Sektor Transportation

Timeframe: -28 days

Default Categories (62): Access Management Software, Accounting Software, Advertising Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Appointment Software, Automation Software, Backup Software, Billing Software, Business Process Management Software, Calendar Software, Cloud Software, Communications System, Connectivity Software, Customer Relationship Management System, Database Administration Software, Database Software, Directory Service Software, Document Management Software, Document Reader Software, E-Commerce Management Software, Enterprise Resource Planning Software, File Compression Software, File Transfer Software, Firewall Software, Groupware Software, Hardware Driver Software, Information Management Software, Log Management Software, Mail Client Software, Mail Server Software, Middleware, Multimedia Player Software, Network Attached Storage Software, Network Authentication Software, Network Management Software, Network Routing Software, Office Suite Software, Operating System, Presentation Software, Printing Software, Project Management Software, Remote Access Software, Reporting Software, Router Operating System, SCADA Software, Server Management Software, Service Management Software, Software Library, Spreadsheet Software, SSH Server Software, Ticket Tracking Software, Transport Management Software, Unified Communication Software, Video Surveillance Software, Virtualization Software, Web Browser, Web Server, Windowing System Software, Wireless LAN Software, Word Processing Software

Zeitverlauf

Hersteller

Linux402
Microsoft132
Oracle54
Not Defined48
Google24

Produkt

Linux Kernel402
Microsoft Windows86
Microsoft SQL Server30
Microsoft OLE DB Driver28
Oracle MySQL Server24

Massnahmen

Official Fix774
Temporary Fix0
Workaround4
Unavailable0
Not Defined190

Ausnutzbarkeit

High6
Functional0
Proof-of-Concept32
Unproven120
Not Defined810

Zugriffsart

Not Defined0
Physical6
Local100
Adjacent426
Network436

Authentisierung

Not Defined0
High96
Low594
None278

Benutzeraktivität

Not Defined0
Required184
None784

C3BM Index

CVSSv3 Base

≤10
≤20
≤332
≤484
≤5242
≤6272
≤7132
≤8148
≤954
≤104

CVSSv3 Temp

≤10
≤20
≤334
≤494
≤5236
≤6338
≤7128
≤8122
≤912
≤104

VulDB

≤10
≤20
≤338
≤4104
≤5250
≤6258
≤7126
≤8138
≤950
≤104

NVD

≤1968
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

CNA

≤1686
≤22
≤32
≤44
≤572
≤664
≤730
≤870
≤932
≤106

Hersteller

≤1844
≤20
≤30
≤40
≤56
≤68
≤724
≤850
≤936
≤100

Exploit 0-day

<1k24
<2k224
<5k34
<10k440
<25k120
<50k112
<100k14
≥100k0

Exploit heute

<1k356
<2k248
<5k190
<10k88
<25k80
<50k6
<100k0
≥100k0

Exploitmarktvolumen

IOB - Indicator of Behavior (1000)

Zeitverlauf

Sprache

en602
es62
de48
ja48
fr46

Land

us120
gb90
de74
es54
fr46

Akteure

Mirai4
RedLine Stealer3
Cobalt Strike2
BumbleBee2
Bashlite2

Aktivitäten

Interesse

Zeitverlauf

Typ

Operating System90
Business Process Management Software14
Software Library12
Database Software12
Cloud Software12

Hersteller

Linux80
IBM16
Microsoft16
Oracle12
GNU10

Produkt

Linux Kernel80
IBM Cognos Controller14
GNU C Library10
Microsoft Windows10
cym1102 nginxWebUI8

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1PHPGurukul Doctor Appointment Management System appointment-bwdates-reports-details.php Cross Site Scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.17CVE-2024-4293
2Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php SQL Injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000871.43CVE-2024-4071
3osCommerce all-products Cross Site Scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.96CVE-2024-4348
4PHPGurukul Doctor Appointment Management System view-appointment-detail.php erweiterte Rechte6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.87CVE-2024-4294
5Contemporary Controls BASrouter BACnet BASRT-B Device-Communication-Control Service Denial of Service6.55.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.35CVE-2024-4292
6Apache ActiveMQ Jolokia/REST API schwache Authentisierung7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.56CVE-2024-32114
7Kashipara Online Furniture Shopping Ecommerce Website search.php Cross Site Scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000700.91CVE-2024-4072
8Kashipara Online Furniture Shopping Ecommerce Website prodList.php SQL Injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.96CVE-2024-4070
9Kashipara Online Furniture Shopping Ecommerce Website prodList.php Cross Site Scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.70CVE-2024-4073
10Google Chrome Picture In Picture Pufferüberlauf6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000450.52CVE-2024-4331
11Netgear DG834Gv5 Web Management Interface schwache Verschlüsselung2.72.5$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000450.70CVE-2024-4235
12Google Chrome Dawn Pufferüberlauf6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000450.61CVE-2024-4368
13Kashipara Online Furniture Shopping Ecommerce Website search.php SQL Injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.65CVE-2024-4069
14Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php Cross Site Scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.57CVE-2024-4074
15Kashipara Online Furniture Shopping Ecommerce Website login.php Cross Site Scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.52CVE-2024-4075
16Adobe Acrobat Reader File Information Disclosure7.06.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000530.61-CVE-2024-30306
17Adobe Acrobat Reader Pufferüberlauf7.06.9$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000530.51-CVE-2024-30305
18Adobe Acrobat Reader Pufferüberlauf7.06.9$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000530.43-CVE-2024-30304
19Vesystem Cloud Desktop fileupload2.php erweiterte Rechte6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.26CVE-2024-3804
20Vesystem Cloud Desktop fileupload.php erweiterte Rechte6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.25CVE-2024-3803

