssistServlet 文件 templateUrl 参数任意文件读取漏洞","致远互联-OA 是数字化构建企业数字化协同运营中台,面向企业各种业务场景提供一站式大数据分析解决方案的协同办公软件。致远互联-OA wpsAssistServlet 存在任意文件读取漏洞,攻击者可读取系统密码等敏感信息进一步控制系统。","致远互联-OA","致远互联-OA wpsAssistServlet 存在任意文件读取漏洞,攻击者可读取系统密码等敏感信息进一步控制系统。","目前厂商已发布安全补丁,请及时更新:https://www.seeyon.com/。","文件读取","Seeyou-OA wpsAssistServlet templateUrl Arbitrary File Read Vulnerability","Seeyou-OA is a collaborative office software that digitally builds the digital collaborative operation platform of enterprises and provides one-stop big data analysis solutions for various business scenarios of enterprises.Seeyou-OA wpsAssistServlet has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as system passwords to further control the system.","SEEYON-OA","Seeyou-OA wpsAssistServlet has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as system passwords to further control the system.","At present, the manufacturer has released security patches, please update in time: https://www.seeyon.com/.","File Read","","body=""/seeyon/USER-DATA/IMAGES/LOGIN/login.gif"" || title=""用友致远A"" || (body=""/yyoa/"" && body!=""本站内容均采集于"") || header=""path=/yyoa"" || server==""SY8044"" || (body=""A6-V5企业版"" && body=""seeyon"" && body=""seeyonProductId"") || (body=""/seeyon/common/"" && body=""var _ctxpath = '/seeyon'"") || (body=""A8-V5企业版"" && body=""/seeyon/"") || banner=""Server: SY8044""","53406","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E8%87%B4%E8%BF%9C%E4%BA%92%E8%81%94-OA-wpsAssistServlet-%E6%96%87%E4%BB%B6-templateUrl-%E5%8F%82%E6%95%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E-fjsqxbsu.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"科荣 AIO 管理系统 UtilServlet 文件 fileName 参数文件读取漏洞","科荣AIO管理系统是一款十分优秀的企业管理工具。科荣AIO管理系统 UtilServlet 文件读取漏洞,攻击者可利用该漏洞获取系统的敏感信息等。","科荣AIO管理系统","科荣AIO管理系统 UtilServlet 文件读取漏洞,攻击者可利用该漏洞获取系统的敏感信息等。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.koronsoft.com/2、如非必要,禁止公网访问该系统。","文件读取","koronsoft AIO management system UtilServlet fileName File Read vulnerability","KoronsoftAIO management system is a very excellent enterprise management tool.The UtilServlet file reading vulnerability of koronsoftAIO management system can be used to obtain sensitive information of the system.","koronsoft AIO management system","The UtilServlet file reading vulnerability ofkoronsoftAIO management system can be used to obtain sensitive information of the system.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.koronsoft.com/2. If not necessary, prohibit public network access to the system.","File Read","","body=""changeAccount('8000')""","1976","9","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E7%A7%91%E8%8D%A3-AIO-%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F-UtilServlet-%E6%96%87%E4%BB%B6-fileName-%E5%8F%82%E6%95%B0%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E-7u5npzdr.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"时空智友企业流程化管控系统 wc.db 文件信息泄露漏洞","时空智友企业流程化管控系统是使用JAVA开发为企业提供流程化管控的一款系统。时空智友企业流程化管控系统 wc.db 信息泄露漏洞,攻击者可利用该漏洞获取系统的敏感信息等。","时空智友企业流程化管控系统","时空智友企业流程化管控系统 wc.db 信息泄露漏洞,攻击者可利用该漏洞获取系统的敏感信息等。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.91skzy.net2、如非必要,禁止公网访问该系统。","信息泄露","91skzy Enterprise process control system wc.db Information Disclosure vulnerability","Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Wisdom enterprise process control system wc.db information leakage vulnerability, attackers can use the vulnerability to obtain sensitive information of the system.","时空智友企业流程化管控系统","Spatiotemporal Wisdom enterprise process control system wc.db information leakage vulnerability, attackers can use the vulnerability to obtain sensitive information of the system.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.91skzy.net2. If not necessary, prohibit public network access to the system.","Information Disclosure","","body=""企业流程化管控系统"" && body=""密码(Password):""","1213","9","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E6%97%B6%E7%A9%BA%E6%99%BA%E5%8F%8B%E4%BC%81%E4%B8%9A%E6%B5%81%E7%A8%8B%E5%8C%96%E7%AE%A1%E6%8E%A7%E7%B3%BB%E7%BB%9F-wc.db-%E6%96%87%E4%BB%B6%E4%BF%A1%E6%81%AF%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E-u6xtcld7.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"畅捷通T+ DownloadProxy.aspx 文件 Path 参数文件读取漏洞","畅捷通T+ 是一款智慧、灵动、时尚的基于互联网时代的企业管理软件。畅捷通T+ DownloadProxy.aspx 存在任意文件读取漏洞,攻击者可读取web.config等敏感信息进一步控控制服务器权限。","畅捷通-TPlus","畅捷通T+ DownloadProxy.aspx 存在任意文件读取漏洞,攻击者可读取web.config等敏感信息进一步控控制服务器权限。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.chanjet.com/。","文件读取","Chanjet T+ DownloadProxy.aspx Path File Read Vulnerability","Chanjet T+ is a smart, flexible and stylish enterprise management software based on the Internet era.Chanjet T+ DownloadProxy.aspx has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as web.config to further control server permissions.","Chanjet-TPlus","Chanjet T+ DownloadProxy.aspx has arbitrary file reading vulnerabilities, and attackers can read sensitive information such as web.config to further control server permissions.","The vendor has released a bug fix, please pay attention to the update in time: https://www.chanjet.com/.","File Read","","body=""><script>location='/tplus/';</script></body>"" || title==""畅捷通 T+""","112547","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress js-support-ticket 插件 saveconfiguration 功能文件上传漏洞","JS Help Desk是一个专业、简单、易用且完整的客户支持系统。 与市场上大多数昂贵(且复杂)的支持票系统相比,JS Help Desk 具有许多功能。JS Help Desk <= 2.7.1存在未授权上传漏洞。","wordpress-plugin-js-support-ticket","攻击者可以利用上传的恶意脚本文件控制整个网站,甚至控制服务器。这个恶意的脚本文件,又被称为WebShell,也可以将WebShell脚本称为一种网页后门,WebShell脚本具有非常强大的功能,比如查看服务器目录、服务器中的文件,执行系统命令等。","厂商已发布了漏洞修复程序,请及时关注更新:https://wordpress.org/plugins/js-support-ticket/","文件上传","WordPress Plugin js-support-ticket File Upload Vulnerability","JS Help Desk is a professional, simple, easy to use and complete customer support system. JS Help Desk comes packed with lot features than most of the expensive(and complex) support ticket system on market.JS Help Desk <= 2.7.1 Unauthenticated Arbitrary File Upload.","wordpress-plugin-js-support-ticket","An attacker can use the uploaded malicious script file to control the whole website or even control the server. This malicious script file, also known as WebShell, can also be referred to as a kind of web backdoor. WebShell scripts have very powerful functions, such as viewing server directories, files in the server, executing system commands, etc.","The vendor has released a bug fix, please pay attention to the update in time:https://wordpress.org/plugins/js-support-ticket/","File Upload","","body=""wp-content/plugins/js-support-ticket""","1115","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"时空智友企业流程化管控系统 formservice SQL 注入漏洞","时空智友企业流程化管控系统是使用JAVA开发为企业提供流程化管控的一款系统。时空智友企业流程化管控系统 formservice SQL注入漏洞,攻击者可利用该漏洞获取数据库的敏感信息等.","时空智友企业流程化管控系统","时空智友企业流程化管控系统 formservice SQL注入漏洞,攻击者可利用该漏洞获取数据库的敏感信息等.","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.91skzy.net2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","91skzy Enterprise process control system formservice SQL Injection vulnerability","Spatiotemporal Intelligent Friend enterprise process management and control system is a system that uses JAVA development to provide process management and control for enterprises.Spatiotemporal Wisdom enterprise process management and control system formservice SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information.","时空智友企业流程化管控系统","Spatiotemporal Wisdom enterprise process management and control system formservice SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.91skzy.net2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","SQL Injection","","body=""企业流程化管控系统""","1461","9","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"红帆 OA zyy_AttFile.asmx 文件 fileName 参数 SQL 注入漏洞","红帆OA是红帆科技基于微软.NET最新技术开发的信息管理平台,红帆oa系统为医院提供oA功能,完成信息发布、流程审批、公文管理、日程管理、工作安排、文件传递、在线沟通等行政办公业务。红帆协同办公系统是国内最专业、成功案例最多的医院OA。红帆iOffice医院版存在SQL注入漏洞,攻击者可利用该漏洞获取数据库敏感信息。","红帆-ioffice","红帆iOffice医院版存在SQL注入漏洞,攻击者可利用该漏洞获取数据库敏感信息。","厂商已发布了漏洞修复程序,请及时关注更新:http://www.hongfan.cn/","SQL注入","Hongfan OA zyy_AttFile.asmx File SQL Injection Vulnerability","Hongfan OA is an information management platform developed by Hongfan Technology based on the latest technology of Microsoft. NET. The Hongfan OA system provides the hospital with oA functions and completes administrative office services such as information release, process approval, document management, schedule management, work arrangement, document transfer, online communication, etc. Hongfan collaborative office system is the most professional and successful hospital OA in China.","ioffice","There is a SQL injection vulnerability in Hongfan iOffice Hospital Edition, which can be used by attackers to obtain sensitive database information.","The manufacturer has released a vulnerability repair program. Please pay attention to the update in time: http://www.hongfan.cn/","SQL Injection","","title=""iOffice.net"" || body=""/iOffice/js"" || (body=""iOffice.net"" && header!=""couchdb"" && header!=""drupal"") || body=""iOfficeOcxSetup.exe"" || body=""Hongfan. All Rights Reserved""","261","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"红帆-ioffice iorepsavexml.aspx 任意文件上传漏洞","红帆OA 是一款为医院提供oA功能,完成信息发布、流程审批、公文管理、日程管理、工作安排、文件传递、在线沟通等行政办公业务。红帆OA iorepsavexml.aspx文件存在任意文件上传漏洞,攻击者可上传恶意木马获取服务器权限。","红帆-ioffice","红帆OA iorepsavexml.aspx文件存在任意文件上传漏洞,攻击者可上传恶意木马获取服务器权限。","目前厂商已发布安全补丁请及时关注官网更新:http://www.ioffice.cn/。","文件上传","iOffice OA iorepsavexml.aspx Arbitrary File Upload Vulnerability","Hongfan OA is an oA function that provides hospitals with information release, process approval, document management, schedule management, work arrangement, file delivery, online communication and other administrative office services.There is an arbitrary file upload vulnerability in the Hongfan OA iorepsavexml.aspx file. Attackers can upload malicious Trojan horses to obtain server permissions.","ioffice","There is an arbitrary file upload vulnerability in the Hongfan OA iorepsavexml.aspx file. Attackers can upload malicious Trojan horses to obtain server permissions.","At present, the manufacturer has released security patches, please pay attention to the official website for updates: http://www.ioffice.cn/.","File Upload","","title=""iOffice.net"" || body=""/iOffice/js"" || (body=""iOffice.net"" && header!=""couchdb"" && header!=""drupal"") || body=""iOfficeOcxSetup.exe"" || body=""Hongfan. All Rights Reserved""","261","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress perfect survey 插件 admin-ajax.php 文件 question_id 参数 SQL注入漏洞(CVE-2021-24762)","WordPress plugin perfect survey 是一款用于调研用户反馈问题的插件。WordPress plugin perfect survey 1.5.2之前版本存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令获取用户密码等敏感信息。","wordpress-plugin-perfect-survey","WordPress plugin perfect survey 1.5.2之前版本存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令获取用户密码等敏感信息。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wordpress.org/plugins/perfect-survey/。","SQL注入","WordPress plugin perfect survey admin-ajax.php question_id SQL Injection Vulnerability (CVE-2021-24762)","WordPress plugin perfect survey is a plugin for surveying user feedback issues.WordPress plugin perfect survey version before 1.5.2 has a SQL injection vulnerability, the vulnerability stems from the lack of validation of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands to obtain sensitive information such as user passwords.","wordpress-plugin-perfect-survey","WordPress plugin perfect survey version before 1.5.2 has a SQL injection vulnerability, the vulnerability stems from the lack of validation of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands to obtain sensitive information such as user passwords.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wordpress.org/plugins/perfect-survey/.","SQL Injection","CVE-2021-24762","body=""/wp-content/plugins/perfect-survey""","628","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/CVE-2021-24762-tjivv9ns.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress QuadMenu 插件 admin-ajax.php 文件 output 参数任意文件上传漏洞","WordPress Plugin QuadMenu 是一款为主题开发人员设计的最佳响应式巨型菜单插件,具有可自定义的菜单布局和megamenu拖放字段。WordPress Plugin QuadMenu <2.0.7版本存在任意文件上传漏洞,该漏洞源于compiler_save没有校验上传文件后缀,攻击者可上传木马获取服务器权限。","wordpress-plugin-quadmenu","WordPress Plugin QuadMenu <2.0.7版本存在任意文件上传漏洞,该漏洞源于compiler_save没有校验上传文件后缀,攻击者可上传木马获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wordpress.org/plugins/quadmenu/。","文件上传","WordPress Plugin QuadMenu admin-ajax.php output File Upload Vulnerability","WordPress Plugin QuadMenu is a best responsive mega menu plugin designed for theme developers with customizable menu layout and megamenu drag and drop fields.WordPress Plugin QuadMenu <2.0.7 has an arbitrary file upload vulnerability. The vulnerability is due to compiler_save not verifying the suffix of the uploaded file, and an attacker can upload a Trojan horse to obtain server permissions.","wordpress-plugin-quadmenu","WordPress Plugin QuadMenu <2.0.7 has an arbitrary file upload vulnerability. The vulnerability is due to compiler_save not verifying the suffix of the uploaded file, and an attacker can upload a Trojan horse to obtain server permissions.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wordpress.org/plugins/quadmenu/.","File Upload","","body=""wp-content/plugins/quadmenu""","7573","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress SuperStoreFinder-wp 插件 import.php 任意文件上传漏洞","WordPress SuperStoreFinder-wp 是一款内置了精确的地理位置,让客户以最简单的方式路由和到达您的商店网点的插件。WordPress SuperStoreFinder-wp 插件没有正确检查文件上传,攻击者可以将Content-Type标头设置为text/csv,并使用双扩展来绕过现有的检查,攻击者可上传恶意文件获取服务器权限。","wordpress-plugin-superstorefinder-wp","WordPress SuperStoreFinder-wp 插件没有正确检查文件上传,攻击者可以将Content-Type标头设置为text/csv,并使用双扩展来绕过现有的检查,攻击者可上传恶意文件获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://superstorefinder.net/。","文件上传","WordPress Plugin SuperStoreFinder-wp import.php File Upload Vulnerability","WordPress Plugin SuperStoreFinder-wp is a plugin with precise geolocation built in to let customers route and reach your store outlets in the easiest way.The WordPress Plugin SuperStoreFinder-wp plugin does not properly check file uploads. An attacker can set the Content-Type header to text/csv and use double extensions to bypass the existing checks. An attacker can upload malicious files to gain server permissions.","wordpress-plugin-superstorefinder-wp","The WordPress Plugin SuperStoreFinder-wp plugin does not properly check file uploads. An attacker can set the Content-Type header to text/csv and use double extensions to bypass the existing checks. An attacker can upload malicious files to gain server permissions.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://superstorefinder.net/.","File Upload","","body=""wp-content/plugins/superstorefinder-wp""","2363","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress 插件 WP Hotel Booking thimpress_hotel_booking_1 参数远程代码执行漏洞(CVE-2020-29047)","WordPress Plugin WP Hotel Booking 是一款完整的酒店预订插件。WordPress Plugin WP Hotel Booking 1.10.2版本存在代码执行漏洞,攻击者可执行恶意代码控制服务器。","wordpress-plugin-wp-hotel-booking","WordPress Plugin WP Hotel Booking 1.10.2版本存在代码执行漏洞,攻击者可执行恶意代码控制服务器。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wordpress.org/plugins/wp-hotel-booking/。","代码执行","WordPress Plugin WP Hotel Booking thimpress_hotel_booking_1 RCE Vulnerability (CVE-2020-29047)","WordPress Plugin WP Hotel Booking is a complete hotel booking plugin.WordPress Plugin WP Hotel Booking version 1.10.2 has a code execution vulnerability, and attackers can execute malicious code to control the server.","wordpress-plugin-wp-hotel-booking","WordPress Plugin WP Hotel Booking version 1.10.2 has a code execution vulnerability, and attackers can execute malicious code to control the server.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wordpress.org/plugins/wp-hotel-booking/.","Code Execution","CVE-2020-29047","body=""wp-content/plugins/wp-hotel-booking""","1940","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"金蝶云星空 Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc 任意代码执行漏洞","金蝶云星空-管理中心 是一款基于领先的可组装低代码PaaS平台,全面服务客户研发、生产、营销、供应链、财务等领域转型。金蝶云星空-管理中心 Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc 接口存在反序列化漏洞,攻击者可执行任意命令获取服务器权限。","金蝶云星空-管理中心","金蝶云星空-管理中心 Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc 接口存在反序列化漏洞,攻击者可执行任意命令获取服务器权限。","目前厂商已发布安全补丁,请及时更新:https://www.kingdee.com/products/galaxy_manufacture.html。","代码执行","Kingdee Cloud Starry Sky-Management Center Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc Arbitrary Code Execution Vulnerability","Kingdee Cloud Starry Sky-Management Center is based on a leading assembleable low-code PaaS platform, which comprehensively serves customers' transformation in R&D, production, marketing, supply chain, finance and other fields.There is a deserialization vulnerability in the Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc interface of Kingdee Cloud Star-Management Center, and an attacker can execute arbitrary commands to obtain server permissions.","Kingde-Cloud-Stars-Management-Center","There is a deserialization vulnerability in the Kingdee.BOS.ServiceFacade.ServicesStub.DevReportService.GetBusinessObjectData.common.kdsvc interface of Kingdee Cloud Star-Management Center, and an attacker can execute arbitrary commands to obtain server permissions.","At present, the manufacturer has released security patches, please update in time: https://www.kingdee.com/products/galaxy_manufacture.html.","Code Execution","","title=""金蝶云星空""","6729","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-duwxic9o.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"VNC 远程桌面系统默认口令漏洞","VNC为一种使用RFB协议的屏幕画面分享及远程操作软件。此软件借由网络,可发送键盘与鼠标的动作及即时的屏幕画面。VNC与操作系统无关,因此可跨平台使用,例如可用Windows连线到某Linux的电脑,反之亦同。甚至在没有安装客户端程序的电脑中,只要有支持JAVA的浏览器,都可以使用。VNC产品存在弱口令,攻击者可利用123456密码进入系统,查看系统信息,修改系统配置,影响用户使用。","VNC","VNC产品存在弱口令,攻击者可利用123456密码进入系统,查看系统信息,修改系统配置,影响用户使用。","1、修改口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该服务。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","VNC remote desktop system default password vulnerability","VNC is a screen sharing and remote operation software using RFB protocol. This software can send keyboard and mouse movements and real-time screen images through the network. VNC has nothing to do with the operating system, so it can be used across platforms, for example, you can use Windows to connect to a Linux computer, and vice versa. Even in a computer without a client program installed, as long as there is a browser that supports JAVA, it can be used.The product has weak passwords, and attackers can use the 123456 password to enter the system, view system information, and modify system configuration, which affects the use of users.","VNC","The product has weak passwords, and attackers can use the 123456 password to enter the system, view system information, and modify system configuration, which affects the use of users.","1. Modify the empty password. The password should preferably contain uppercase and lowercase letters, numbers and special characters, and the number of digits is greater than 8. 2. If it is not necessary, it is forbidden to access the service from the public network. 3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","(protocol=""vnc"" || body=""<APPLET code=VncViewer.class archive=VncViewer.jar"")","2611849","7.3","","[]" |