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP-BereichAkteurTypAkzeptanz
12.58.95.0/24BashliteprädiktivHigh
218.159.45.0/24FakeMBAMprädiktivHigh
323.239.16.0/24NSO GroupprädiktivHigh
4XX.XXX.XXX.X/XXXxxxxxxxprädiktivHigh
5XX.XXX.XXX.X/XXXxxxxxxprädiktivHigh
6XX.XXX.XX.X/XXXxxxxprädiktivHigh
7XX.XX.XXX.X/XXXxxxxxxxprädiktivHigh
8XX.XX.XXX.X/XXXxxxxxx XxxxxxprädiktivHigh
9XX.XXX.XX.X/XXXxxxxxxxxxxxxxxxx XxxprädiktivHigh
10XX.XXX.X.X/XXXxxxx XxxxxxxprädiktivHigh
11XXX.XXX.XXX.X/XXXxxxxxprädiktivHigh
12XXX.XXX.X.X/XXXxxxxxxprädiktivHigh
13XXX.XXX.X.X/XXXxxxxx XxxxxxprädiktivHigh
14XXX.XXX.XX.X/XXXxxxxprädiktivHigh
15XXX.XXX.XX.X/XXXxxxxxprädiktivHigh
16XXX.XXX.XXX.X/XXXxxxxprädiktivHigh
17XXX.XX.XXX.X/XXXxxxxxxx XxxprädiktivHigh
18XXX.XXX.XXX.X/XXXxxxxxx XxxxxxxprädiktivHigh
19XXX.XX.XX.X/XXXxxxxxx XxxxxxprädiktivHigh
20XXX.XXX.XXX.X/XXXxxxxprädiktivHigh
21XXX.XXX.XXX.X/XXXxxxxxprädiktivHigh
22XXX.XX.XX.X/XXXxxxxx_xxxprädiktivHigh
23XXX.XXX.XXX.X/XXXxxxprädiktivHigh
24XXX.XX.XXX.X/XXXxxxxx XxxxxxprädiktivHigh
25XXX.XXX.XX.X/XXXxxxxxprädiktivHigh