|
"WordPress Membership 插件 wps_membership_csv_file_upload 文件上传漏洞(CVE-2022-4395)","WordPress plugin Membership 是一款帮助使用会员资格计划吸引客户,向用户提供会员计划作为订阅,以限制访问您的电子商务商店的插件。WordPress plugin Membership 2.1.7之前版本存在代码问题漏洞,该漏洞源于不验证上传的文件。攻击者利用该漏洞上传任意文件,如恶意PHP代码,并远程执行代码。","wordpress-plugin-membership","WordPress plugin Membership 2.1.7之前版本存在代码问题漏洞,该漏洞源于不验证上传的文件。攻击者利用该漏洞上传任意文件,如恶意PHP代码,并远程执行代码。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wordpress.org/plugins/membership-for-woocommerce/。","文件上传","WordPress plugin Membership wps_membership_csv_file_upload File Upload Vulnerability (CVE-2022-4395)","WordPress plugin Membership is a plugin that helps attract customers using membership programs, offers users membership programs as subscriptions to limit access to your eCommerce store.WordPress plugin Membership versions before 2.1.7 have a code problem vulnerability, which is caused by not verifying uploaded files. Attackers exploit this vulnerability to upload arbitrary files, such as malicious PHP code, and execute code remotely.","wordpress-plugin-membership","WordPress plugin Membership versions before 2.1.7 have a code problem vulnerability, which is caused by not verifying uploaded files. Attackers exploit this vulnerability to upload arbitrary files, such as malicious PHP code, and execute code remotely.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wordpress.org/plugins/membership-for-woocommerce/.","File Upload","CVE-2022-4395","body=""wp-content/plugins/Membership"" ","1151","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress Motor 主题 admin-ajax.php 文件包含漏洞(CVE-2021-24375)","Motor 是一个专业的 WordPress WooCommerce 主题,适用于经销商、零售商、商店和机械师。Motor < 3.1.0版本存在文件包含漏洞。","wordpress-theme-motor","Motor < 3.1.0版本存在文件包含漏洞,攻击者可通过该漏洞读取泄露源码、数据库配置文件等等,导致网站处于极度不安全状态。","厂商已发布了漏洞修复程序,请及时关注更新:https://themeforest.net/item/motor-vehicles-parts-equipments-accessories-wordpress-woocommerce-theme/16829946","文件读取,文件包含","WordPress Theme Motor File Inclusion Vulnerability(CVE-2021-24375)","Motor is a professional WordPress WooCommerce Theme for dealers, retailers, shops and mechanics.WordPress Motor Theme < 3.1.0 is vulnerable to Local File Inclusion.","wordpress-theme-motor","Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website.","The vendor has released a bug fix, please pay attention to the update in time:https://themeforest.net/item/motor-vehicles-parts-equipments-accessories-wordpress-woocommerce-theme/16829946","File Read,File Inclusion","CVE-2021-24375","body=""wp-content/themes/motor""","711","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/WordPress-Motor-%E4%B8%BB%E9%A2%98-admin-ajax.php-%E6%96%87%E4%BB%B6%E5%8C%85%E5%90%AB%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2021-24375-bxjvrjll.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"edusoho 教培系统 classroom-course-statistics 任意文件读取漏洞(CNVD-2023-03903)","EduSoho教培系统是由杭州阔知网络科技有限公司研发的开源网校系统,该教培系统<v22.4.7 存在未授权任意文件读取漏洞,通过该漏洞攻击者可以读取到config/parameters.yml文件的内容,拿到该文件中保存的secret值以及数据库账号密码等敏感信息。拿到secret值后,攻击者可以结合symfony框架_fragment路由实现RCE","EduSoho-开源网络课堂","通过该漏洞攻击者可以读取到config/parameters.yml文件的内容,拿到该文件中保存的secret值以及数据库账号密码等敏感信息。拿到secret值后,攻击者可以结合symfony框架_fragment路由实现RCE","厂商已发布了漏洞修复补丁:https://github.com/edusoho/edusoho/commit/fdb5b503706ab51f0e784576061bc601c3eb9c2b, 升级版本到22.4.7即可","命令执行,目录遍历,文件读取","Arbitrary file reading vulnerability of edusoho classroom-course-statistics(CNVD-2023-03903)","The edusoho education and training system <v22.4.7 has unauthorized file reading vulnerability. Through this vulnerability, an attacker can read the contents of the config/parameters.yml file and obtain sensitive information such as the secret value saved in the file and database account password. After the secret value is obtained, an attacker can implement RCE with symfony _fragment routing","EduSoho-Network-Classroom","EduSoho Education and training system is an open source network school system developed by Hangzhou Kozhi Network Technology Company. The education and training system <v22.4.7 has unauthorized arbitrary file reading vulnerability, through which an attacker can read the contents of the config/parameters.yml file. Get the secret value saved in the file, database account password and other sensitive information. After the secret value is obtained, an attacker can implement RCE with symfony _fragment routing","Vendor has released leaks fixes: https://github.com/edusoho/edusoho/commit/fdb5b503706ab51f0e784576061bc601c3eb9c2b, upgrade to version 22.4.7 can","Command Execution,Directory Traversal,File Read","","title=""Powered By EduSoho"" || body=""Powered by <a href=\""http://www.edusoho.com/\"" target=\""_blank\"">EduSoho"" || (body=""Powered By EduSoho"" && body=""var app"")","6957","9.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/edusoho-%E6%95%99%E5%9F%B9%E7%B3%BB%E7%BB%9F-classroom-course-statistics-%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%EF%BC%88CNVD-2023-03903%EF%BC%89-u5tbkdjl.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"dst-admin 饥荒管理后台 sendBroadcast 文件 message 参数远程命令执行漏洞(CVE-2023-0649)","dst-admin是qinming99个人开发者的一个用 Java 语言编写的 web 程序。dst-admin 1.5.0版本存在命令注入漏洞,该漏洞源于文件home/sendBroadcast存在未知功能,通过参数message可以进行命令注入,攻击者可获取服务器权限。","dst-admin","dst-admin 1.5.0版本存在命令注入漏洞,该漏洞源于文件home/sendBroadcast存在未知功能,通过参数message可以进行命令注入,攻击者可获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/qinming99/dst-admin。","命令执行","dst-admin sendBroadcast message RCE Vulnerability (CVE-2023-0649)","dst-admin is a web program written in Java language by the individual developer of qinming99.There is a command injection vulnerability in dst-admin version 1.5.0. The vulnerability comes from the unknown function of the file home/sendBroadcast. Command injection can be performed through the parameter message, and the attacker can obtain server privileges.","dst-admin","There is a command injection vulnerability in dst-admin version 1.5.0. The vulnerability comes from the unknown function of the file home/sendBroadcast. Command injection can be performed through the parameter message, and the attacker can obtain server privileges.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://github.com/qinming99/dst-admin.","Command Execution","CVE-2023-0649","title==""饥荒管理后台""","1999","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress Build App Online 插件 admin-ajax.php 文件 vendor 参数 SQL注入漏洞(CVE-2022-3241)","WordPress plugin Build App Online 是一款帮助您为 woocommerce 创建和运行移动应用程序的插件。WordPress plugin Build App Online 1.0.19之前版本存在SQL注入漏洞,该漏洞源于在SQL语句使用某些参数之前,没有正确地清理和转义这些参数从而导致SQL注入,攻击者可获取账号密码等敏感信息。","wordpress-plugin-build-app-online","WordPress plugin Build App Online 1.0.19之前版本存在SQL注入漏洞,该漏洞源于在SQL语句使用某些参数之前,没有正确地清理和转义这些参数从而导致SQL注入,攻击者可获取账号密码等敏感信息。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wordpress.org/plugins/build-app-online/。","SQL注入","WordPress plugin Build App Online admin-ajax.php vendor SQL Vulnerability (CVE-2022-3241)","WordPress plugin Build App Online is a plugin that helps you create and run mobile apps for woocommerce.WordPress plugin Build App Online version before 1.0.19 has a SQL injection vulnerability. The vulnerability stems from the fact that some parameters are not properly cleaned and escaped before the SQL statement uses them, resulting in SQL injection, and the attacker can obtain sensitive information such as account passwords. information.","wordpress-plugin-build-app-online","WordPress plugin Build App Online version before 1.0.19 has a SQL injection vulnerability. The vulnerability stems from the fact that some parameters are not properly cleaned and escaped before the SQL statement uses them, resulting in SQL injection, and the attacker can obtain sensitive information such as account passwords. information.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wordpress.org/plugins/build-app-online/.","SQL Injection","CVE-2022-3241","body=""wp-content/plugins/build-app-online""","327","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress Nirweb support 插件 admin-ajax.php 文件 id_form 参数SQL注入漏洞(CVE-2022-0781)","WordPress plugin Nirweb support 是一款拥有销售、支持、管理等功能的插件。WordPress plugin Nirweb support 2.8.2 之前版本存在SQL注入漏洞,该漏洞源于未对参数进行清理和转义,攻击者利用该漏洞可导致 SQL 注入攻击。","wordpress-plugin-nirweb-support","WordPress plugin Nirweb support 2.8.2 之前版本存在SQL注入漏洞,该漏洞源于未对参数进行清理和转义,攻击者利用该漏洞可导致 SQL 注入攻击。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wpscan.com/plugin/nirweb-support。","SQL注入","WordPress plugin Nirweb support admin-ajax.php id_form SQL Injection Vulnerability (CVE-2022-0781)","WordPress plugin Nirweb support is a plugin with sales, support, management and other functions.There is a SQL injection vulnerability in versions before WordPress plugin Nirweb support 2.8.2. The vulnerability stems from the failure to clean and escape parameters. Attackers exploiting this vulnerability can lead to SQL injection attacks.","wordpress-plugin-nirweb-support","There is a SQL injection vulnerability in versions before WordPress plugin Nirweb support 2.8.2. The vulnerability stems from the failure to clean and escape parameters. Attackers exploiting this vulnerability can lead to SQL injection attacks.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wpscan.com/plugin/nirweb-support.","SQL Injection","CVE-2022-0781","body=""wp-content/plugins/nirweb-support""","408","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress 主题 Listingo listingo_temp_uploader 功能任意文件上传漏洞(CVE-2022-3921)","WordPress theme Listingo 是一款显示商业列表和目录的WordPress主题。WordPress theme Listingo 3.2.7之前版本存在代码问题漏洞,该漏洞源于不会验证要通过AJAX操作上传的文件,攻击者可上传恶意webshell获取服务器权限。","wordpress-theme-listingo","WordPress theme Listingo 3.2.7之前版本存在代码问题漏洞,该漏洞源于不会验证要通过AJAX操作上传的文件,攻击者可上传恶意webshell获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f。","文件上传","WordPress theme Listingo listingo_temp_uploader File Upload Vulnerability (CVE-2022-3921)","WordPress theme Listingo is a WordPress theme for displaying business listings and directories.WordPress theme Listingo version before 3.2.7 has a code problem vulnerability. The vulnerability is caused by not verifying the files to be uploaded through AJAX operations. Attackers can upload malicious webshells to obtain server permissions.","wordpress-theme-listingo","WordPress theme Listingo version before 3.2.7 has a code problem vulnerability. The vulnerability is caused by not verifying the files to be uploaded through AJAX operations. Attackers can upload malicious webshells to obtain server permissions.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wpscan.com/vulnerability/e39b59b0-f24f-4de5-a21c-c4de34c3a14f.","File Upload","CVE-2022-3921","body=""wp-content/themes/listingo""","209","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"dst-admin cavesConsole 远程命令执行漏洞(CVE-2023-0646)","dst-admin是qinming99个人开发者的一个用 Java 语言编写的 web 程序。dst-admin 1.5.0版本存在命令注入漏洞,该漏洞源于文件home/cavesConsole存在未知功能,通过参数command可以进行命令注入,攻击者可获取服务器权限。","dst-admin","dst-admin 1.5.0版本存在命令注入漏洞,该漏洞源于文件home/cavesConsole存在未知功能,通过参数command可以进行命令注入,攻击者可获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/qinming99/dst-admin。","命令执行","dst-admin cavesConsole RCE Vulnerability (CVE-2023-0646)","dst-admin is a web program written in Java language by the individual developer of qinming99.There is a command injection vulnerability in dst-admin version 1.5.0. The vulnerability comes from the unknown function of the file home/cavesConsole. Command injection can be performed through the parameter command, and the attacker can obtain server privileges.","dst-admin","There is a command injection vulnerability in dst-admin version 1.5.0. The vulnerability comes from the unknown function of the file home/cavesConsole. Command injection can be performed through the parameter command, and the attacker can obtain server privileges.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://github.com/qinming99/dst-admin.","Command Execution","CVE-2023-0646","title==""饥荒管理后台""","1980","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"dst-admin kickPlayer 远程命令执行漏洞(CVE-2023-0647)","dst-admin是qinming99个人开发者的一个用 Java 语言编写的 web 程序。dst-admin 1.5.0版本存在命令注入漏洞,该漏洞源于文件home/kickPlayer存在未知功能,通过参数command可以进行命令注入,攻击者可获取服务器权限。","dst-admin","dst-admin 1.5.0版本存在命令注入漏洞,该漏洞源于文件home/kickPlayer存在未知功能,通过参数command可以进行命令注入,攻击者可获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/qinming99/dst-admin。","命令执行","dst-admin kickPlayer RCE Vulnerability (CVE-2023-0647)","dst-admin is a web program written in Java language by the individual developer of qinming99.There is a command injection vulnerability in dst-admin version 1.5.0. The vulnerability comes from the unknown function of the file home/kickPlayer. Command injection can be performed through the parameter command, and the attacker can obtain server privileges.","dst-admin","There is a command injection vulnerability in dst-admin version 1.5.0. The vulnerability comes from the unknown function of the file home/kickPlayer. Command injection can be performed through the parameter command, and the attacker can obtain server privileges.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://github.com/qinming99/dst-admin.","Command Execution","CVE-2023-0647","title==""饥荒管理后台""","1980","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"VNC 远程桌面系统弱口令漏洞","VNC为一种使用RFB协议的屏幕画面分享及远程操作软件。此软件借由网络,可发送键盘与鼠标的动作及即时的屏幕画面。VNC与操作系统无关,因此可跨平台使用,例如可用Windows连线到某Linux的电脑,反之亦同。甚至在没有安装客户端程序的电脑中,只要有支持JAVA的浏览器,都可以使用。该产品存在弱口令,攻击者可利用弱口令密码进入系统,查看系统信息,修改系统配置,影响用户使用。","VNC","VNC产品存在弱口令,攻击者可利用弱口令密码进入系统,查看系统信息,修改系统配置,影响用户使用。","1、修改口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该服务。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","弱口令","VNC remote desktop system week password vulnerability","VNC is a screen sharing and remote operation software using RFB protocol. This software can send keyboard and mouse movements and real-time screen images through the network. VNC has nothing to do with the operating system, so it can be used across platforms, for example, you can use Windows to connect to a Linux computer, and vice versa. Even in a computer without a client program installed, as long as there is a browser that supports JAVA, it can be used.The product has weak passwords, and attackers can use the 123456 password to enter the system, view system information, and modify system configuration, which affects the use of users.","VNC","The product has weak passwords, and attackers can use the 123456 password to enter the system, view system information, and modify system configuration, which affects the use of users.","1. Modify the empty password. The password should preferably contain uppercase and lowercase letters, numbers and special characters, and the number of digits is greater than 8. 2. If it is not necessary, it is forbidden to access the service from the public network. 3. Set access policies and whitelist access through security devices such as firewalls.","Weak Password","","(protocol=""vnc"" || body=""<APPLET code=VncViewer.class archive=VncViewer.jar"")","2611848","","","[]" |
|
"EasyCVR智能边缘网关默认口令漏洞","EasyCVR智能边缘网关是TSINGSEE青犀视频旗下软硬一体的一款产品,可提供多协议(RTSP/RTMP/GB28181/海康Ehome/大华、海康SDK等)的设备视频接入、采集、AI智能检测、处理、分发等服务。EasyCVR视频管理平台视频管理平台存在默认口令,攻击者可利用默认口令 easycvr/easycvr 登录至管理界面。","EasyCVR智能边缘网关","EasyCVR视频管理平台视频管理平台存在默认口令,攻击者可利用默认口令 easycvr/easycvr 登录至管理界面。","1、修改口令强度。","默认口令","EasyCVR default password","EasyCVR intelligent edge gateway is a product of TSINGSEE's software and hardware integration, which can provide multi-protocol (RTSP/RTMP/GB28181/Haikang Ehome/Dahua, Haikang SDK, etc.) device video access, Collection, AI intelligent detection, processing, distribution and other services.The EasyCVR video management platform has a default password vulnerability, where attackers can exploit the default credentials ""easycvr/easycvr"" to log in to the administration interface.","EasyCVR","The EasyCVR video management platform has a default password vulnerability, where attackers can exploit the default credentials ""easycvr/easycvr"" to log in to the administration interface.","1. Modify the password strength. ","Default Password",""," body=""EasyGBS"" || body=""EasyDarwin.Body"" || body=""EasyCVR""","25111","8.6","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Apache Solr Velocity 模版注入漏洞(CVE-2019-17558)","Apache Solr是美国阿帕奇(Apache)基金会的一款基于Lucene(一款全文搜索引擎)的搜索服务器。该产品支持层面搜索、垂直搜索、高亮显示搜索结果等。Apache Solr 5.0.0版本至8.3.1版本中存在注入漏洞。攻击者可借助Velocity模板利用该漏洞在系统上执行任意代码。","APACHE-Solr","Apache Solr 5.0.0版本至8.3.1版本中存在注入漏洞。攻击者可借助Velocity模板利用该漏洞在系统上执行任意代码。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://issues.apache.org/jira/browse/SOLR-13971","代码执行","Apache Solr Velocity Template Injection Vulnerability (CVE-2019-17558)","Apache Solr is a search server based on Lucene, developed by the Apache Software Foundation. The software supports features such as faceted search, vertical search, and highlighting of search results.A vulnerability has been discovered in Apache Solr versions 5.0.0 to 8.3.1 that allows injection attacks. Attackers can exploit this vulnerability using Velocity templates to execute arbitrary code on the system.","APACHE-Solr","A vulnerability has been discovered in Apache Solr versions 5.0.0 to 8.3.1 that allows injection attacks. Attackers can exploit this vulnerability using Velocity templates to execute arbitrary code on the system.","The vendor has released a patch to fix the vulnerability, and the patch can be obtained from the following link: https://issues.apache.org/jira/browse/SOLR-13971","Code Execution","CVE-2019-17558","title=""Solr Admin"" || body=""SolrCore Initialization Failures"" || body=""app_config.solr_path"" || (banner=""/solr/"" && banner=""Location"" && banner!=""couchdb"" && banner!=""drupal"")","1128540","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"红帆-ioffice ioAssistance2.asmx 文件 SQL 注入漏洞","红帆OA 是一款为医院提供OA功能,完成信息发布、流程审批、公文管理、日程管理、工作安排、文件传递、在线沟通等行政办公业务。红帆OA ioAssistance2.asmx文件存在SQL注入漏洞,攻击者可获取数据库密码等信息以及执行命令获取服务器权限。","红帆-ioffice","红帆OA ioAssistance2.asmx文件存在SQL注入漏洞,攻击者可获取数据库密码等信息以及执行命令获取服务器权限。","目前厂商已发布安全补丁请及时关注官网更新:http://www.ioffice.cn/。","SQL注入","iOffice OA ioAssistance2.asmx SQL Injection Vulnerability","Hongfan OA is an oA function that provides hospitals with information release, process approval, document management, schedule management, work arrangement, file delivery, online communication and other administrative office services.There is a SQL injection vulnerability in the Hongfan OA ioAssistance2.asmx file. An attacker can obtain information such as database passwords and execute commands to obtain server permissions.","ioffice","There is a SQL injection vulnerability in the Hongfan OA ioAssistance2.asmx file. An attacker can obtain information such as database passwords and execute commands to obtain server permissions.","At present, the manufacturer has released security patches, please pay attention to the official website for updates: http://www.ioffice.cn/.","SQL Injection","","title=""iOffice.net"" || body=""/iOffice/js"" || (body=""iOffice.net"" && header!=""couchdb"" && header!=""drupal"") || body=""iOfficeOcxSetup.exe"" || body=""Hongfan. All Rights Reserved""","261","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"VMware VRealize Network Insight saasresttosaasservlet 远程命令执行漏洞(CVE-2022-31702)","VMware Aria Operations是美国威睿(VMware)公司的一个统一的、人工智能驱动的自动驾驶 IT 运营管理平台,适用于私有云、混合云和多云环境。VMware Aria Operations Networks 6.x系列版本 saasresttosaasservlet 处存在安全漏洞,攻击者利用该漏洞可以执行命令注入攻击,从而导致远程代码执行。","vmware-vRealize-Network-Insight","VMware Aria Operations Networks 6.x系列版本 saasresttosaasservlet 处存在安全漏洞,攻击者利用该漏洞可以执行命令注入攻击,从而导致远程代码执行。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.vmware.com/security/advisories/VMSA-2022-0031.html","命令执行","VMware VRealize Network Insight saasresttosaasservlet Remote Command Execution Vulnerability (CVE-2022-31702)","VMware Aria Operations is a unified, AI-driven autonomous IT operations management platform from VMware Inc. It is designed for private cloud, hybrid cloud, and multi-cloud environments.A security vulnerability exists in the saasresttosaasservlet component of VMware Aria Operations Networks 6.x series versions, which allows attackers to execute command injection attacks and subsequently result in remote code execution.","VMware-VRealize-Network-Insight","A security vulnerability exists in the saasresttosaasservlet component of VMware Aria Operations Networks 6.x series versions, which allows attackers to execute command injection attacks and subsequently result in remote code execution.","The vendor has released a vulnerability fix, please pay attention to updating in time at: https://www.vmware.com/security/advisories/VMSA-2022-0031.html","Command Execution","CVE-2022-31702","title=""VMware vRealize Network Insight"" || body=""vneraapp/assets/fonts/bootstrap/glyphicons-halflings-regular"" || title=""Operations for Networks""","32","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"VMware VRealize Network Insight resttosaasservlet 远程命令执行漏洞(CVE-2023-20887)","VMware Aria Operations是美国威睿(VMware)公司的一个统一的、人工智能驱动的自动驾驶 IT 运营管理平台,适用于私有云、混合云和多云环境。VMware Aria Operations Networks 6.x系列版本 saasresttosaasservlet 处存在安全漏洞,攻击者利用该漏洞可以执行命令注入攻击,从而导致远程代码执行。","vmware-vRealize-Network-Insight","VMware Aria Operations Networks 6.x系列版本 saasresttosaasservlet 处存在安全漏洞,攻击者利用该漏洞可以执行命令注入攻击,从而导致远程代码执行。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.vmware.com/security/advisories/VMSA-2023-0012.html","命令执行","VMware VRealize Network Insight resttosaasservlet Remote Command Execution Vulnerability (CVE-2023-20887)","VMware Aria Operations is a unified, AI-driven autonomous IT operations management platform from VMware Inc. It is designed for private cloud, hybrid cloud, and multi-cloud environments.A security vulnerability exists in the /saas./resttosaasservlet component of VMware Aria Operations Networks 6.x series versions, which allows attackers to execute command injection attacks and subsequently result in remote code execution.","VMware-VRealize-Network-Insight","A security vulnerability exists in the saasresttosaasservlet component of VMware Aria Operations Networks 6.x series versions, which allows attackers to execute command injection attacks and subsequently result in remote code execution.","The vendor has released a vulnerability fix, please pay attention to updating in time at: https://www.vmware.com/security/advisories/VMSA-2023-0012.html","Command Execution","CVE-2023-20887","title=""VMware vRealize Network Insight"" || body=""vneraapp/assets/fonts/bootstrap/glyphicons-halflings-regular"" || title=""Operations for Networks""","32","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/111-0mksh1xz.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"RocketMQ Broker rocketmqHome Config 远程命令执行漏洞(CVE-2023-33246)","Apache RocketMQ是美国 Apache 基金会的一款轻量级的数据处理平台和消息传递引擎。 Apache RocketMQ 5.1.0及之前版本存在代码注入漏洞,该漏洞源于存在远程命令执行漏洞,攻击者可以利用该漏洞利用更新配置功能以系统用户身份执行命令。","RocketMq-console-ng","Apache RocketMQ 5.1.0及之前版本存在代码注入漏洞,该漏洞源于存在远程命令执行漏洞,攻击者可以利用该漏洞利用更新配置功能以系统用户身份执行命令。","目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:https://github.com/apache/rocketmq","命令执行","RocketMQ Broker rocketmqHome Config Remote Command Execution Vulnerability (CVE-2023-33246)","Apache RocketMQ is a lightweight data processing platform and messaging engine developed by the Apache Software Foundation in the United States.There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function.","RocketMq-Console-Ng","There is a code injection vulnerability in Apache RocketMQ 5.1.0 and earlier versions, which originates from a remote command execution vulnerability. Attackers can exploit this vulnerability to execute commands with system user privileges using the update configuration function.","Currently, the vendor has released an upgrade patch to fix the vulnerability. For more details, please visit the vendor's homepage at https://github.com/apache/rocketmq.","Command Execution","CVE-2023-33246","protocol=""rocketmq-broker""","10087","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/kwd1r-655dm-svxi8ho0.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress Wholesale Market 插件 ced_cwsm_csv_import_export_module_download_error_log 任意文件读取漏洞(CVE-2022-4298)","WordPress plugin Wholesale Market 是一个woocommerce扩展插件,使您的商店能够创建批发用户,并通过设置产品的批发价格。WordPress plugin Wholesale Market 2.2.1之前版本存在路径遍历漏洞,该漏洞源于没有进行授权检查,也不会验证用户输入。攻击者利用该漏洞可以从服务器下载任意文件。","wordpress-plugin-wholesale-market","WordPress plugin Wholesale Market 2.2.1之前版本存在路径遍历漏洞,该漏洞源于没有进行授权检查,也不会验证用户输入。攻击者利用该漏洞可以从服务器下载任意文件。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wordpress.org/plugins/wholesale-market/。","文件读取","WordPress plugin Wholesale Market ced_cwsm_csv_import_export_module_download_error_log File Read Vulnerability (CVE-2022-4298)","The WordPress plugin Wholesale Market is a woocommerce extension plugin that enables your store to create wholesale users and set wholesale prices for products by.The WordPress plugin Wholesale Market version prior to 2.2.1 has a path traversal vulnerability, which is caused by not performing authorization checks and not validating user input. Attackers exploit this vulnerability to download arbitrary files from the server.","wordpress-plugin-wholesale-market","The WordPress plugin Wholesale Market version prior to 2.2.1 has a path traversal vulnerability, which is caused by not performing authorization checks and not validating user input. Attackers exploit this vulnerability to download arbitrary files from the server.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wordpress.org/plugins/wholesale-market/.","File Read","CVE-2022-4298","body=""wp-content/plugins/wholesale-market""","120","9.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-rwcb0eq2.gif""/></div><p></p>","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"WordPress User Verification 插件 user_verification_send_otp 页面认证绕过漏洞(CVE-2022-4693)","WordPress plugins User Verification 是一款用于保护您的网站免受垃圾邮件用户的侵害,并通过使用垃圾邮件电子邮件地址阻止即时访问的插件。WordPress plugins User Verification 1.0.94 版本之前存在授权问题漏洞,该漏洞源于登陆验证可以被绕过。","WordPress-plugins-User-Verification","WordPress plugins User Verification 1.0.94 版本之前存在授权问题漏洞,该漏洞源于登陆验证可以被绕过。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wordpress.org/plugins/user-verification/。","权限绕过","WordPress plugins User Verification Authentication Bypass Vulnerability (CVE-2022-4693)","WordPress plugins User Verification is a plugin to protect your website from spam users and block instant access by using spam email addresses.There is an authorization problem vulnerability in WordPress plugins User Verification before version 1.0.94. The vulnerability stems from the fact that login verification can be bypassed.","WordPress-plugins-User-Verification","There is an authorization problem vulnerability in WordPress plugins User Verification before version 1.0.94. The vulnerability stems from the fact that login verification can be bypassed.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wordpress.org/plugins/user-verification/.","Permission Bypass","CVE-2022-4693","body=""wp-content/plugins/user-verification""","707","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-latuzr3y.gif""/></div><p></p>","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"WordPress User Post Gallery 插件 upg_datatable 远程代码执行漏洞(CVE-2022-4060)","WordPress plugins User Post Gallery 是一款让用户从前端选择相册、生成标签、上传图片、视频的插件。WordPress plugin User Post Gallery 2.19及之前版本存在代码注入漏洞,该漏洞源于callback函数允许任意用户调用,攻击者利用该漏洞可以在它的站点上运行代码。","WordPress-plugins-User-Post-Gallery","WordPress plugin User Post Gallery 2.19及之前版本存在代码注入漏洞,该漏洞源于callback函数允许任意用户调用,攻击者利用该漏洞可以在它的站点上运行代码。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wordpress.org/plugins/wp-upg/。","代码执行","WordPress plugins User Post Gallery upg_datatable RCE Vulnerability (CVE-2022-4060)","WordPress plugins User Post Gallery is a plugin that allows users to select albums, generate tags, upload pictures and videos from the front end.There is a code injection vulnerability in WordPress plugin User Post Gallery 2.19 and earlier versions. The vulnerability stems from the fact that the callback function allows any user to call it. Attackers can use this vulnerability to run code on its site.","WordPress-plugins-User-Post-Gallery","There is a code injection vulnerability in WordPress plugin User Post Gallery 2.19 and earlier versions. The vulnerability stems from the fact that the callback function allows any user to call it. Attackers can use this vulnerability to run code on its site.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wordpress.org/plugins/wp-upg/.","Code Execution","CVE-2022-4060","body=""wp-content/plugins/wp-upg""","383","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-sduqeyfo.gif""/></div><p></p>","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"PandoraFMS 软件 upload_head_image.php 任意文件上传漏洞","PandoraFMS是美国PandoraFMS的一个应用软件。提供一个监控功能。PandoraFMS upload_head_image.php 存在未授权文件上传漏洞,攻击者可上传恶意木马获取服务器权限。","PANDORAFMS-产品","PandoraFMS upload_head_image.php 存在未授权文件上传漏洞,攻击者可上传恶意木马获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://pandorafms.com/。","文件上传","PandoraFMS upload_head_image.php Arbitrary File Upload Vulnerability","PandoraFMS is an application software of American PandoraFMS. Provides a monitoring function.There is an unauthorized file upload vulnerability in PandoraFMS upload_head_image.php. Attackers can upload malicious Trojan horses to obtain server permissions.","PANDORAFMS-Products","There is an unauthorized file upload vulnerability in PandoraFMS upload_head_image.php. Attackers can upload malicious Trojan horses to obtain server permissions.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://pandorafms.com/.","File Upload","","body=""pandora_console/""","768","9.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-q0i18gtp.gif""/></div><p></p>","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"网神SecGate 3600防火墙 sys_export_conf_local_save 文件读取漏洞","网神SecGate 3600防火墙是基于状态检测包过滤和应用级代理的复合型硬件防火墙,是专门面向大中型企业、政府、军队、高校等用户开发的新一代专业防火墙设备,支持外部攻击防范、内网安全、网络访问权限控制、网络流量监控和带宽管理、动态路由、网页内容过滤、邮件内容过滤、IP冲突检测等功能,能够有效地保证网络的安全;产品提供灵活的网络路由/桥接能力,支持策略路由,多出口链路聚合;提供多种智能分析和管理手段,支持邮件告警,支持日志审计,提供全面的网络管理监控,协助网络管理员完成网络的安全管理。网神SecGate 3600防火墙存在文件读取漏洞,攻击者可以通过该漏洞获取服务器敏感信息。","网神SecGate-3600防火墙","网神SecGate 3600防火墙存在文件读取漏洞,攻击者可以通过该漏洞获取服务器敏感信息。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.legendsec.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","Netgod SecGate 3600 Firewall sys_export_conf_local_save File Read Vulnerability","Netgod SecGate 3600 firewall is a composite hardware firewall based on status detection packet filtering and application level agents. It is a new generation of professional firewall equipment specially developed for large and medium-sized enterprises, governments, military, universities and other users. It supports external attack prevention, internal network security, network access control, network traffic monitoring and bandwidth management, dynamic routing, web content filtering, email content filtering, IP conflict detection and other functions, It can effectively ensure the security of the network; The product provides flexible network routing/bridging capabilities, supports policy routing and multi outlet link aggregation; It provides a variety of intelligent analysis and management methods, supports email alarm, supports log audit, provides comprehensive network management monitoring, and assists network administrators in completing network security management.There is a file reading vulnerability in the Netgod SecGate 3600 firewall, which allows attackers to obtain sensitive information from the server.","legendsec-Secgate-3600-firewall","There is a file reading vulnerability in the Netgod SecGate 3600 firewall, which allows attackers to obtain sensitive information from the server.","1. The vulnerability has not been repaired officially. Please contact the manufacturer to repair the vulnerability: https://www.legendsec.com/2. Set access policies and white list access through security devices such as firewalls.3. If it is not necessary, public network access to the system is prohibited.","File Read","","title=""网神SecGate 3600防火墙""","738","8.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-b1y7qajo.gif""/></div><p></p>","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"泛微OA办公系统 PluginViewServlet 认证绕过漏洞","泛微OA 是一款专业强大的多功能办公管理软件,支持移动审批、考勤、查阅、共享等功能,有效的提高了用户的办公效率。泛微OA weaver.mobile.plugin.ecology.service.PluginViewServlet存在认证绕过漏洞,攻击者可实现任意登录获取管理员权限。","泛微-协同商务系统","泛微OA weaver.mobile.plugin.ecology.service.PluginViewServlet存在认证绕过漏洞,攻击者可实现任意登录获取管理员权限。","厂商已发布安全补丁,请及时关注官网更新:https://www.weaver.com.cn/。","权限绕过","Weaver OA PluginViewServlet Authentication Bypass Vulnerability","Weaver OA is a professional and powerful multi-functional office management software that supports mobile approval, attendance, query, sharing and other functions, effectively improving the user's office efficiency.There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges.","Wild-Collaborative-Business-System","There is an authentication bypass vulnerability in Panwei OA weaver.mobile.plugin.ecology.service.PluginViewServlet, and attackers can log in arbitrarily to obtain administrator privileges.","The manufacturer has released security patches, please pay attention to the official website for updates: https://www.weaver.com.cn/.","Permission Bypass","","(header=""testBanCookie"" || banner=""testBanCookie"" || body=""/wui/common/css/w7OVFont.css"" || (body=""typeof poppedWindow"" && body=""client/jquery.client_wev8.js"") || body=""/theme/ecology8/jquery/js/zDialog_wev8.js"" || body=""ecology8/lang/weaver_lang_7_wev8.js"")","45034","8.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-0safsswh.gif""/></div><p></p>","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"Avaya Aura Device Services r软件 PhoneBackup 任意文件上传漏洞","Avaya Aura Device Services是美国Avaya公司的一个应用软件。提供一个管理 Avaya 端点功能。Avaya Aura Device Services 7.0至8.1.4.0版本存在安全漏洞,攻击者可绕过验证上传任意文件获取服务器权限。","AVAYA-Aura-Utility-Server","Avaya Aura Device Services 7.0至8.1.4.0版本存在安全漏洞,攻击者可绕过验证上传任意文件获取服务器权限。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://support.avaya.com/。","文件上传","Avaya Aura Device Services PhoneBackup File Upload Vulnerability","Avaya Aura Device Services is an application software of Avaya Corporation in the United States. Provides a function to manage Avaya endpoints.Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions.","AVAYA-Aura-Utility-Server","Avaya Aura Device Services versions 7.0 to 8.1.4.0 have security vulnerabilities. Attackers can bypass authentication and upload arbitrary files to obtain server permissions.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://support.avaya.com/.","File Upload","","((body=""vmsTitle\"">Avaya Aura™ Utility Server"" || body=""/webhelp/Base/Utility_toc.htm"" || (body=""Avaya Aura® Utility Services"" && body=""Avaya Inc. All Rights Reserved"")) && body!=""Server: couchdb"")","565","9.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-pgnylmsp.gif""/></div><p></p>","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"WordPress Extensive VC Addons 插件 options[template] 文件包含漏洞","Extensive VC 是一款功能强大的 WordPress 工具,可让您在网站上添加独特、灵活且响应迅速的简码元素。Extensive VC Addons插件 < 1.9.1 版本 options[template] 文件存在文件包含漏洞,攻击者可通过该漏洞读取泄露源码、数据库配置文件等等,导致网站处于极度不安全状态。","wordpress-plugin-extensive-vc-addon","Extensive VC Addons插件 < 1.9.1 版本 options[template] 文件存在文件包含漏洞,攻击者可通过该漏洞读取泄露源码、数据库配置文件等等,导致网站处于极度不安全状态。","厂商已发布了漏洞修复程序,请及时关注更新:https://wordpress.org/plugins/extensive-vc-addon","文件读取,文件包含","WordPress Plugin Extensive VC Addons File Inclusion Vulnerability","Extensive VC is a powerful WordPress tool which allows you to add unique, flexible and fully responsive shortcode elements on your site.Extensive VC Addons < 1.9.1 is vulnerable to Local File Inclusion.","wordpress-plugin-extensive-vc-addon","Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website.","The vendor has released a bug fix, please pay attention to the update in time:https://wordpress.org/plugins/extensive-vc-addon","File Read,File Inclusion","","body=""wp-content/plugins/extensive-vc-addon""","2583","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-guxu7qlm.gif""/></div><p></p>","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"泛微E-office协同办公系统 download.php 文件 filename 参数文件读取漏洞","泛微E-office协同办公系统是一款专业的办公软件,是面向小型企业或团队的工作平台。泛微E-office协同办公系统存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","泛微-EOffice","泛微E-office协同办公系统存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.weaver.com.cn/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件读取","Weaver E-office Office Automation System download.php filename file read vulnerability","Weaver E-office Office Automation System is a professional office software, is for small business or team work platform.There are file reading vulnerabilities in the Weaver E-office Office Automation System.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","Weaver-EOffice","There are file reading vulnerabilities in the Weaver E-office Office Automation System.Attackers can use this vulnerability to read important system files (such as database configuration files, system configuration files), database configuration files, etc., resulting in an extremely insecure state of the website.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://www.weaver.com.cn/2. Set access policies and whitelist access through security devices such as firewalls.3. If not necessary, prohibit public network access to the system.","File Read","","((header=""general/login/index.php"" || body=""/general/login/view//images/updateLoad.gif"" || (body=""szFeatures"" && body=""eoffice"") || header=""Server: eOffice"") && body!=""Server: couchdb"") || banner=""general/login/index.php""","4971","5.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E6%B3%9B%E5%BE%AEE-office%E5%8D%8F%E5%90%8C%E5%8A%9E%E5%85%AC%E7%B3%BB%E7%BB%9F-download.php-%E6%96%87%E4%BB%B6-filename-%E5%8F%82%E6%95%B0%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E-keysjjtv.gif""/></div><p></p>","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"电信网关配置管理系统后台 /manager/teletext/material/upload.php 文件上传漏洞","中国电信集团有限公司(英文名称“China Telecom”、简称“中国电信”)成立于2000年9月,是中国特大型国有通信企业、上海世博会全球合作伙伴。 电信网关配置管理系统后台 /manager/teletext/material/upload.php 存在文件上传漏洞,攻击者可以利用文件上传漏洞获取系统权限。","telecom-gateway","电信网关配置管理系统后台存在文件上传漏洞,攻击者可以利用文件上传漏洞获取系统权限。","厂家尚未发布修复补丁,请及时关注厂商更新补丁:http://www.chinatelecom.com.cn/","文件上传","Telecom system /manager/teletext/material/upload.php fileupload vulnerability","China Telecom Group Co., Ltd. (English name ""China Telecom"", referred to as ""China Telecom"") was established in September 2000. It is a large state-owned telecommunications company in China and a global partner of the Shanghai World Expo.There is a file upload vulnerability in the background of the telecom gateway configuration management system. An attacker can exploit this vulnerability to obtain a device shell.","telecom-gateway","China Telecom Group Co., Ltd. (English name ""China Telecom"", referred to as ""China Telecom"") was established in September 2000. It is a large state-owned telecommunications company in China and a global partner of the Shanghai World Expo.There is a file upload vulnerability in the background of the telecom gateway configuration management system. An attacker can exploit this vulnerability to obtain a device shell.","The manufacturer has not yet provided a bug fix solution, please pay attention to the manufacturer's homepage for timely updates: http://www.chinatelecom.com.cn/","File Upload","","body=""img/login_bg3.png"" && body=""系统登录""","856","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Telecom-system-%3Amanager%3Ateletext%3Amaterial%3Aupload.php-fileupload-vulnerability--tqxg3usq.gif""/></div><p></p>","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"XETUX 软件 dynamiccontent.properties.xhtml 远程代码执行漏洞","XETUX 是一个全面的解决方案,包括一套安全、强大和可监控的软件程序,专为自动控制餐厅和零售而设计和开发。XETUX 存在代码执行漏洞,攻击者可通过 dynamiccontent.properties.xhtml 执行任意代码获取服务器权限。","XETUX","XETUX 存在代码执行漏洞,攻击者可通过 dynamiccontent.properties.xhtml 执行任意代码获取服务器权限。","厂商已发布安全补丁,请及时关注官网更新:https://xetux.com/。","代码执行","XETUX dynamiccontent.properties.xhtml RCE","XETUX is a comprehensive solution comprising a set of safe, powerful and monitorable software programs, designed and developed for automatic control of restaurants and retail.There is a code execution vulnerability in XETUX, an attacker can execute arbitrary code through dynamiccontent.properties.xhtml to gain server privileges.","XETUX","There is a code execution vulnerability in XETUX, an attacker can execute arbitrary code through dynamiccontent.properties.xhtml to gain server privileges.","The manufacturer has released security patches, please pay attention to the official website for updates: https://xetux.com/.","Code Execution","","title=""@XETUX"" && title=""XPOS"" && body = ""BackEnd""","2002","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"maxView Storage Manager 系统 dynamiccontent.properties.xhtml 远程代码执行漏洞","maxView Storage Manager 是一款企业存储和通信解决方案的管理系统。maxView Storage Manager 存在代码执行漏洞,攻击者可通过 dynamiccontent.properties.xhtml 执行任意代码获取服务器权限。","maxView-Storage-Manager","maxView Storage Manager 存在代码执行漏洞,攻击者可通过 dynamiccontent.properties.xhtml 执行任意代码获取服务器权限。","厂商已发布安全补丁,请及时关注官网更新:https://www.microsemi.com/。","代码执行","maxView Storage Manager dynamiccontent.properties.xhtml RCE","maxView Storage Manager is a management system for enterprise storage and communication solutions.There is a code execution vulnerability in maxView Storage Manager, an attacker can execute arbitrary code through dynamiccontent.properties.xhtml to gain server privileges.","maxView-Storage-Manager","There is a code execution vulnerability in maxView Storage Manager, an attacker can execute arbitrary code through dynamiccontent.properties.xhtml to gain server privileges.","The manufacturer has released a security patch. Please pay attention to the official website for updates:https://www.microsemi.com/。","Code Execution","","title=""maxView Storage Manager - Login""","1465","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/maxView-Storage-8fziw92v.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress Plugin LearnPress archive-course 文件包含漏洞(CVE-2022-47615)","LearnPress 是适用于 WordPress 的综合性 WordPress LMS 插件。 这是最好的 WordPress LMS 插件之一,可用于轻松创建和在线销售课程。WordPress LearnPress 插件 <= 4.1.7.3.2存在文件包含漏洞,攻击者利用该漏洞可获取敏感文件。","wordpress-plugin-learnpress","攻击者可通过该漏洞读取泄露源码、数据库配置文件等等,导致网站处于极度不安全状态。","厂商已发布了漏洞修复程序,请及时关注更新:https://wordpress.org/plugins/learnpress","文件读取,文件包含","WordPress Plugin LearnPress archive-course File Inclusion Vulnerability (CVE-2022-47615)","LearnPress is a comprehensive WordPress LMS Plugin for WordPress. This is one of the best WordPress LMS Plugins which can be used to easily create & sell courses online.WordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File Inclusion.","wordpress-plugin-learnpress","Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website.","The vendor has released a bug fix, please pay attention to the update in time:https://wordpress.org/plugins/learnpress","File Read,File Inclusion","CVE-2022-47615","body=""wp-content/plugins/learnpress""","48623","9.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"MDT KNX 管理面板默认口令","MDT是一家智能楼宇自动化服务商,基于KNX技术进行产品制造。其旗下产品的KNX-IP Interface/KNX-IP Object Server面板用于访问KNX总线系统中的每个总线设备,这些面板存在默认口令,恶意攻击者可接管目标面板系统。MDT Technologies 公司的 KNX-IP Interface、KNX-IP Object Server管理面板存在默认口令(admin),恶意攻击者使用该凭据可接管目标web系统。","DEFAULT-IP-PLATFORM","MDT Technologies 公司的 KNX-IP Interface、KNX-IP Object Server管理面板存在默认口令(admin),恶意攻击者使用该凭据可接管目标web系统","1、修改默认⼝令,密码最好包含⼤⼩写字⺟、数字和特殊字符等,且位数⼤于8位。2、如⾮必要,禁⽌公⽹访问该系统。3、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。","默认口令","MDT KNX manager panel default credentials vulnerability","MDT Technologies is an intelligent building automation service provider based on KNX technology for product manufacturing. Its KNX-IP Interface/ Knx-ip Object Server panel is used to access every bus device in the KNX bus system. These panels have default passwords and malicious attackers can take over the target panel system.Default passwords exist on the KNX-IP Interface and KNX-IP Object Server management panel of MDT Technologies. Malicious attackers can use these passwords to take over the target web system.","DEFAULT-IP-PLATFORM","Default passwords exist on the KNX-IP Interface and KNX-IP Object Server management panel of MDT Technologies. Malicious attackers can use these passwords to take over the target web system.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers and special characters, and the number of digits should be greater than 8. 2. If not necessary, prohibit public network access to the system. 3. Set access policies and whitelist access through security devices such as firewalls. ","Default Password","","title=""MDT Technologies GmbH"" && server=""DEFAULT IP PLATFORM""","1135","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/MDT-KNX-ojeqlirs.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Bifrost 中间件 X-Requested-With 系统身份认证绕过漏洞(CVE-2022-39267)","Bifrost是一款面向生产环境的 MySQL,MariaDB,kafka 同步到Redis,MongoDB,ClickHouse等服务的异构中间件,可通过删除请求头实现身份认证绕过,获取环境内配置各种数据库账户密码。","Bifrost","Bifrost是一款面向生产环境的 MySQL,MariaDB,kafka 同步到Redis,MongoDB,ClickHouse等服务的异构中间件,可通过删除请求头实现身份认证绕过,获取环境内配置各种数据库账户密码。","厂商已发布了漏洞修复程序,请及时关注更新:https://github.com/brokercap/Bifrost/security/advisories/GHSA-mxrx-fg8p-5p5j","权限绕过","Bifrost X-Requested-With Authentication Bypass Vulnerability (CVE-2022-39267)","Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With: XMLHttpRequest field in the request header. This issue has been patched in 1.8.8-release. There are no known workarounds.","Bifrost","Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB and Kafka to Redis, MongoDB, ClickHouse and other services for production environments. It can bypass identity authentication by deleting request headers and obtain passwords for various database accounts configured in the environment","https://github.com/brokercap/Bifrost/security/advisories/GHSA-mxrx-fg8p-5p5jhttps://github.com/brockercap/Bifrost/pull/201 ","Permission Bypass","CVE-2022-39267","body=""/dologin"" && body=""Bifrost""","14","8.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/CVE-2022-39267-rxrkjz1h.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"用友GRP-U8 软件 U8AppProxy 任意文件上传漏洞","用友GRP-U8管理软件是用友公司专注于国家电子政务事业,基于云计算技术所推出的新一代产品,是我国行政事业财务领域最专业的政府财务管理软件。用友GRP-U8管理软件 U8AppProxy 存在任意文件上传漏洞,攻击者可上传webshell获取服务器权限。","用友-GRP-U8","用友GRP-U8管理软件 U8AppProxy 存在任意文件上传漏洞,攻击者可上传webshell获取服务器权限。","目前厂商已发布安全补丁,请及时关注官网更新:https://www.yonyou.com/。","文件上传","yongyou GRP-U8 U8AppProxy Arbitrary file upload vulnerability","Yonyou GRP-U8 management software is a new generation of products launched by UFIDA focusing on national e-government affairs and based on cloud computing technology. It is the most professional government financial management software in the field of administrative affairs and finance in my country.UFIDA GRP-U8 management software U8AppProxy has an arbitrary file upload vulnerability, an attacker can upload a webshell to obtain server permissions.","yonyou-GRP-U8","UFIDA GRP-U8 management software U8AppProxy has an arbitrary file upload vulnerability, an attacker can upload a webshell to obtain server permissions.","At present, the manufacturer has released security patches, please pay attention to the official website for updates: https://www.yonyou.com/.","File Upload","","body=""window.location.replace(\""login.jsp?up=1\"")"" || body=""GRP-U8""","1308","9.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-pfuuvxpj.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress Events Made Easy 插件 admin-ajax.php 文件 lang 参数SQL注入漏洞(CVE-2022-1905)","Events Made Easy 是适用于 WordPress 的功能齐全的活动和会员管理解决方案。Events Made Easy 2.2.81存在未授权SQL注入漏洞。","wordpress-plugin-events-made-easy","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。 ","厂商已发布了漏洞修复程序,请及时关注更新:https://wordpress.org/plugins/events-made-easy/","SQL注入","WordPress Plugin Events Made Easy SQL Injection Vulnerability(CVE-2022-1905)","Events Made Easy is a full-featured event and membership management solution for WordPress.Events Made Easy 2.2.81 has an unauthorized SQL injection vulnerability.","wordpress-plugin-events-made-easy","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://wordpress.org/plugins/events-made-easy/","SQL Injection","CVE-2022-1905","body=""wp-content/plugins/events-made-easy""","4021","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WebLogic CoordinatorPortType 远程代码执行漏洞(CVE-2017-10271)","WebLogic Server是其中的一个适用于云环境和传统环境的应用服务器组件。由于WebLogic在部署过程中默认启用了WLS WebService组件,此组件使用了XMLDecoder来解析序列化数据,攻击者可以通过构造恶意的XML文件来实现远程命令执行,可能导致攻击者在服务器端任意执行代码,进而控制整个web服务器。","Weblogic_interface_7001","由于WebLogic在部署过程中默认启用了WLS WebService组件,此组件使用了XMLDecoder来解析序列化数据,攻击者可以通过构造恶意的XML文件来实现远程命令执行,可能导致攻击者在服务器端任意执行代码,进而控制整个web服务器。","目前厂商已发布升级补丁以修复漏洞,请用户安装补丁以修复漏洞,补丁获取链接:https://www.oracle.com/security-alerts/cpuoct2017.html","代码执行","WebLogic CoordinatorPortType Remote Code Execution Vulnerability (CVE-2017-3506)","WebLogic Server is one of the application server components suitable for both cloud and traditional environments.Due to the default activation of the WLS WebService component during the deployment process, WebLogic utilizes XMLDecoder to parse serialized data. Attackers can exploit this by constructing malicious XML files to achieve remote command execution, potentially allowing them to execute arbitrary code on the server and gain control over the entire web server.","Weblogic_interface_7001","Since WebLogic enables the WLS WebService component by default during the deployment process, this component uses XMLDecoder to parse the serialized data. An attacker can implement remote command execution by constructing a malicious XML file, which may cause the attacker to execute arbitrary code on the server side. And then control the entire web server.","Currently, the vendor has released an upgrade patch to fix the vulnerability. Users are advised to install the patch to address the vulnerability. You can obtain the patch from the following link: https://www.oracle.com/security-alerts/cpuoct2017.html","Code Execution","CVE-2017-10271","(body=""Welcome to WebLogic Server"") || (title==""Error 404--Not Found"") || (((body=""<h1>BEA WebLogic Server"" || server=""Weblogic"" || body=""content=\""WebLogic Server"" || body=""<h1>Welcome to Weblogic Application"" || body=""<h1>BEA WebLogic Server"") && header!=""couchdb"" && header!=""boa"" && header!=""RouterOS"" && header!=""X-Generator: Drupal"") || (banner=""Weblogic"" && banner!=""couchdb"" && banner!=""drupal"" && banner!="" Apache,Tomcat,Jboss"" && banner!=""ReeCam IP Camera"" && banner!=""<h2>Blog Comments</h2>"")) || (port=""7001"" && protocol==""weblogic"")","127705","7.5","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"WordPress Plugin IWS SQL注入漏洞(CVE-2022-4117)","iws-geo-form-fields是一个易于使用的 WordPress 插件,它使用 Ajax 动态填充表单中的选择字段,它可以在您的 WordPress 网站中添加国家 - 州 - 城市选择字段。iws-geo-form-fields <=1.0存在未授权SQL注入漏洞。","WordPress Plugin IWS SQL","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。 ","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://wordpress.org/plugins/iws-geo-form-fields/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","WordPress Plugin IWS SQL Injection Vulnerability (CVE-2022-4117)","iws-geo-form-fields is a easy to use WordPress plugin, It uses Ajax to dynamically populate Select fields in your form,It can add Country - State - City select field in your WordPress website.iws-geo-form-fields <=1.0 has an unauthorized SQL injection vulnerability.","WordPress Plugin IWS SQL","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:https://wordpress.org/plugins/iws-geo-form-fields/2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","SQL Injection","CVE-2022-4117","body=""wp-content/plugins/iws-geo-form-fields""","2186","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/WordPress-Plugin-IWS-SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2022-4117%EF%BC%89-enz30itt.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"网神SecGate 3600防火墙 文件上传漏洞","网神SecGate 3600防火墙是基于状态检测包过滤和应用级代理的复合型硬件防火墙,是专门面向大中型企业、政府、军队、高校等用户开发的新一代专业防火墙设备,支持外部攻击防范、内网安全、网络访问权限控制、网络流量监控和带宽管理、动态路由、网页内容过滤、邮件内容过滤、IP冲突检测等功能,能够有效地保证网络的安全;产品提供灵活的网络路由/桥接能力,支持策略路由,多出口链路聚合;提供多种智能分析和管理手段,支持邮件告警,支持日志审计,提供全面的网络管理监控,协助网络管理员完成网络的安全管理。网神SecGate 3600防火墙存在文件上传漏洞,攻击者可以通过该漏洞获取服务器控制权限。","网神SecGate-3600防火墙","网神SecGate 3600防火墙存在文件上传漏洞,攻击者可以通过该漏洞获取服务器控制权限。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:https://www.legendsec.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","文件上传","Netgod SecGate 3600 Firewall File Upload Vulnerability","Netgod SecGate 3600 firewall is a composite hardware firewall based on status detection packet filtering and application level agents. It is a new generation of professional firewall equipment specially developed for large and medium-sized enterprises, governments, military, universities and other users. It supports external attack prevention, internal network security, network access control, network traffic monitoring and bandwidth management, dynamic routing, web content filtering, email content filtering, IP conflict detection and other functions, It can effectively ensure the security of the network; The product provides flexible network routing/bridging capabilities, supports policy routing and multi outlet link aggregation; It provides a variety of intelligent analysis and management methods, supports email alarm, supports log audit, provides comprehensive network management monitoring, and assists network administrators in completing network security management.There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions.","legendsec-Secgate-3600-firewall","There is a file upload vulnerability in SecGate 3600 firewall, which allows attackers to gain server control permissions.","1. The vulnerability has not been repaired officially. Please contact the manufacturer to repair the vulnerability: https://www.legendsec.com/2. Set access policies and white list access through security devices such as firewalls.3. If it is not necessary, public network access to the system is prohibited.","File Upload","","title=""网神SecGate 3600防火墙""","747","10.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-ikpyxezh.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"杭州新中大 NetcallServer 管理控制台默认口令","杭州新中大NetcallServer管理控制台是杭州新中大科技股份有限公司的一款即时通讯软件。杭州新中大NetcallServer管理控制台存在默认口令,攻击者可利用该漏洞获取敏感信息。","NEWGRAND-NETCALL","攻击者可通过默认口令漏洞控制整个平台,使用管理员权限操作核心的功能。造成敏感信息泄露。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","Hangzhou new Zhongda NetcallServer management console default password","Hangzhou New Zhongda NetcallServer Management console is an instant messaging software of Hangzhou New Zhongda Technology Co., LTD. There is a default password in the NetcallServer management console of Hangzhou New CUHK, which can be exploited by attackers to obtain sensitive information.","NEWGRAND-NETCALL","The attacker can control the whole platform through the default password vulnerability and operate the core functions with the administrator rights. Cause sensitive information to leak.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.2. If not necessary, prohibit public network access to the system.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","title==""netcallServer 管理控制台""","567","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-8t9jofec.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"D-Link DCS-960L HNAP LoginPassword 认证绕过漏洞","D-Link DCS-960L是中国台湾友讯(D-Link)公司的一款网络摄像头产品。D-Link DCS-960L 在处理 HNAP 登录请求时,对于参数 LoginPassword 的处理逻辑错误,攻击者可以构造特殊的登录请求实现登录验证绕过。","D_Link-DCS-960L","D-Link DCS-960L 在处理 HNAP 登录请求时,对于参数 LoginPassword 的处理逻辑错误,攻击者可以构造特殊的登录请求实现登录验证绕过。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://dlink.com/","权限绕过","D-Link DCS-960L HNAP LoginPassword Authentication Bypass Vulnerability","D-Link DCS-960L is a network camera product of China Taiwan D-Link Company.When D-Link DCS-960L processes the HNAP login request, the processing logic of the parameter LoginPassword is wrong, and the attacker can construct a special login request to bypass the login verification.","D_Link-DCS-960L","When D-Link DCS-960L processes the HNAP login request, the processing logic of the parameter LoginPassword is wrong, and the attacker can construct a special login request to bypass the login verification.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://dlink.com/","Permission Bypass","","header=""DCS-960L"" || banner=""DCS-960L""","16014","8.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-pqovyyur.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Array Networks AG/vxAG 远程代码执行漏洞(CVE-2022-42897)","Array Networks AG/vxAG是美国安瑞科技(Array Networks)公司的一款 Array SSL-VPN 网关产品。Array Networks AG/vxAG with ArrayOS AG 9.4.0.469之前的版本存在安全漏洞,该漏洞源于其允许未经身份验证的攻击者实现命令注入,导致权限升级和对系统的控制。","Array-VPN","Array Networks AG/vxAG with ArrayOS AG 9.4.0.469之前的版本存在安全漏洞,该漏洞源于其允许未经身份验证的攻击者实现命令注入,导致权限升级和对系统的控制。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html","代码执行","Array Networks AG/vxAG RCE (CVE-2022-42897)","Array Networks AG/vxAG is an Array SSL-VPN gateway product of Array Networks in the United States.Array Networks AG/vxAG with ArrayOS AG prior to 9.4.0.469 has a security vulnerability that allows an unauthenticated attacker to achieve command injection, resulting in privilege escalation and control over the system.","Array-VPN","Array Networks AG/vxAG with ArrayOS AG prior to 9.4.0.469 has a security vulnerability that allows an unauthenticated attacker to achieve command injection, resulting in privilege escalation and control over the system.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html","Code Execution","CVE-2022-42897","banner=""/prx/000/http"" || header=""/prx/000/http"" || body=""an_util.js""","10117","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-yhmhghpz.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"ASUS RT-AX56U 敏感信息泄漏漏洞","ASUS RT-AX56U为WiFi6双频1800M电竞路由,支持 WiFi6 (802.11ax) 标准和 80MHz 带宽提供更好的网络性能与效率。并搭载了Trend Micro™ 支持的 AiProtection 商业级安全防护功能,为所有连网的智能设备提供网络安全防护。构造请求发送到存在漏洞的设备之后,可以读取系统中的passwd或shadow文件造成管理员用户的密码信息泄漏问题。","ASUS-RT-AX56U","构造请求发送到存在漏洞的设备之后,可以读取系统中的passwd或shadow文件造成管理员用户的密码信息泄漏问题。","升级固件。固件下载地址:https://www.asus.com.cn/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax56u/helpdesk_bios/?model2Name=RT-AX56U","信息泄露","ASUS RT-AX56U Sensitive Information Disclosure Vulnerability","The ASUS RT-AX56U is a WiFi6 dual band 1800M E-sports route that supports the WiFi6 (802.11ax) standard and 80MHz bandwidth to provide better network performance and efficiency. With Trend Micro ™ The supported AiProtection commercial level security protection function provides network security protection for all connected intelligent devices.After the construction request is sent to the vulnerable device, the passwd or shadow file in the system can be read, causing the password information disclosure problem of the administrator user.","ASUS-RT-AX56U","After the construction request is sent to the vulnerable device, the passwd or shadow file in the system can be read, causing the password information disclosure problem of the administrator user.","Update FirmwareFirmware download address:https://www.asus.com.cn/networking-iot-servers/wifi-routers/asus-wifi-routers/rt-ax56u/helpdesk_bios/?model2Name=RT-AX56U","Information Disclosure","","banner=""ASUS RT-AX56U"" || (body=""RT-AX56U"" && title==""ASUS Login"")","291164","5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-0w89giao.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"kkFileView onlinePreview 任意文件读取漏洞","Keking kkFileView是中国凯京科技(Keking)公司的一个 Spring-Boot 打造文件文档在线预览项目。Keking kkFileview 存在安全漏洞,该漏洞源于存在通过目录遍历漏洞读取任意文件,可能导致相关主机上的敏感文件泄漏。","kkFileView","Keking kkFileview 存在安全漏洞,该漏洞源于存在通过目录遍历漏洞读取任意文件,可能导致相关主机上的敏感文件泄漏。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://github.com/kekingcn/kkFileView/","文件读取","kkFileView onlinePreview Arbitrary File Read","Keking kkFileView is a Spring-Boot online preview project for creating file documents of Keking Technology Co., Ltd. in China.There is a security vulnerability in Keking kkFileview, which stems from reading arbitrary files through directory traversal vulnerabilities, which may lead to the leakage of sensitive files on related hosts.","kkFileView","There is a security vulnerability in Keking kkFileview, which stems from reading arbitrary files through directory traversal vulnerabilities, which may lead to the leakage of sensitive files on related hosts.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://github.com/kekingcn/kkFileView/","File Read","","body=""/onlinePreview?url""","2360","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"海康威视部分iVMS系统存在文件上传漏洞","海康威视-iVMS综合安防管理平台是一套“集成化”、“数字化”、“智能化”的平台,包含视频、报警、门禁、访客、梯控、巡查、考勤、消费、停车场、可视对讲等多个子系统。攻击者通过获取密钥任意构造token,请求某个接口任意上传文件,导致获取服务器webshell权限,同时可远程进行恶意代码执行。","HIKVISION-iVMS","海康威视-iVMS综合安防管理平台是一套“集成化”、“数字化”、“智能化”的平台,包含视频、报警、门禁、访客、梯控、巡查、考勤、消费、停车场、可视对讲等多个子系统。攻击者通过获取密钥任意构造token,请求某个接口任意上传文件,导致获取服务器webshell权限,同时可远程进行恶意代码执行。","厂家尚未发布修复补丁,请及时关注厂商更新补丁:https://www.hikvision.com/","文件上传","Some Hikvision iVMS file upload vulnerabilities","Hikvision-iVMS comprehensive security management platform is an ""integrated"", ""digital"" and ""intelligent"" platform, including video, alarm, access control, visitor, elevator control, inspection, attendance, consumption, parking lot, Video intercom and other subsystems.The attacker constructs a token arbitrarily by obtaining the key, and requests an interface to upload files arbitrarily, resulting in obtaining the webshell permission of the server and executing malicious code remotely.","HIKVISION-iVMS","Hikvision-iVMS comprehensive security management platform is an ""integrated"", ""digital"" and ""intelligent"" platform, including video, alarm, access control, visitor, elevator control, inspection, attendance, consumption, parking lot, Video intercom and other subsystems.The attacker constructs a token arbitrarily by obtaining the key, and requests an interface to upload files arbitrarily, resulting in obtaining the webshell permission of the server and executing malicious code remotely.","At present, the manufacturer has released security patches, please update in time: http://www.thinkphp.cn/.","File Upload","","(body=""class=\""enname\"">iVMS-4200"" && body=""laRemPassword"") || (body=""home/locationIndex.action?time="" && body=""result.data.indexUrl;"") || (body=""//caoshiyan modify 2015-06-30 中转页面"" && body=""/home/locationIndex.action?time="" || body=""home/licenseUpload.action"") || (body=""class=\""out\""><a href=\""download/iVMS-"") || ((body=""tab-border code-iivms\"">"" || body=""login?service="" || body=""/eop/common/css/reset.css"" || header=""/cms/web/gateway/""|| body=""/cms/web/gateway/"" || header=""/login?service="" || title=""iVMS"") && header=""Server: If you want know, you can ask me"" && header!=""404 Not Found"") || (body=""var uuid = \""2b73083e-9b29-4005-a123-1d4ec47a36d5\""; // 用于检测VMS是否超时, chenliangyf1"") || (body=""/cas/login"" && body=""js/login/login.service.js"") || (body=""daysOflicenseDatedWarn"" && body=""/cas/login"") || (body=""/ivms-ui/default/css/login.css"") || (server=""Apache-Coyote/1.1"" && body=""/baseui/js/plugins/ui/jquery.placeholder.js"") || (body=""/cas/static/js/jquery.placeholder.js"") || (body=""IVMS.files/logo.gif"") || (body=""license!getExpireDateOfDays.action"" && body="" window.document.location = '/license!getExpireDateOfDays.action';"") || (body=""iVMS-A100"" && title=""登录"") || (body=""/error/browser.do"" && body=""/portal"" && body=""settings.skinStyle"" && (body=""src=\""/portal/common/js/commonVar.js"" || body=""nginxService/v1/download/InstallRootCert.exe""))","15294","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-6bni58gb.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"ActiveMQ 消息代理系统 fileserver 文件上传漏洞(CVE-2016-3088)","Apache ActiveMQ® 是最流行的开源、多协议、基于 Java 的消息代理。Apache ActiveMQ 5.x 5.14.0 之前的文件服务器 Web 应用程序允许远程攻击者通过 HTTP PUT 和 HTTP MOVE 请求上传和执行任意文件。","APACHE-ActiveMQ","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","厂商已发布了漏洞修复程序,请及时关注更新:https://activemq.apache.org/1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件上传","ActiveMQ Arbitrary File Write Vulnerability (CVE-2016-3088)","Apache ActiveMQ is the most popular open source, multi-protocol, Java-based message broker.The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.","APACHE-ActiveMQ","The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.","The vendor has released a bug fix, please pay attention to the update in time:https://activemq.apache.org/1. Set access policies and whitelist access through security devices such as firewalls.2. If not necessary, prohibit public network access to the system.","File Upload","CVE-2016-3088","((((title=""Apache ActiveMQ"" || (port=""8161"" && header=""Server: Jetty"") || header=""realm=\""ActiveMQRealm"") && header!=""couchdb"" && header!=""drupal"" && body!=""Server: couchdb"") || (banner=""server:ActiveMQ"" || banner=""Magic:ActiveMQ"" || banner=""realm=\""ActiveMQRealm"") || banner=""Apache ActiveMQ"") || (((title=""Apache ActiveMQ"" || (port=""8161"" && header=""Server: Jetty"") || header=""realm=\""ActiveMQRealm"") && header!=""couchdb"" && header!=""drupal"" && body!=""Server: couchdb"") || (banner=""server:ActiveMQ"" || banner=""Magic:ActiveMQ"" || banner=""realm=\""ActiveMQRealm"") || banner=""Apache ActiveMQ"")) && protocol!=""activemq"" && protocol!=""stomp""","42641","9.6","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Weblogic JtaTransactionManager 反序列化远程代码执行漏洞(CVE-2020-2551)","WebLogic Server是其中的一个适用于云环境和传统环境的应用服务器组件。WebLogic 存在远程代码执行漏洞,该漏洞允许未经身份验证的攻击者通过IIOP协议网络访问并破坏易受攻击的WebLogic Server,成功的漏洞利用可导致WebLogic Server被攻击者接管,从而造成远程代码执行。","Weblogic_interface_7001","WebLogic 存在远程代码执行漏洞,该漏洞允许未经身份验证的攻击者通过IIOP协议网络访问并破坏易受攻击的WebLogic Server,成功的漏洞利用可导致WebLogic Server被攻击者接管,从而造成远程代码执行。","1、目前厂商已发布升级补丁以修复漏洞,请用户安装补丁以修复漏洞,补丁获取链接:https://www.oracle.com/security-alerts/cpujan2020.html2、临时缓解措施:(可能影响业务,请备份后再操作)可通过关闭 IIOP 协议对此漏洞进行缓解。操作如下: 在 Weblogic 控制台中,选择 服务-> AdminServer -> 协议 ,取消 启用 IIOP 的勾选。 并重启 Weblogic 项目,使配置生效。","代码执行","WebLogic JtaTransactionManager Remote Code Execution Vulnerability (CVE-2020-2551)","WebLogic Server is one of the application server components applicable to cloud and traditional environments.WebLogic has a remote code execution vulnerability, which allows an unauthenticated attacker to access and destroy the vulnerable WebLogic Server through the IIOP protocol network. A successful exploitation of the vulnerability can cause the WebLogic Server to be taken over by the attacker, resulting in remote code execution.","Weblogic_interface_7001","WebLogic has a remote code execution vulnerability, which allows an unauthenticated attacker to access and destroy the vulnerable WebLogic Server through the IIOP protocol network. A successful exploitation of the vulnerability can cause the WebLogic Server to be taken over by the attacker, resulting in remote code execution.","1. At present, the manufacturer has released an upgrade patch to fix the vulnerability. Please install the patch to fix the vulnerability. The link to obtain the patch:https://www.oracle.com/security-alerts/cpujan2020.html2. Temporary mitigation measures: (may affect business, please back up before operating)This vulnerability can be mitigated by turning off the IIOP protocol. The operation is as follows: In the Weblogic console, select 'Services' - 'AdminServer' - 'Protocols' and uncheck 'Enable IIOP'. And restart the Weblogic project for the configuration to take effect.","Code Execution","CVE-2020-2551","(body=""Welcome to WebLogic Server"")||(title==""Error 404--Not Found"") || (((body=""<h1>BEA WebLogic Server"" || server=""Weblogic"" || body=""content=\""WebLogic Server"" || body=""<h1>Welcome to Weblogic Application"" || body=""<h1>BEA WebLogic Server"") && header!=""couchdb"" && header!=""boa"" && header!=""RouterOS"" && header!=""X-Generator: Drupal"") || (banner=""Weblogic"" && banner!=""couchdb"" && banner!=""drupal"" && banner!="" Apache,Tomcat,Jboss"" && banner!=""ReeCam IP Camera"" && banner!=""<h2>Blog Comments</h2>"")) || (port=""7001"" && protocol==""weblogic"")","127541","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"TP_LINK 多款路由器命令执行(CVE-2020-9374)","中国普联(TP-Link)公司的多款路由器多个型号存在命令执行漏洞,其中包括TL-WR841N,TL-WR840N,Archer C20,TL-WR849N,Archer C55,Archer C50,TL-WA801ND,TL-WR841HP,TL-WR845N,Archer C20i,Archer C2等型号,攻击者可利用该漏洞任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","TP_LINK-TL-WR849N","攻击者可通过向仪表盘的路由跟踪功能发送shell元字符利用该漏洞执行任意命令,写入后门,获取服务器权限,进而控制整个web服务器。","1、目前厂商暂未发布修复措施解决此安全问题,建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法:https://www.tp-link.com/2、通过防火墙等安全设备设置访问策略,设置白名单访问。3、如非必要,禁止公网访问该系统。","命令执行","Command Execution in Multiple TP-LINK Routers (CVE-2020-9374)","Multiple models of TP-Link routers from TP-Link Technologies Co., Ltd., including TL-WR841N, TL-WR840N, Archer C20, TL-WR849N, Archer C55, Archer C50, TL-WA801ND, TL-WR841HP, TL-WR845N, Archer C20i, Archer C2, are vulnerable to a command execution flaw. Attackers can exploit this vulnerability to execute arbitrary code, inject backdoors, gain server privileges, and ultimately take control of the entire web server.","TP_LINK-TL-WR849N","An attacker can exploit this vulnerability by sending shell metacharacters through the routing trace feature of the dashboard, allowing them to execute arbitrary commands, inject backdoors, gain server privileges, and ultimately take control of the entire web server.","1. The vendor has not yet released any official fixes to address this security issue. It is recommended that users of this software regularly monitor the vendor's website or refer to the provided URL for updates and solutions: https://www.tp-link.com/2. Implement access policies, such as using firewalls or other security devices, to set up whitelist-based access control.3. Unless absolutely necessary, it is advised to restrict public internet access to the affected system.","Command Execution","CVE-2020-9374","body=""tplinkwifi.net"" && body=""ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=""","378381","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"泛微 e-cology CheckServer.jsp 文件 SQL 注入漏洞","泛微OA办公系统也称为泛微协同办公系统,是一款以简单、适用、高效为原则打造的优质OA办公系统,该软件内置流程、门户、知识、人事、沟通的20多个功能模块,并采用智能语音交互办公模式,能够完美贴合企业实际需求,为企业打通全程数字化管理。泛微OA办公系统存在SQL注入漏洞,攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","泛微-协同办公OA","泛微OA办公系统存在SQL注入漏洞,攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","目前官方已发布安全补丁进行漏洞修复:https://www.weaver.com.cn/cs/securityDownload.html","SQL注入","Weaver e-cology CheckServer.jsp file sql injection vulnerability","Weaver e-cology OA is a high-quality OA office system built on the principles of simplicity, applicability, and efficiency. The software is equipped with over 20 functional modules for processes, portals, knowledge, personnel, and communication, and adopts an intelligent voice interaction office mode. It can perfectly meet the actual needs of enterprises and provide them with full digital management.Weaver e-cology OA has an SQL injection vulnerability, which allows attackers to not only obtain information from the database (such as administrator background passwords, user personal information of the site) through SQL injection vulnerabilities, but also write Trojan horses to the server under high privileges to further gain server system privileges.","Weaver-OA","Weavere-cology OA has an SQL injection vulnerability, which allows attackers to not only obtain information from the database (such as administrator background passwords, user personal information of the site) through SQL injection vulnerabilities, but also write Trojan horses to the server under high privileges to further gain server system privileges.","The official security patch has been released for vulnerability repair: https://www.weaver.com.cn/cs/securityDownload.html","SQL Injection","","((body=""szFeatures"" && body=""redirectUrl"") || (body=""rndData"" && body=""isdx"") || (body=""typeof poppedWindow"" && body=""client/jquery.client_wev8.js"") || body=""/theme/ecology8/jquery/js/zDialog_wev8.js"" || body=""ecology8/lang/weaver_lang_7_wev8.js"" || body=""src=\""/js/jquery/jquery_wev8.js"" || (header=""Server: WVS"" && (title!=""404 Not Found"" && header!=""404 Not Found""))) && header!=""testBanCookie"" && header!=""Couchdb"" && header!=""JoomlaWor"" && body!=""<title>28ZE</title>""","105760","7.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"中保無限Modem Configuration Interface 默认口令漏洞","Modem Configuration Interface是一款中保無限路由器管理系统。该系统存在默认口令,攻击者可通过默认口令(sigmu/secom)控制整个平台,使用管理员权限操作核心功能。","Gemtek-中保無限路由器","攻击者可通过默认口令(sigmu/secom)漏洞控制整个平台,使用管理员权限操作核心的功能。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","Gemtek Modem Configuration Interface Default password vulnerability","Modem Configuration Interface is an unlimited router management system of China Insurance Corporation. There is a default password in the system. An attacker can control the entire platform through the default password (sigmu/secom) and operate the core functions with administrator privileges.","Gemtek-Secom-Router","attackers can control the entire platform through the default password(sigmu/secom) vulnerability, and use administrator privileges to operate core functions.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers and special characters, and the number of digits is greater than 8.2. If it is not necessary, it is forbidden to access the system from the public network.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","(title=""Modem configuration interface"" && body=""status_device_status.asp"" && body!=""Huawei"") && header!=""Couchdb"" && header!=""JoomlaWor""","4521","5.0","<p></p><p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-9jkzcg1a.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"锐捷网络 NBR路由器 webgl.data 信息泄露漏洞","锐捷网络NBR700G路由器是锐捷网络股份有限公司的一款无线路由设备。锐捷网络NBR700G路由器存在信息漏洞,攻击者可利用该漏洞获取敏感信息。","Ruijie-NBR路由器","攻击者可利用该漏洞获取锐捷网络NBR700G路由器相关账号和密码,从而造成敏感信息泄露。","1、建议做好访问控制权限。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","信息泄露","Ruijie NBR Router webgl.data information","Ruijie Network NBR700G router is a wireless routing equipment of Ruijie Network Co., LTD. The NBR700G router of Ruijie Network has information vulnerability, which can be used by attackers to obtain sensitive information.","Ruijie-NBR-Router","Attackers can use this vulnerability to obtain Ruijie network NBR700G router account and password, resulting in sensitive information leakage.","1. It is recommended to do a good job of access control permissions.2. Disable the public network from accessing the system if necessary.3. Set access policies and whitelist access on security devices such as firewalls.","Information Disclosure","","(body=""Ruijie - NBR"" || (body=""support.ruijie.com.cn"" && body=""<p>系统负荷过高,导致网络拥塞,建议降低系统负荷或重启路由器"") || body=""class=\""line resource\"" id=\""nbr_1\"""" || title=""锐捷网络 --NBR路由器--登录界面"" || title==""锐捷网络"") && body!=""Server: couchdb""","204290","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-io5tjzhh.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"用友 NC Cloud rand.do 文件 Log4j2 远程代码执行漏洞(CVE-2021-44228)","用友 NC-Cloud 是用友公司推出的大型企业数字化平台。支持公有云、混合云、专属云的灵活部署模式。用友 NC-Cloud 存在Apache Log4J2漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。","用友-NC-Cloud","用友 NC-Cloud 存在Apache Log4J2漏洞,攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器,当该请求被打印成日志时就会触发远程代码执行。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://hc.yonyou.com/product.php?id=4","代码执行","yonyou NC Cloud rand.do Log4j2 RCE (CVE-2021-44228)","yonyou NC-Cloud is a large-scale enterprise digital platform launched by UFIDA. Supports flexible deployment modes of public cloud, hybrid cloud, and dedicated cloud.yonyou NC-Cloud has the Apache Log4J2 vulnerability. An attacker can design a data request to be sent to a server using the Apache Log4j tool. When the request is printed as a log, remote code execution will be triggered.","yonyou-NC-Cloud","yonyou NC-Cloud has the Apache Log4J2 vulnerability. An attacker can design a data request to be sent to a server using the Apache Log4j tool. When the request is printed as a log, remote code execution will be triggered.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is:https://hc.yonyou.com/product.php?id=4","Code Execution","CVE-2021-44228","(banner=""nccloud"" && banner=""Location"" && banner=""JSESSIONID"") || (body=""/platform/yonyou-yyy.js"" && body=""/platform/ca/nccsign.js"") || body=""window.location.href=\""platform/pub/welcome.do\"";""","4180","9.8","","[]" |
|
"Apache Superset 权限绕过漏洞(CVE-2023-27524)","Apache Superset 是美国阿帕奇(Apache)基金会的一个数据可视化和数据探索平台。Apache Superset 2.0.1 版本及之前版本存在安全漏洞。攻击者利用该漏洞验证和访问未经授权的资源。","APACHE-Superset","攻击者可利用该漏洞验证和访问未经授权的资源。","目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:https://github.com/apache/superset","权限绕过","Apache Superset Permission Bypass Vulnerability (CVE-2023-27524)","Apache Superset is a data visualization and data exploration platform of the Apache Foundation. Apache Superset versions 2.0.1 and earlier have security vulnerabilities. Attackers exploit this vulnerability to verify and access unauthorized resources.","APACHE-Superset","Attackers can exploit this vulnerability to verify and access unauthorized resources","Currently, the vendor has released an upgrade patch to fix the vulnerability. For detailed information and updates, please refer to the vendor's official page: https://github.com/apache/superset","Permission Bypass","CVE-2023-27524","(title=""Superset"" && (body=""appbuilder"" || body=""<img src=\""https://joinsuperset.com/img/supersetlogovector.svg"")) || body=""<a href=\""https://manage.app-sdx.preset.io\"" class=\""button\"">Back to workspaces</a></section>"" || (body=""/static/assets/dist/common.644ae7ae973b00abc14b.entry.js"" || (body=""/static/assets/images/favicon.png"" && body=""/static/appbuilder/js/jquery-latest.js"") && body=""Superset"") || header=""/superset/welcome/"" || title=""500: Internal server error | Superset"" || title=""404: Not found | Superset"" || banner=""/superset/welcome/"" || banner=""/superset/dashboard/""","43325","8.9","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Apache-Superset-%E6%9D%83%E9%99%90%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2023-27524%EF%BC%89-kvjkpqtw.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"畅捷通-TPlus GetScheduleLogList 方法 scheduleName 参数 SQL 注入漏洞","畅捷通T+是由用友软件开发的一款新型互联网企业管理软件,全面满足成长型小微企业对其灵活业务流程的管控需求,重点解决往来业务管理、订单跟踪、资金、库存等管理难题。T+结合畅捷通100多万中小企业的管理经验,采用完全B/S结构及.NET先进开发技术,通过解决中小企业管理现状的重点问题,以及对业务过程主要环节的控制与管理,提升管理水平,为企业带来更多管理价值。畅捷通-TPlus 存在SQL注入漏洞,攻击者可通过该漏洞获取数据库敏感信息。","畅捷通-TPlus","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","厂商已修复该漏洞,联系厂商获取最新版本https://www.chanjet.com/。","SQL注入","chanjet-TPlus GetScheduleLogList function scheduleName params SQL Injection Vulnerability","Chanjet T+ is a new type of Internet enterprise management software developed by Yonyou Software, which fully meets the needs of growing small and micro enterprises for their flexible business process management and control, and focuses on solving management problems such as transaction management, order tracking, funds, and inventory. T+ combines the management experience of more than 1 million small and medium-sized enterprises of Chanjet, adopts the complete B/S structure and .NET advanced development technology, and improves management by solving the key problems of the management status of small and medium-sized enterprises, as well as the control and management of the main links of the business process. level, bringing more management value to the enterprise. Chanjet-TPlus has a SQL injection vulnerability through which attackers can obtain sensitive database information.","https://www.chanjet.com/","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","The manufacturer has fixed the vulnerability, please contact the manufacturer to get the latest version https://www.chanjet.com/.","SQL Injection","","body=""tplus""","110735","9","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"建文工程项目管理软件 BusinessManger.ashx SQL 注入漏洞","建文工程管理软件是一个适用于工程投资领域的综合型的多方协作平台。该系统存在SQL注入漏洞,攻击者可通过该漏洞获取数据库信息。","建文工程项目管理软件(PM8-Plus版)","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、官方已修复该漏洞,请用户联系厂商修复漏洞:http://www.justwin.cn2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","justwin Engineering Project Management Software BusinessManger.ashx SQL Injection","justwin engineering management software is a comprehensive multi-party collaboration platform suitable for engineering investment. There is a SQL injection vulnerability in the system, through which attackers can obtain database information.","PM8-Plus-Version","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","1. The official has fixed the vulnerability, please contact the manufacturer to fix the vulnerability: http://www.justwin.cn2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","SQL Injection","","body=""Login/QRLogin.ashx""||title="" 建文工程项目管理软件(PM8 Plus版)""","580","8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"平升电子水库安全监管平台 SIMMaintainService.asmx存在SQL注入漏洞","唐山平升电子技术开发有限公司成立于1999年,专注于物联网智能设备研发制造和应用软件开发。开发的产品广泛服务于水务、环保、农业、安防、交通、气象、能源等领域。该公司的水库安全监管平台 /WebServices/SIMMaintainService.asmx/GetAllRechargeRecordsBySIMCardId处simcardId参数存在硬编码可获取认证最终导致的SQL注入漏洞,攻击者可通过该漏洞获取数据库权限。","水库安全监管平台","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马或直接利用SQL命令执行,进一步获取服务器系统权限。","1、使用预编译语句,所有的查询语句都使用数据库提供的参数化查询接口,参数化的语句使用参数而不是将用户输入变量嵌入到SQL语句中。当前几乎所有的数据库系统都提供了参数化SQL语句执行接口,使用此接口可以非常有效的防止SQL注入攻击。2、对进入数据库的特殊字符('""@&*;等)进行转义处理,或编码转换。3、确认每种数据的类型,比如数字型的数据就必须是数字,数据库中的存储字段必须对应为int型。4、过滤危险字符,例如:采用正则表达式匹配union、sleep、and、select、load_file等关键字,如果匹配到则终止运行。5、请关注厂商主页及时更新:https://www.data86.net/category/product","SQL注入","SQL injection vulnerability exists in Pingsheng electronic reservoir safety supervision platform SIMMaintainService.asmx","Tangshan Pingsheng Electronic Technology Development Co., Ltd. was established in 1999, focusing on the R&D and manufacturing of intelligent devices for the Internet of Things and the development of application software. The products developed are widely used in water affairs, environmental protection, agriculture, security, transportation, meteorology, energy and other fields. The simcardId parameter in the company's reservoir security supervision platform /WebServices/SIMMaintainService.asmx/GetAllRechargeRecordsBySIMCardId has a hard coded SQL injection vulnerability that can ultimately lead to authentication, through which an attacker can obtain database permissions.","Reservoir safety supervision platform","In addition to taking advantage of SQL injection vulnerabilities to obtain information in the database (for example, administrator background password, site user personal information), attackers can even write Trojan horses to the server or directly execute SQL commands under high permissions to further obtain server system permissions.","1. With precompiled statements, all query statements use the parameterized query interface provided by the database. Parameterized statements use parameters instead of embedding user input variables into SQL statements. At present, almost all database systems provide a parameterized SQL statement execution interface, which can effectively prevent SQL injection attacks.2. Escape special characters ('""@&*;, etc.) that enter the database, or perform encoding conversion.3. Confirm that each type of data, such as numeric data, must be numeric, and the storage fields in the database must correspond to int.4. Filter dangerous characters, for example: use regular expressions to match union, sleep, and, select, load_ File and other keywords. If they match, the operation will be terminated.5. Please follow the manufacturer's homepage to update it: https://www.data86.net/category/product","SQL Injection","","body=""js/PSExtend.js""","952","8.6","","[{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"MinIO verify 接口敏感信息泄露漏洞(CVE-2023-28432)","MinIO 是一种开源的对象存储服务,它兼容 Amazon S3 API,可以在私有云或公有云中使用。MinIO 是一种高性能、高可用性的分布式存储系统,它可以存储大量数据,并提供对数据的高速读写能力。MinIO 采用分布式架构,可以在多个节点上运行,从而实现数据的分布式存储和处理。MinIO verify接口存在敏感信息泄漏漏洞,攻击者通过构造特殊URL地址,读取系统敏感信息。","minio","MinIO verify接口存在敏感信息泄漏漏洞,攻击者通过构造特殊URL地址,读取系统敏感信息。","厂商已发布了漏洞修复程序,请及时关注更新:https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q","信息泄露","MiniO verify interface sensitive information disclosure vulnerability (CVE-2023-28432)","MinIO is an open source object storage service that is compatible with the Amazon S3 API and can be used in private or public clouds. MinIO is a high-performance, high-availability distributed storage system that can store large amounts of data and provide high-speed read and write capabilities for data. MinIO adopts a distributed architecture and can run on multiple nodes to realize distributed storage and processing of data.There is a sensitive information disclosure vulnerability in the MiniO verify interface, which allows attackers to read sensitive system information by constructing special URL addresses.","minio","There is a sensitive information disclosure vulnerability in the MiniO verify interface, which allows attackers to read sensitive system information by constructing special URL addresses.","The manufacturer has released a bug fix, please pay attention to the update in time:https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q","Information Disclosure","CVE-2023-28432","banner=""MinIO"" || header=""MinIO"" || title=""MinIO""","393685","7.5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"瑞友天翼应用虚拟化系统 ConsoleExternalApi.XGI account 参数 SQL 注入漏洞","瑞友天翼应用虚拟化系统是基于服务器计算架构的应用虚拟化平台,它将用户各种应用软件集中部署到瑞友天翼服务集群,客户端通过WEB即可访问经服务器上授权的应用软件,实现集中应用、远程接入、协同办公等。攻击者可通过该sql注入漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","REALOR-天翼应用虚拟化系统","攻击者可通过该sql注入漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","目前官方已发布安全补丁进行漏洞修复:http://www.realor.cn/product/tianyi/","SQL注入","Realor Tianyi AVS ConsoleExternalApi.XGI file account param sql injection vulnerability","Realor Tianyi Application Virtualization System is an application virtualization platform based on server computing architecture. It centrally deploys various user application software to the Ruiyou Tianyi service cluster, and clients can access authorized application software on the server through the WEB, achieving centralized application, remote access, collaborative office, and more.Attackers can use this sql injection vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","REALOR-Tianyi-AVS","Attackers can use this sql injection vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The official security patch has been released for vulnerability repair: http://www.realor.cn/product/tianyi/","SQL Injection","","title=""瑞友天翼-应用虚拟化系统"" || title=""瑞友应用虚拟化系统"" || body=""static/images/bulletin_qrcode.png""","55625","9.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Adobe ColdFusion WDDX JGroups 远程代码执行漏洞","Adobe ColdFusion 是 Adobe 公司开发的用于 Web 应用程序开发的商业应用程序服务器。攻击者可向 ColdFusion 服务器发送不受信任的序列化数据并触发反序列化,从而执行任意代码。","Adobe-ColdFusion","攻击者可通过该漏洞在服务器端任意执行代码,获取服务器权限,进而控制整个web服务器。","⼚商已发布了漏洞修复程序,请及时关注更新:https://helpx.adobe.com/security.html","代码执行","Adobe ColdFusion WDDX JGroups remote code execution vulnerability","Adobe Coldfusion is a commercial application server developed by Adobe for web applications.The attacker can send unbelievable serialized data and trigger derivativeization to the Coldfusion server, thereby executing any code.","Adobe-ColdFusion","The attacker can execute the code at the server through this vulnerability, obtain the server permissions, and then control the entire web server.","The vendor has released a bug fix, please pay attention to the update in time: https://helpx.adobe.com/security.html","Code Execution","","body=""/cfajax/"" || header=""CFTOKEN"" || banner=""CFTOKEN"" || body=""ColdFusion.Ajax"" || body=""<cfscript>"" || server=""ColdFusion"" || title=""ColdFusion"" || (body=""crossdomain.xml"" && body=""CFIDE"") || (body=""#000808"" && body=""#e7e7e7"")","567468","9.8","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"i3Geo codemirror.php 文件 pagina 参数文件读取漏洞(CVE-2022-32409)","i3geo是saladesituacao开源的一个用于开发交互式网络地图的应用程序。i3Geo存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","i3geo","i3Geo存在文件读取漏洞,攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","厂商已发布了漏洞修复程序,请及时关注更新:https://softwarepublico.gov.br/social/i3geo","文件读取","I3Geo codemirror.php file pagina parameter file read vulnerability (CVE-2022-32409)","I3geo is an open source application of salade situacao for developing interactive network maps.I3Geo has a file reading vulnerability, through which an attacker can read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely insecure state.","i3geo","I3Geo has a file reading vulnerability, through which an attacker can read important system files (such as database configuration files, system configuration files), database configuration files, etc., causing the website to be in an extremely insecure state.","The vendor has released a bug fix, please pay attention to the update in time:https://softwarepublico.gov.br/social/i3geo","File Read","CVE-2022-32409","body=""i3geo""","88","7.6","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-qpylvez2.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WAVLINK WN535 G3 路由器 live_check.shtml 文件信息泄露漏洞(CVE-2022-31845)","WAVLINK WN535是一款双频 4G LTE 智能路由器。WAVLINK WN535 G3 M35G3R.V5030.180927版本存在安全漏洞,该漏洞源于live_check.shtml 中存在漏洞。攻击者利用该漏洞通过执行 exec cmd 函数获取敏感的路由器信息。","WAVLINK-WN535","WAVLINK WN535 G3 M35G3R.V5030.180927版本存在安全漏洞,该漏洞源于live_check.shtml 中存在漏洞。攻击者利用该漏洞通过执行 exec cmd 函数获取敏感的路由器信息。","目前没有详细的解决方案提供,请关注厂商主页更新:https://www.wavlink.com/zh_cn/index.html","信息泄露","WAVLINK WN535 G3 router live_ Check.shtml file information disclosure vulnerability (CVE-2022-31845)","WAVLINK WN535 is a dual band 4G LTE intelligent router.There is a security vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927, which originates in live_ There is a vulnerability in check.shtml. Attackers can use this vulnerability to obtain sensitive router information by executing exec cmd functions. ","WAVLINK-WN535","There is a security vulnerability in WAVLINK WN535 G3 M35G3R.V5030.180927, which originates in live_ There is a vulnerability in check.shtml. Attackers can use this vulnerability to obtain sensitive router information by executing exec cmd functions. ","There is currently no detailed solution manufacturer's homepage update:https://www.wavlink.com/zh_cn/index.html","Information Disclosure","CVE-2022-31845","body=""firstFlage""","3001","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/CVE-2022-31845-d5v1zudd.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Telrad-WLTMS-110 默认口令","Telrad-WLTMS-110 模块提供部署灵活性。 CPE 的高吞吐量和传输功率结合我们旗舰 BreezeCOMPACT 基地的小塔占地面积和高容量站——降低网络中基站的密度,实现更快、更实惠的 LTE部署。","Telrad-WLTMS-110","Telrad-WLTMS-110存在默认口令,攻击者可未授权使用默认口令admin/admin登录系统后台,执行其他敏感操作,获取更多敏感信息。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位数。2、如非必要,禁止公网访问该管理系统。","默认口令","Telrad-WLTMS-110 Default Password","The Telrad-WLTMS-110 offers deployment flexibility. The high throughput and transmit power of the CPEs combine with the small tower footprint and high capacity of our flagship BreezeCOMPACT base stations - reducing the density of base stations in a network and enabling faster, more affordable LTE deployments.The command center of this series of printers has admin/admin default password.","Telrad-WLTMS-110","Telrad-WLTMS-110 have default passwords. Attackers can use the default password admin/admin to log in to the system background without authorization, perform other sensitive operations, and obtain more sensitive information.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers and special characters, etc., and the number of digits should be greater than 8 digits.2. If it is not necessary, the public network is prohibited from accessing the management system.","Default Password","","(body=""WLTMS-110 Telrad"" && body=""frameRtoLControl.js"") || body=""var multipleParameters = \"" WLTMS-110""","27250","5","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"SOPHOS-Netgenie 默认口令","使用 NetGenie,获得对所有类型的 Internet 连接的支持,即。VDSL2、ADSL2+、有线互联网和 3G 连接,以及出色的无线范围、高性能、千兆端口和跨多个设备的无威胁 Wi-Fi。获取家中儿童的互联网活动报告以及家庭网络的安全报告。","SOPHOS-Netgenie","SOPHOS-Netgenie存在默认口令,攻击者可未授权使用默认口令admin/admin登录系统后台,执行其他敏感操作,获取更多敏感信息。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位数。2、如非必要,禁止公网访问该管理系统。","默认口令","SOPHOS-Netgenie Default Password","With NetGenie, get support for all types of Internet connectivity, viz. VDSL2, ADSL2+, Cable Internet and 3G connection, along with excellent wireless range, high performance, Gigabit port and threat-free Wi-Fi over multiple devices. Get Internet activity reports of children at home along with security reports of your home network.The command center of this series of printers has admin/admin default password.","SOPHOS-Netgenie","SOPHOS-Netgenie have default passwords. Attackers can use the default password admin/admin to log in to the system background without authorization, perform other sensitive operations, and obtain more sensitive information.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers and special characters, etc., and the number of digits should be greater than 8 digits.2. If it is not necessary, the public network is prohibited from accessing the management system.","Default Password","","header=""Server: Netgenie"" || banner=""Server: Netgenie""","1566","5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-xojsoqa7.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"TamronOS IPTV 系统 backup 任意文件下载漏洞","TamronOS IPTV 系统是一款智能电视管理系统。该系统存在任意文件下载漏洞,攻击者可通过该漏洞读取系统文件,获取敏感信息。","TamronOS-IPTV系统","该系统存在任意文件下载漏洞,攻击者可通过该漏洞读取系统文件,获取敏感信息。","1、升级系统版本。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","文件读取","TamronOS IPTV backup file down vulnerability","TamronOS IPTV system is an intelligent TV management system. The system has an arbitrary file download vulnerability, through which an attacker can read system files and obtain sensitive information.","TamronOS-IPTV","an attacker can read system files and obtain sensitive information.","1. Upgrade the system version.2. If it is not necessary, it is forbidden to access the system from the public network.3. Set access policies and whitelist access through security devices such as firewalls.","File Read","","title=""TamronOS IPTV系统""","472","5.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/TamronOS-IPTV-aaa3dhug.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress InPost Gallery 插件 popup_shortcode_attributes 参数文件包含漏洞(CVE-2022-4063)","InPost Gallery 是一个功能强大且非常令人愉悦的照片库插件,可在 WordPress 中处理图像。InPost Gallery 2.1.4.1版本存在文件包含漏洞,攻击者利用该漏洞可获取敏感文件。","WordPress Plugin InPost Gallery","攻击者可通过该漏洞读取泄露源码、数据库配置文件等等,导致网站处于极度不安全状态。","厂商已发布了漏洞修复程序,请及时关注更新:https://wordpress.org/plugins/inpost-gallery","文件读取,文件包含","WordPress Plugin InPost Gallery popup_shortcode_attributes File Inclusion Vulnerability(CVE-2022-4063)","InPost Gallery is a powerful and very pleasing photo gallery plugin for working with images in WordPress.There is a file inclusion vulnerability in InPost Gallery < 2.1.4.1. Attackers can exploit this vulnerability to obtain sensitive files.","WordPress Plugin InPost Gallery","Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website.","The vendor has released a bug fix, please pay attention to the update in time:https://wordpress.org/plugins/inpost-gallery","File Read,File Inclusion","CVE-2022-4063","body=""wp-content/plugins/inpost-gallery""","566","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/WORDPR~1-ybigdbm7.GIF""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Telos Alliance Omnia MPX Node 硬件编解码器 downloadMainLog 文件 fname 参数文件读取漏洞(CVE-2022-36642)","Telos Alliance Omnia MPX Node是美国Telos Alliance公司的一个专用硬件编解码器。能够利用 Omnia μMPXTM 算法以低至 320 kbps 的数据速率发送或接收完整的 FM 信号,非常适合容量有限的网络(包括 IP 无线电)。Telos Alliance Omnia MPX Node 1.5.0+r1版本及之前版本存在安全漏洞,该漏洞源于/appConfig/userDB.json 存在本地文件泄露漏洞。攻击者利用该漏洞提升权限到 root 并执行任意命令。","Telos Alliance Omnia MPX Node","Telos Alliance Omnia MPX Node 1.5.0+r1版本及之前版本存在安全漏洞,该漏洞源于/appConfig/userDB.json 存在本地文件泄露漏洞。攻击者利用该漏洞提升权限到 root 并执行任意命令。","厂商已发布了漏洞修复程序,请及时关注更新:https://www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-node","文件读取","Telos Alliance Omnia MPX Node downloadMainLog fnameFile Reading Vulnerability(CVE-2022-36642)","Telos Alliance Omnia MPX Node is a special hardware codec of Telos Alliance of the United States. Ability to leverage Omnia μ The MPXTM algorithm sends or receives complete FM signals at data rates as low as 320 kbps, making it ideal for networks with limited capacity, including IP radios.There is a security vulnerability in Telos Alliance Omnia MPX Node 1.5.0+r1 and earlier versions, which originates from the local file disclosure vulnerability in/appConfig/userDB.json. An attacker uses this vulnerability to elevate privileges to root and execute arbitrary commands.","Telos Alliance Omnia MPX Node","There is a security vulnerability in Telos Alliance Omnia MPX Node 1.5.0+r1 and earlier versions, which originates from the local file disclosure vulnerability in/appConfig/userDB.json. An attacker uses this vulnerability to elevate privileges to root and execute arbitrary commands.","The manufacturer has released vulnerability fixes, please pay attention to the updates: https://www.telosalliance.com/radio-processing/audio-interfaces/omnia-mpx-node","File Read","CVE-2022-36642","body=""Omnia MPX""","49","7.6","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-twb5wkde.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"海康威视 NCG 联网网关 login.php 文件目录遍历漏洞","海康威视 NCG 联网网关是一款集信令网关服务、媒体网关服务、安全认证、权限管理、日志管理以及网管功能于一体的电信级联网网关设备。攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","海康威视 NCG 联网网关","攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。","目前没有详细的解决方案提供,请关注厂商主页更新:https://www.hikvision.com/cn/","目录遍历","Hikvision NCG Networking Gateway login.php Directory traversal Vulnerability","The Hikvision NCG Networking Gateway of Hikvision is a carrier level network gateway device integrating signaling gateway service, media gateway service, security authentication, authority management, log management and network management functions.An attacker can read important system files (such as database configuration files, system configuration files), database configuration files, etc. through this vulnerability, causing the website to be in an extremely insecure state.","HIKVISION-NCG-Networking-Gateway","An attacker can read important system files (such as database configuration files, system configuration files), database configuration files, etc. through this vulnerability, causing the website to be in an extremely insecure state.","At present, no detailed solution is provided. Please follow the update of the manufacturer's homepage: https://www.hikvision.com/cn/","Directory Traversal","","body=""data/login.php""","735","7.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E6%B5%B7%E5%BA%B7%E5%A8%81%E8%A7%86-NCG-%E8%81%94%E7%BD%91%E7%BD%91%E5%85%B3-login.php-%E6%96%87%E4%BB%B6%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E-rxtompex.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Wordpress wpjobboard 插件 wpjobboard 页面目录遍历漏洞(CVE-2022-2544)","Wpjobboard 是 Wordpress 的一款插件。Wpjobboard插件允许网站所有者嵌入支付表单,通过Visa、American Express、Discover和Mastercard通过其Click Pledge商户账户进行支付。Wpjobboard插件存在目录遍历漏洞,攻击者可通过该漏洞查看服务器中的敏感目录和文件,控制整个系统,最终导致系统处于极度不安全状态。","wordpress-wpjobboard","Wpjobboard插件存在目录遍历漏洞,攻击者可通过该漏洞查看服务器中的敏感目录和文件,控制整个系统,最终导致系统处于极度不安全状态。","厂商已发布了漏洞修复程序,请及时关注更新:https://cn.wordpress.org/plugins/click-pledge-wpjobboard/","目录遍历","Wordpress wpjobboard plugin wpjobboard directory traversal vulnerability (CVE-2022-2544)","Wpjobboard is a plugin of Wordpress. The Wpjobboard plug-in allows website owners to embed payment forms and make payments via Visa, American Express, Discover and Mastercard through their Click&Lead merchant accounts.The Wpjobboard plug-in has a directory traversal vulnerability, through which an attacker can view sensitive directories and files in the server, control the entire system, and finally cause the system to be in an extremely insecure state.","wordpress-wpjobboard","The Wpjobboard plug-in has a directory traversal vulnerability, through which an attacker can view sensitive directories and files in the server, control the entire system, and finally cause the system to be in an extremely insecure state.","The manufacturer has released vulnerability fixes, please pay attention to the updates: https://cn.wordpress.org/plugins/click-pledge-wpjobboard/","Directory Traversal","CVE-2022-2544","body=""wp-content/plugins/wpjobboard""","1201","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/CVE-2022-2544-clf6sjxn.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Apache Archiva RepositoryServlet 代理功能 internal 文件任意文件读取漏洞(CVE-2022-40308)","Apache Archiva是美国阿帕奇(Apache)基金会的一套用于管理一个或多个远程存储的软件。该软件提供远程Repository代理、基于角色的安全访问管理和使用情况报告等功能。Apache Archiva 2.2.9之前版本存在安全漏洞,该漏洞源于如果启用了匿名读取,则无需登录即可直接读取数据库文件。","APACHE-Archiva","Apache Archiva 2.2.9之前版本存在安全漏洞,该漏洞源于如果启用了匿名读取,则无需登录即可直接读取数据库文件。","1、关闭匿名读取功能。2、目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://lists.apache.org/thread/x01pnn0jjsw512cscxsbxzrjmz64n4cc","文件读取","Apache Archiva RepositoryServlet internal Arbitrary File Read (CVE-2022-40308)","Apache Archiva is a set of software used by the Apache Foundation of the United States to manage one or more remote storages. The software provides features such as remote Repository agents, secure role-based access management, and usage reporting.Versions prior to Apache Archiva 2.2.9 have a security vulnerability, which stems from the ability to read database files directly without logging in if anonymous reading is enabled.","APACHE-Archiva","Versions prior to Apache Archiva 2.2.9 have a security vulnerability, which stems from the ability to read database files directly without logging in if anonymous reading is enabled.","1. Turn off the anonymous reading function. 2. At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://lists.apache.org/thread/x01pnn0jjsw512cscxsbxzrjmz64n4cc","File Read","CVE-2022-40308","title=""Apache Archiva"" || body=""/archiva.js"" || body=""/archiva.css""","910","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Apache-Archiva-RepositoryServlet-%E4%BB%A3%E7%90%86%E5%8A%9F%E8%83%BD-internal-%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%EF%BC%88CVE-2022-40308%EF%BC%89-0a62dn36.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Weaver e-cology ofsLogin.jsp 用户登陆绕过漏洞","泛微协同管理应用平台(e-cology)是一款全面的企业管理平台。它具备多元化的功能,包括企业信息门户、知识文档管理、工作流程管理、人力资源管理、客户关系管理、项目管理、财务管理、资产管理、供应链管理以及数据中心等。这款平台有助于企业整合各种资源,包括管理、市场、销售、研发、人事和行政等各个领域。通过e-cology,这些资源可以在一个统一的平台上集成,并为用户提供统一的界面以方便操作和获取信息。泛微协同管理应用平台(e-cology)存在权限绕过漏洞,攻击者可以绕过系统权限,登录系统执行恶意操作。","泛微-协同办公OA","泛微协同管理应用平台(e-cology)存在权限绕过漏洞,攻击者可以绕过系统权限,登录系统执行恶意操作。","官方已发布安全更新补丁:https://www.weaver.com.cn/cs/securityDownload.html?src=cn","权限绕过","Weaver e-cology ofsLogin.jsp User Login Bypass Vulnerability","The Weaver management application platform (e-cology) is a comprehensive enterprise management platform. It has diversified functions, including enterprise information portal, knowledge document management, work process management, human resource management, customer relationship management, project management, financial management, asset management, supply chain management and data center. This platform helps enterprises integrate various resources, including management, marketing, sales, research and development, personnel, and administrative fields. Through e-cology, these resources can be integrated on a unified platform and provide users with a unified interface for easy operation and information retrieval .The Weaver management application platform (e-cology) has a privilege bypass vulnerability, which allows attackers to bypass system privileges and log in to the system to perform malicious operations","Weaver-OA","The Weaver management application platform (e-cology) has a privilege bypass vulnerability, which allows attackers to bypass system privileges and log in to the system to perform malicious operations","The official security update patch has been released: https://www.weaver.com.cn/cs/securityDownload.html?src=cn","Permission Bypass","","body=""/wui/common/""||body=""/wui/index.html""","92980","9.3","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Weaver-e-cology-ofsLogin.jsp-%E7%94%A8%E6%88%B7%E7%99%BB%E9%99%86%E7%BB%95%E8%BF%87%E6%BC%8F%E6%B4%9E-8lyawdmx.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"nginxWebUI runCmd 文件命令执行漏洞","nginxWebUI是一款图形化管理nginx配置得工具,可以使用网页来快速配置nginx的各项功能,包括http协议转发, tcp协议转发,反向代理,负载均衡,静态html服务器,ssl证书自动申请、续签、配置等, 配置好后可一建生成nginx.conf文件,同时可控制nginx使用此文件进行启动与重载,完成对nginx的图形化控制闭环。攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","nginxWebUI","攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","目前官方已发布安全补丁进行漏洞修复:https://github.com/cym1102/nginxWebUI","命令执行","nginxWebUI runCmd file remote command execution vulnerability","NginxWebUI is a tool for graphical management of nginx configuration. You can use web pages to quickly configure various functions of nginx, including http protocol forwarding, tcp protocol forwarding, reverse proxy, load balancing, static html server, automatic application, renewal and configuration of ssl certificates. After configuration, you can create nginx. conf file, and control nginx to use this file to start and reload, completing the graphical control loop of nginx.Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","nginxWebUI","Attackers can use this vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The official security patch has been released for vulnerability repair: https://github.com/cym1102/nginxWebUI","Command Execution","","title=""nginxWebUI"" && body=""refreshCode('codeImg')""","5856","9.2","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-owzljxji.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"PowerJob /job/list 接口未授权访问漏洞","PowerJob(原OhMyScheduler)是全新一代分布式调度与计算框架,能让您轻松完成作业的调度与繁杂任务的分布式计算。攻击者可通过 /job/list 未授权访问漏洞获取整个系统的任务信息,可能会最终导致系统处于极度不安全状态。","PowerJob","攻击者可通过 /job/list 未授权访问漏洞获取整个系统的任务信息,可能会最终导致系统处于极度不安全状态。","目前没有详细的解决方案提供,请关注厂商主页更新:https://github.com/PowerJob/PowerJob","未授权访问","PowerJob /job/list api unauthorized access vulnerability","PowerJob (formerly OhMyScheduler) is a new generation of distributed scheduling and computing framework that allows you to easily complete job scheduling and distributed computing of complex tasks.Attackers can control the entire system through unauthorized access vulnerabilities, and ultimately lead to an extremely insecure state of the system.","PowerJob","Attackers can exploit an unauthorized access vulnerability in /job/list to obtain task information for the entire system, which could ultimately result in the system being in an extremely insecure state.","Currently, there is no detailed solution available. Please follow updates on the vendor's homepage: https://github.com/PowerJob/PowerJob","Unauthorized Access","CVE-2023-29923","(title=""PowerJob"" && body=""We're sorry but oms-console"") || (banner=""Content-Length: 1222"" || banner=""Content-Length: 1260"") && banner=""Vary: Origin"" && banner=""Vary: Access-Control-Request-Headers"" && banner!=""X-Content-Type-Options: nosniff""","656","7.3","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-rfvt3wtk.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"云匣子 authService fastjson 序列化代码执行漏洞","云匣子是一款云安宝研发的租户连接云资源的安全管理工具,能够帮助云租户更加安全、精细地管理云上的虚拟机、数据库等资源。它结合了多年的运维和安全实践经验,将云上的运维和安全有机结合,实现对运维过程的事前规划、事中控制和事后审计。同时,云匣子还集成了自动化运维、资产拓扑发现、账号安全等功能,提供全面可靠的云安全管理服务。云匣子使用存在漏洞 fastjson 组件,黑客可通过fastjson 序列化漏洞对云匣子发起攻击获取服务器权限。","云安宝-云匣子","云匣子使用存在漏洞 fastjson 组件,黑客可通过fastjson 序列化漏洞对云匣子发起攻击获取服务器权限。","厂商已发布更新补丁,请联系厂商更新:https://www.yunanbao.com.cn/product_yxz.html","代码执行","Yun-Box authService fastjson serialization code execution vulnerability","Yun-Box is a secure management tool developed by Yunanbao for tenants to connect to cloud resources, which can help cloud tenants manage virtual machines, databases, and other resources on the cloud in a more secure and precise manner. With years of experience in operations and security, Yun-Box combines operations and security on the cloud to achieve pre-planned operations, in-process control, and post-audit. Additionally, Yun-Box integrates features such as automated operations, asset topology discovery, and account security to provide comprehensive and reliable cloud security management services.","YunAnBao-Yun-Box","Yun-Box uses the vulnerable fastjson component, and hackers can launch attacks on Yun-Box by exploiting the fastjson serialization vulnerability to gain server privileges.","Vendor has released an update patch, please contact the vendor for updates: https://www.yunanbao.com.cn/product_yxz.html","Code Execution","","(body=""id=mTokenPlugin width=0 height=0 style=\""position: absolute;LEFT: 0px; TOP: 0px\"""" && body=""type=application/x-xtx-axhost"") && (cert=""Domain Control Validated"" || cert=""云匣子"")","620","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Yun-Box-authService-fastjson-serialization-code-execution-vulnerability-gksfdf8h.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"瑞友天翼应用虚拟化系统 ConsoleExternalApi.XGI account 参数 SQL 注入漏洞","瑞友天翼应用虚拟化系统是基于服务器计算架构的应用虚拟化平台,它将用户各种应用软件集中部署到瑞友天翼服务集群,客户端通过WEB即可访问经服务器上授权的应用软件,实现集中应用、远程接入、协同办公等。攻击者可通过该sql注入漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","REALOR-天翼应用虚拟化系统","攻击者可通过该sql注入漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。","目前官方已发布安全补丁进行漏洞修复:http://www.realor.cn/product/tianyi/","SQL注入","Realor Tianyi AVS ConsoleExternalApi.XGI file account param sql injection vulnerability","Realor Tianyi Application Virtualization System is an application virtualization platform based on server computing architecture. It centrally deploys various user application software to the Ruiyou Tianyi service cluster, and clients can access authorized application software on the server through the WEB, achieving centralized application, remote access, collaborative office, and more.Attackers can use this sql injection vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","REALOR-Tianyi-AVS","Attackers can use this sql injection vulnerability to arbitrarily execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.","The official security patch has been released for vulnerability repair: http://www.realor.cn/product/tianyi/","SQL Injection","","title=""瑞友天翼-应用虚拟化系统"" || title=""瑞友应用虚拟化系统""","55178","9.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"瑞友天翼应用虚拟化系统 ConsoleExternalApi.XGI 文件 iDisplayStart 参数 SQL 注入漏洞","瑞友天翼应用虚拟化系统是基于服务器计算架构的应用虚拟化平台,它将用户各种应用软件集中部署到瑞友天翼服务集群,客户端通过WEB即可访问经服务器上授权的应用软件,实现集中应用、远程接入、协同办公等。攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","REALOR-天翼应用虚拟化系统","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","目前官方已发布安全补丁进行漏洞修复:http://www.realor.cn/product/tianyi/","SQL注入","Realor Tianyi AVS ConsoleExternalApi.XGI file SQL Injection vulnerability","Realor Tianyi Application Virtualization System is an application virtualization platform based on server computing architecture. It centrally deploys various user application software to the Ruiyou Tianyi service cluster, and clients can access authorized application software on the server through the WEB, achieving centralized application, remote access, collaborative office, and more.In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","REALOR-Tianyi-AVS","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","The official security patch has been released for vulnerability repair: http://www.realor.cn/product/tianyi/","SQL Injection","","title=""瑞友天翼-应用虚拟化系统"" || title=""瑞友应用虚拟化系统""","55178","9.2","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Weblogic Commons Collections 序列化代码执行漏洞(CVE-2015-4852)","WebLogic Server是其中的一个适用于云环境和传统环境的应用服务器组件。WebLogic Commons Collections 组件存在远程代码执行漏洞,该漏洞允许未经身份验证的攻击者通过IIOP协议网络访问并破坏易受攻击的WebLogic Server,成功的漏洞利用可导致WebLogic Server被攻击者接管,从而造成远程代码执行。","Weblogic_interface_7001","WebLogic Commons Collections 组件存在远程代码执行漏洞,该漏洞允许未经身份验证的攻击者通过IIOP协议网络访问并破坏易受攻击的WebLogic Server,成功的漏洞利用可导致WebLogic Server被攻击者接管,从而造成远程代码执行。","目前厂商已发布升级补丁以修复漏洞,请用户安装补丁以修复漏洞,补丁获取链接:https://www.oracle.com/security-alerts/alert-cve-2015-4852.html","代码执行","Weblogic Commons Collections serialization code execution vulnerability (CVE-2015-4852)","WebLogic Server is an application server component suitable for both cloud and traditional environments.The WebLogic Commons Collections component has a remote code execution vulnerability that allows unauthenticated attackers to access vulnerable WebLogic Servers through the IIOP protocol and compromise them. Successful exploitation of the vulnerability can lead to the attacker taking over the WebLogic Server, resulting in remote code execution.","Weblogic_interface_7001","The WebLogic Commons Collections component has a remote code execution vulnerability that allows unauthenticated attackers to access vulnerable WebLogic Servers through the IIOP protocol and compromise them. Successful exploitation of the vulnerability can lead to the attacker taking over the WebLogic Server, resulting in remote code execution.","Currently, the vendor has released an upgrade patch to fix the vulnerability. Users are advised to install the patch to fix the vulnerability. The patch can be obtained from the following link: https://www.oracle.com/security-alerts/alert-cve-2015-4852.html","Code Execution","CVE-2015-4852","(body=""Welcome to WebLogic Server"") || (title==""Error 404--Not Found"") || (((body=""<h1>BEA WebLogic Server"" || server=""Weblogic"" || body=""content=\""WebLogic Server"" || body=""<h1>Welcome to Weblogic Application"" || body=""<h1>BEA WebLogic Server"") && header!=""couchdb"" && header!=""boa"" && header!=""RouterOS"" && header!=""X-Generator: Drupal"") || (banner=""Weblogic"" && banner!=""couchdb"" && banner!=""drupal"" && banner!="" Apache,Tomcat,Jboss"" && banner!=""ReeCam IP Camera"" && banner!=""<h2>Blog Comments</h2>"")) || (port=""7001"" && protocol==""weblogic"")","127703","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Weblogic-Commons-Collections-serialization-code-execution-vulnerability-%28CVE-2015-4852%29-cbcighe0.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Telesquare TLR-2005Ksh 路由器 setSyncTimeHost 命令执行漏洞","Telesquare Tlr-2005Ksh是韩国Telesquare公司的一款 Sk 电讯 Lte 路由器。Telesquare TLR-2005Ksh存在安全漏洞,攻击者可通过setSyncTimeHost执行任意命令获取服务器权限。","TELESQUARE-TLR-2005KSH","Telesquare TLR-2005Ksh存在安全漏洞,攻击者可通过setSyncTimeHost执行任意命令获取服务器权限。","厂商暂未发布修复措施解决此安全问题,请及时关注厂商更新:http://telesquare.co.kr/。","命令执行","Telesquare TLR-2005Ksh setSyncTimeHost RCE","Telesquare Tlr-2005Ksh is a Sk Telecom LTE router produced by Telesquare Korea.There is a security vulnerability in Telesquare TLR-2005Ksh, attackers can execute arbitrary commands through setSyncTimeHost to obtain server privileges.","TELESQUARE-TLR-2005KSH","There is a security vulnerability in Telesquare TLR-2005Ksh, attackers can execute arbitrary commands through setSyncTimeHost to obtain server privileges.","The manufacturer has not yet released a fix to solve this security problem, please pay attention to the manufacturer's update in time: http://telesquare.co.kr/.","Command Execution","","title=""TLR-2005KSH"" || banner=""TLR-2005KSH login:""","25826","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/www.alltoall.net_%E6%88%91%E7%9A%84%E5%BD%B1%E7%89%87_2_4iTR0lxqYL-bjcdwfjl.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Telesquare TLR-2005Ksh 路由器 getUsernamePassword 信息泄露漏洞","Telesquare Tlr-2005Ksh是韩国Telesquare公司的一款 Sk 电讯 Lte 路由器。Telesquare TLR-2005Ksh存在安全漏洞,攻击者可通过未授权getUsernamePassword获取用户名密码等敏感信息。","TELESQUARE-TLR-2005KSH","Telesquare TLR-2005Ksh存在安全漏洞,攻击者可通过未授权getUsernamePassword获取用户名密码等敏感信息。","厂商暂未发布修复措施解决此安全问题,请及时关注厂商更新:http://telesquare.co.kr/。","信息泄露","Telesquare TLR-2005Ksh getUsernamePassword Information Disclosure","Telesquare Tlr-2005Ksh is a Sk Telecom LTE router produced by Telesquare Korea.There is a security hole in Telesquare TLR-2005Ksh. Attackers can obtain sensitive information such as username and password through getUsernamePassword.","TELESQUARE-TLR-2005KSH","There is a security hole in Telesquare TLR-2005Ksh. Attackers can obtain sensitive information such as username and password through getUsernamePassword.","The manufacturer has not yet released a fix to solve this security problem, please pay attention to the manufacturer's update in time: http://telesquare.co.kr/.","Information Disclosure","","title=""TLR-2005KSH"" || banner=""TLR-2005KSH login:""","25826","9.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Telesquare-TLR-2005Ksh-getUsernamePassword-Information-Disclosure-fu5xd5ws.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"Telesquare TLR-2005Ksh 路由器 ExportSettings.sh 文件下载漏洞(CVE-2021-46423)","Telesquare Tlr-2005K等都是韩国Telesquare公司的 Sk 电讯 Lte 路由器。Telesquare TLR-2005Ksh等存在安全漏洞,该漏洞源于未经身份验证的文件下载。远程攻击者利用此漏洞可下载完整的配置文件。","TELESQUARE-TLR-2005KSH","Telesquare TLR-2005Ksh等存在安全漏洞,该漏洞源于未经身份验证的文件下载。远程攻击者利用此漏洞可下载完整的配置文件。","厂商暂未发布修复措施解决此安全问题,请及时关注厂商更新:http://telesquare.co.kr/。","文件读取","Telesquare TLR-2005Ksh ExportSettings.sh file download (CVE-2021-46423)","Telesquare Tlr-2005K and so on are the Sk Telecom Lte routers of Korea Telesquare Company.There are security vulnerabilities in Telesquare TLR-2005Ksh, etc., which originate from unauthenticated file downloads. A remote attacker could exploit this vulnerability to download a complete configuration file.","TELESQUARE-TLR-2005KSH","There are security vulnerabilities in Telesquare TLR-2005Ksh, etc., which originate from unauthenticated file downloads. A remote attacker could exploit this vulnerability to download a complete configuration file.","The manufacturer has not yet released a fix to solve this security problem, please pay attention to the manufacturer's update in time: http://telesquare.co.kr/.","File Read","CVE-2021-46423","title=""TLR-2005KSH"" || banner=""TLR-2005KSH login:""","25826","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Telesquare-TLR-2005Ksh-ExportSettings.sh-file-download-%28CVE-2021-46423%29-se6o192a.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"华视私云-CDN直播加速服务器默认口令漏洞","华视私云-CDN直播加速服务器是一款用于CDN直播加速的服务器。华视私云-CDN直播加速服务器存在弱口令漏洞,攻击者可利用默认口令admin/admin登录系统后台,获取后台管理员权限。","华视私云-CDN直播加速服务器","攻击者可通过默认口令漏洞控制整个平台,使用管理员权限操作核心的功能,造成敏感信息泄露。","1、修改默认口令,密码最好包含大小写字母、数字和特殊字符等,且位数大于8位。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","默认口令","Sinovision Cloud CDN live default passwd","CDN Live Broadcast Acceleration Server is a server for CDN live broadcast acceleration. The weak password vulnerability exists in the CDN Live broadcast acceleration server. The attacker can use the default password admin/admin to log in to the system background and obtain the background administrator permission.","Sinovision Cloud CDN live","attackers can control the entire platform through default password vulnerabilities and use administrator privileges to operate core functions.","1. Modify the default password. The password should preferably contain uppercase and lowercase letters, numbers, and special characters, with more than 8 digits.2. If not necessary, prohibit public network access to the system.3. Set access policies and whitelist access through security devices such as firewalls.","Default Password","","body=""src=\""img/dl.gif\"""" && title=""系统登录"" && body=""华视美达""","737","6.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/Sinovision-Cloud-CDN-live-default-passwd-ndrfiwg2.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress Welcart e-Commerce 插件 content-log.php 文件 logfile 参数文件读取漏洞","Welcart 是一个免费的 WordPress 电子商务插件,在日本市场占有率最高。Welcart e-Commerce 2.8.5版本存在任意文件读取漏洞,攻击者利用该漏洞可获取敏感文件。","WordPress-Welcart-e-Commerce","攻击者可通过该漏洞读取泄露源码、数据库配置文件等等,导致网站处于极度不安全状态。","1、通过防火墙等安全设备设置访问策略,设置白名单访问。2、如非必要,禁止公网访问该系统。","文件读取","WordPress plugin Welcart e-Commerce content-log.php logfile File Read Vulnerability","Welcart is a free e-commerce plugin for WordPress with top market share in Japan.An arbitrary file read vulnerability exists in Welcart e-Commerce < 2.8.5, and attackers can exploit this vulnerability to obtain sensitive files.","WordPress-Welcart-e-Commerce","Attackers can use this vulnerability to read the leaked source code, database configuration files, etc., resulting in an extremely insecure website.","1、Set up access policies through firewalls and other security devices, and set up whitelist access.2、If not necessary, prohibit public network access to the system.","File Read","","body=""wp-content/plugins/usc-e-shop""","5453","9.8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/WordPressPluginWe-tvtkiy5r.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"secnet-智能路由系统 actpt_5g.data 信息泄露","secnet安网智能AC管理系统是广州安网通信技术有限公司(简称“安网通信”)的无线AP管理系统。secnet安网智能AC管理系统存在信息漏洞,攻击者可利用该漏洞获取敏感信息。","secnet-智能路由系统","攻击者可利用该漏洞获取AC智能路由系统WEB登录账号密码,登录AC智能路由系统获取WEB管理员权限,从而造成敏感信息泄露。","1、建议做好访问控制权限。2、如非必要,禁止公网访问该系统。3、通过防火墙等安全设备设置访问策略,设置白名单访问。","信息泄露","secnet Intelligent Router actpt_5g.data Infoleakage","secnet Intelligent AC management system is the wireless AP management system of Guangzhou Secure Network Communication Technology Co., LTD. ("" Secure Network Communication ""for short). The secnet intelligent AC management system has information vulnerabilities, which can be used by attackers to obtain sensitive information.","secnet-Intelligent-Router","An attacker can use this vulnerability to obtain the WEB login account and password of the AC intelligent routing system and obtain the WEB administrator permission. As a result, sensitive information is leaked.","1. It is recommended to do a good job of access control permissions.2. Disable the public network from accessing the system if necessary.3. Set access policies and whitelist access on security devices such as firewalls.","Information Disclosure","","title=""安网-智能路由系统"" || title==""智能路由系统"" || title=""安网科技-智能路由系统"" || banner=""HTTPD_ac 1.0"" || header=""HTTPD_ac 1.0""","71768","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/1-7f91mjvi.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"商混ERP系统 DictionaryEdit.aspx 页面存在SQL注入","杭州荷花软件有限公司开发的商混ERP系统。这套系统主要是处理建筑公司或者各项工程的搅拌站管理,内部含有销售模块、生产管理模块、实验室模块、人员管理等,该公司的商品混凝土ERP系统/Sys/DictionaryEdit.aspx处dict_key参数存在SQL报错注入漏洞,攻击者可通过该漏洞获取数据库权限。","商混ERP系统","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、使用预编译语句,所有的查询语句都使用数据库提供的参数化查询接口,参数化的语句使用参数而不是将用户输入变量嵌入到SQL语句中。当前几乎所有的数据库系统都提供了参数化SQL语句执行接口,使用此接口可以非常有效的防止SQL注入攻击。2、对进入数据库的特殊字符('""@&*;等)进行转义处理,或编码转换。3、确认每种数据的类型,比如数字型的数据就必须是数字,数据库中的存储字段必须对应为int型。4、过滤危险字符,例如:采用正则表达式匹配union、sleep、and、select、load_file等关键字,如果匹配到则终止运行。5、请关注厂商主页及时更新:http://www.85info.com/html/channel/lxwm_5.shtml","SQL注入","SQL injection exists on Lotus ERP DictionaryEdit.aspx page","Hangzhou Lotus Software Co., Ltd. developed the commercial ERP system. This system mainly deals with the management of the mixing station of the construction company or various projects, including the sales module, production management module, laboratory module, personnel management, etc. The company's commercial concrete ERP system/Sys/DictionaryEdit dict at aspx_ SQL error injection vulnerability exists in the key parameter, which allows attackers to obtain database permissions.","Commercial-Mixed-ERP-System","In addition to taking advantage of SQL injection vulnerabilities to obtain information in the database (for example, administrator background password, site user personal information), attackers can even write Trojan horses to the server under high permissions to further obtain server system permissions.","1. With precompiled statements, all query statements use the parameterized query interface provided by the database. Parameterized statements use parameters instead of embedding user input variables into SQL statements. At present, almost all database systems provide a parameterized SQL statement execution interface, which can effectively prevent SQL injection attacks.2. Escape special characters ('""@&*;, ...) that enter the database, or perform encoding conversion.3. Confirm that each type of data, such as numeric data, must be numeric, and the storage fields in the database must correspond to int.4. Filter dangerous characters, for example: use regular expressions to match union, sleep, and, select, load_ File and other keywords. If they match, the operation will be terminated.5. Please follow the manufacturer's homepage to update it: http://www.85info.com/html/channel/lxwm_5.shtml","SQL Injection","","title=""商混ERP系统""","616","8.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/2-qowsl7yz.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"V2Board admin.php 越权访问漏洞","V2Board是一款稳定、简单、快速、易于使用的多代理协议管理系统。V2Board v1.6.1存在越权访问漏洞,鉴权方式变为从Redis中获取缓存判定是否存在可以调用接口,导致任意用户都可以调用管理员权限的接口获取后台权限。","V2Board","由于没有对用户访问角色的权限进行严格的检查及限制,导致当前账号可对其他账号进行相关操作,如查看、修改等。","厂商尚未提供漏洞修复建议,请关注厂商主机及时更新:https://www.v2board.com/。","权限绕过","V2Board admin.php Permission Bypass Vulnerability","V2Board is a stable, simple, fast and easy to use multi-agent protocol management system.V2Board v1.6.1 has an unauthorized access vulnerability. The authentication method is changed to obtain the cache from Redis to determine whether there is an interface that can be called. As a result, any user can call the interface with administrator privileges to obtain background privileges.","V2Board","Due to the lack of strict checks and restrictions on the user's access to the role, the current account can perform related operations on other accounts, such as viewing and modifying.","The manufacturer has not provided vulnerability repair suggestions, please pay attention to the timely update of the manufacturer's host: https://www.v2board.com/.","Permission Bypass","","body=""/theme/v2board/assets/umi.js""","13299","8.0","","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"ZyXEL 路由器 Export_Log 任意文件读取","ZyXEL routers 是ZyXEL公司的多款路由器产品。多款ZyXEL路由器 /Export_Log 存在任意文件读取漏洞,攻击者可获取用户密码等敏感信息。","ZyXEL-Router","多款ZyXEL路由器 /Export_Log 存在任意文件读取漏洞,攻击者可获取用户密码等敏感信息。","目前厂商已修复该漏洞,请及时关注官网更新:https://www.zyxel.com/。","文件读取","ZyXEL routers Export_Log arbitrary file read","ZyXEL routers are various router products of ZyXEL company.Several ZyXEL routers have an arbitrary file read vulnerability in /Export_Log.","ZyXEL-Router","Several ZyXEL routers have an arbitrary file read vulnerability in /Export_Log.","At present, the manufacturer has fixed the vulnerability, please pay attention to the official website update in time: https://www.zyxel.com/.","File Read","","(title="".:: Welcome to the Web-Based Configuration::."" && body=""ZyXEL"") || (title=""Welcome to the Web-Based Configurator"" && (body=""/zycss.css"" || body=""zyxel"")) || title=""do Router ZyXEL"" || title=""Welcome to ZyROUTER"" || title=""ZyXEL Router"" || body=""<friendlyName>ZyXEL Router</friendlyName>"" || banner=""ZyXEL-router""","733803","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/ZyXEL-routers-dxfzdkgf.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"海翔云平台 getylist_login.do SQL 注入漏洞","海翔云平台一站式整体解决方案提供商,业务涵盖 批发、连锁、零售行业ERP解决方案、wms仓储解决方案、电商、外勤、移动终端(PDA、APP、小程序)解决方案。该系统getylist_login.do存在SQL注入漏洞,攻击者可通过该漏洞获取数据库权限","海翔云平台","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","1、官方暂未修复该漏洞,请用户联系厂商修复漏洞:http://www.seaflysoft.com/2、部署Web应用防火墙,对数据库操作进行监控。3、如非必要,禁止公网访问该系统。","SQL注入","seaflysoft ERP getylist_login.do SQL Injection","seaflysoft cloud platform one-stop overall solution provider, business covers wholesale, chain, retail industry ERP solutions, wms warehousing solutions, e-commerce, field work, mobile terminal (PDA, APP, small program) solutions. There is a SQL injection vulnerability in the system getylist_login.do, through which an attacker can obtain database permissions","seaflysoft","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","1. There is currently no detailed solution provided, please pay attention to the manufacturer's homepage update:http://www.seaflysoft.com/2. Deploy a web application firewall to monitor database operations.3. If not necessary, prohibit public network access to the system.","SQL Injection","","body=""checkMacWaitingSecond""","773","8","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/seaflysoft-ERP-getylist_login.do-SQL-Injection-xfh5k2p8.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"万户 OA OfficeServer.jsp 任意文件上传漏洞","万户OA是面向政府组织及企事业单位的FlexOffice自主安全协同办公平台。万户OA OfficeServer.jsp存在任意文件上传漏洞,攻击者可通过该漏洞上传任意文件从而控制整个服务器。","万户网络-ezOFFICE","文件上传漏洞通常由于代码中对文件上传功能所上传的文件过滤不严或web服务器相关解析漏洞未修复而造成的,攻击者可通过文件上传点上传任意文件,包括网站后门文件(webshell)控制整个网站。","1、严格限制和校验上传的文件,禁止上传恶意代码的文件。2、请关注厂商漏洞补丁公告:https://www.whir.net/。","文件上传","ezOFFICE OA OfficeServer.jsp Arbitrarily File Upload Vulnerability","ezOFFICE OA is a FlexOffice independent security cooperative office platform for government organizations, enterprises and institutions.ezOFFICE OA OfficeServer There is an arbitrary file upload vulnerability in jsp, through which an attacker can upload arbitrary files to control the entire server.","Whir-ezOFFICE","File upload vulnerabilities are usually caused by the lax filtering of files uploaded by the file upload function in the code or the unrepaired parsing vulnerabilities related to the web server. Attackers can upload arbitrary files through the file upload point, including the website backdoor file (webshell), to control the entire website.","1. Strictly limit and verify the uploaded files, and prohibit the uploading of malicious code files.2. Please pay attention to the vendor bug patch announcement: https://www.whir.net/.","File Upload","","(banner=""OASESSIONID"" && banner=""/defaultroot/"") || (header=""OASESSIONID"" && header=""/defaultroot/"")||body=""/defaultroot/themes/common/common.css""||body=""ezofficeDomainAccount""||title=""Wanhu ezOFFICE"" || title=""万户ezOFFICE""","4715","9.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/ezOFFICE-OA-OfficeServer.jsp-Arbitrarily-File-Upload-Vulnerability-9fcg0s1c.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队企业版"",""name_en"":""Enterprise""},{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""}]" |
|
"中兴 H108NS 路由器 tools_admin.asp 文件权限绕过漏洞","中兴H108NS路由器是一款集WiFi管理、路由分配、动态获取上网连接等功能于一体的路由器产品。中兴H108NS路由器存在身份认证绕过漏洞,攻击者可利用该漏洞绕过身份认证允许访问路由器的管理面板修改管理员密码,获取用户的敏感信息。","ZTE-H108NS","攻击者可利用该漏洞绕过身份认证允许访问路由器的管理面板修改管理员密码,获取用户的敏感信息。","厂商尚未提供漏洞修补方案,请关注厂商主页及时更新:https://www.zte.com.cn/china/。","权限绕过","ZXHN H108NS Router tools_admin.asp Permission Bypass Vulnerability","ZTE H108NS router is a router product that integrates WiFi management, route allocation, dynamic access to Internet connections and other functions.The ZTE H108NS router has an identity authentication bypass vulnerability. An attacker can use this vulnerability to bypass identity authentication and allow access to the router's management panel to modify the administrator password to obtain sensitive user information.","ZTE-H108NS","An attacker can use this vulnerability to bypass identity authentication and allow access to the management panel of the router to modify the administrator password and obtain sensitive information of the user.","The manufacturer has not yet provided a vulnerability repair scheme. Please follow the manufacturer's homepage to update it in a timely manner: https://www.zte.com.cn/china/.","Permission Bypass","","banner=""Basic realm=\""H108NS\"""" || header=""Basic realm=\""H108NS\""""","8245","9.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/ZXHN-H108NS-Router-tools_admin.asp-Permission-Bypass-Vulnerability-ktzyd55v.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"铭飞 CMS list 接口 sqlWhere 参数 sql 注入漏洞","铭飞CMS是一款基于java开发的一套轻量级开源内容管理系统,铭飞CMS简洁、安全、开源、免费,可运行在Linux、Windows、MacOSX、Solaris等各种平台上,专注为公司企业、个人站长快速建站提供解决方案, 该系统在5.2.10版本以前存在sql注入漏洞,能够利用该漏洞获取敏感信息","MCMS","攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。","厂商已发布了漏洞修复程序,请及时关注更新:https://gitee.com/mingSoft/MCMS/","SQL注入","MCMS list Interface sqlWhere Sql Injection Vulnerability","MCMS is a set of lightweight open source content management system developed based on java. It is simple, safe, open source and free. It can run on Linux, Windows, MacOSX, Solaris and other platforms. The system has an sql injection vulnerability before the 5.2.10 version. You can use this vulnerability to obtain sensitive information","MCMS","In addition to using SQL injection vulnerabilities to obtain information in the database (for example, the administrator's back-end password, the user's personal information of the site), an attacker can write a Trojan horse to the server even in a high-privileged situation to further obtain server system permissions.","The vendor has released a bug fix, please pay attention to the update in time: https://gitee.com/mingSoft/MCMS/","SQL Injection","","body=""铭飞MCMS"" || body=""/mdiy/formData/save.do"" || body=""static/plugins/ms/1.0.0/ms.js""","3091","7.5","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/%E9%93%AD%E9%A3%9E-CMS-list-%E6%8E%A5%E5%8F%A3-sqlWhere-%E5%8F%82%E6%95%B0-sql-%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E-pbo2hov6.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
|
"WordPress booking-calendar 插件 admin-ajax.php 任意文件上传漏洞(CVE-2022-3982)","WordPress booking-calendar是一款用于为WordPress网站创建预订系统安排日历的插件。WordPress Plugin Booking Calendar 3.2.2之前版本存在代码问题漏洞,该漏洞源于该插件不验证上传的文件,允许未经身份验证的用户上传任意文件,攻击者利用该漏洞可以实现 RCE。","wp-content/plugins/booking-calendar/","WordPress Plugin Booking Calendar 3.2.2之前版本存在代码问题漏洞,该漏洞源于该插件不验证上传的文件,允许未经身份验证的用户上传任意文件,攻击者利用该漏洞可以实现 RCE。","目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://wpscan.com/vulnerability/4d91f3e1-4de9-46c1-b5ba-cc55b7726867","文件上传","WordPress booking-calendar admin-ajax.php File Upload (CVE-2022-3982)","WordPress booking-calendar is a plugin for creating booking system scheduling calendars for WordPress sites.WordPress Plugin Booking Calendar versions before 3.2.2 have a code problem vulnerability. The vulnerability stems from the fact that the plugin does not verify uploaded files and allows unauthenticated users to upload arbitrary files. Attackers can exploit this vulnerability to achieve RCE.","wp-content/plugins/booking-calendar/","WordPress Plugin Booking Calendar versions before 3.2.2 have a code problem vulnerability. The vulnerability stems from the fact that the plugin does not verify uploaded files and allows unauthenticated users to upload arbitrary files. Attackers can exploit this vulnerability to achieve RCE.","At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: https://wpscan.com/vulnerability/4d91f3e1-4de9-46c1-b5ba-cc55b7726867","File Upload","CVE-2022-3982","body=""wp-content/plugins/booking-calendar/""","1074","9.0","<p></p><div class=""media-wrap image-wrap""><img src=""https://goby-storage-public.oss-cn-beijing.aliyuncs.com/goby-web/CVE-2022-3982-w1l1jpt1.gif""/></div><p></p>","[{""name"":""红队版"",""name_en"":""redteam""},{""name"":""漏扫版"",""name_en"":""VulScan""},{""name"":""红队企业版"",""name_en"":""Enterprise""}]" |