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassifizierungSchwachstellenZugriffsartTypAkzeptanz
1T1006CAPEC-126CWE-22, CWE-35Path TraversalprädiktivHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionprädiktivHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
5T1068CAPEC-122CWE-269, CWE-284Execution with Unnecessary PrivilegesprädiktivHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxprädiktivHigh
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxprädiktivHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxprädiktivHigh
10TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxprädiktivHigh
12TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxprädiktivHigh
14TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
15TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
16TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
17TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxprädiktivHigh
18TXXXX.XXXCAPEC-142CWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxprädiktivHigh
19TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
20TXXXXCAPEC-464CWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx XxxxxprädiktivHigh
21TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
22TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
23TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxprädiktivHigh
24TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/adminPage/conf/reloadprädiktivHigh
2File/adminPage/conf/saveCmdprädiktivHigh
3File/adminPage/main/uploadprädiktivHigh
4File/adminPage/www/addOverprädiktivHigh
5File/API/infoprädiktivMedium
6File/catalog/all-productsprädiktivHigh
7File/CMD0/xml_modes.xmlprädiktivHigh
8File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=prädiktivHigh
9File/doctor/view-appointment-detail.phpprädiktivHigh
10File/drivers/tty/serial/serial_core.cprädiktivHigh
11File/proc/scsi/${proc_name}prädiktivHigh
12File/Public/webuploader/0.1.5/server/fileupload.phpprädiktivHigh
13File/Public/webuploader/0.1.5/server/fileupload2.phpprädiktivHigh
14File/sys/bus/i2c/devices/i2c-2/new_deviceprädiktivHigh
15File/sys/kernel/notesprädiktivHigh
16File/xxxxxxxxx/prädiktivMedium
17Filexxxxxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx.xxxprädiktivHigh
18Filexxxxxxxxxxxxxxxxx.xxxxxxxxxxxx.xxxprädiktivHigh
19Filex:\xxxxxxxxprädiktivMedium
20Filexxxx_xxxxxxx.xxprädiktivHigh
21Filexxxxxx/xxxxxx_xxxxxx.xprädiktivHigh
22Filexx_xxx.xprädiktivMedium
23Filexxxxxxx/xxxxxx/xxxxxxx/xxxxxx_xxxx.xprädiktivHigh
24Filexxxxxxx/xxx/xxxx/xxx.xprädiktivHigh
25Filexxxxxxx/xxxx/xxxx_xxxx.xprädiktivHigh
26Filexxxxxxx/xxxxx/xxx-xxxxxxxxx/xxxxxxx.xprädiktivHigh
27Filexxxxxxx/xxx/xxxxxxxx/xxx/xx.xprädiktivHigh
28Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxxxxxxx/xxx.xprädiktivHigh
29Filexxxxxxx/xxxx/xxx/xxxxxx.xprädiktivHigh
30Filexxxxxxx/xxx/xxxxxx/xxxx/xxxx_xxxx.xprädiktivHigh
31Filexxxxxxx/xxx/xxxx/xxxxx.xprädiktivHigh
32Filexxxxxxx/xxx/xxxx/xxx.xprädiktivHigh
33Filexx/xxxxxx.xprädiktivMedium
34Filexx/xxxx/xxxxxxx.xprädiktivHigh
35Filexx/xxxxx/xxxx.xprädiktivHigh
36Filexx/xxxxxx/xxx.xprädiktivHigh
37Filexxxxxxx.xxprädiktivMedium
38FilexxxxxprädiktivLow
39Filexxxxx_xxxxxxprädiktivMedium
40Filexx/xxx/xxx_xx_xxx.xprädiktivHigh
41Filexxxxxxx/xxxxx/xxxxxxxxxxxx.xprädiktivHigh
42Filexxxxxxx/xxxxx/xxxx.xprädiktivHigh
43Filexxxxxxx/xxxxx/xxxxxx.xprädiktivHigh
44Filexxxx/xxxx.xprädiktivMedium
45Filexxxxxx/xxx/xxxxxx.xprädiktivHigh
46Filexxxxxx/xxxx_xxxxx.xprädiktivHigh
47Filexxxxxxxxx.xxxprädiktivHigh
48Filexxxxx.xxxprädiktivMedium
49Filexx/xxxx.xprädiktivMedium
50Filexx/xxxxxxxx.xprädiktivHigh
51Filexxxxxxx/xxxxx/xxxxxx/xxxxxx.xxxprädiktivHigh
52Filexxx/xxxxxx/xx_xxxxxxxxx_xxxxx.xprädiktivHigh
53Filexxx/xxxx/xxx.xprädiktivHigh
54Filexxx/xxxx/xxxx.xprädiktivHigh
55Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xprädiktivHigh
56Filexxxxxx_xxxxx.xxxprädiktivHigh
57Filexxxx.xprädiktivLow
58Filexxxxxxxx.xxxprädiktivMedium
59Filexxxxxxxx.xxxprädiktivMedium
60Filexxxx.xxxprädiktivMedium
61Filexxxxxxx.xxxprädiktivMedium
62Filexxxxxx.xxxprädiktivMedium
63Filexxx.xprädiktivLow
64Filexxxxx_xxxx.xprädiktivMedium
65Filexxxx_xxxxxx.xxprädiktivHigh
66Filexxxxxx_xxxxxxxx.xxxprädiktivHigh
67Filexxxx.xxxprädiktivMedium
68Libraryxxxxx-xx.xxprädiktivMedium
69Libraryxxxx.xxxprädiktivMedium
70Libraryxxxxxxx/xxx/xxxx_xxx.xprädiktivHigh
71Libraryxxx/xxxxxxxxxxxx.xprädiktivHigh
72Libraryxxx/xxxx_xxxxx.xprädiktivHigh
73Libraryxxx/xxxx_xxxxx.xprädiktivHigh
74Libraryxxx/xxxxxx.xprädiktivMedium
75Libraryxxx/xxxxxxxx.xprädiktivHigh
76Libraryxxx/xxx_xxxxxxx.xprädiktivHigh
77Libraryxxx/xxxxxxxxxxx.xprädiktivHigh
78Libraryxxx/xxxxxxxx.xprädiktivHigh
79Libraryxxxxxxxxxxxx.xxxprädiktivHigh
80Libraryxxxxxxxx.xxxprädiktivMedium
81Libraryxxxx-xxxxxx.xxxprädiktivHigh
82ArgumentxxxxxxprädiktivLow
83ArgumentxxxxprädiktivLow
84ArgumentxxxxxxxxxxxxxxxxprädiktivHigh
85ArgumentxxxprädiktivLow
86ArgumentxxxprädiktivLow
87ArgumentxxxprädiktivLow
88ArgumentxxxxxxprädiktivLow
89ArgumentxxxxxxxprädiktivLow
90Argumentxxxxxxx_xxxxprädiktivMedium
91ArgumentxxxxprädiktivLow
92Argumentxxxxxxxx/xxxxxxprädiktivHigh
93Argumentxxx_xxxx/xx_xxx_xxxxprädiktivHigh
94ArgumentxxxxxxxprädiktivLow
95Argumentxx/xxx/xxxxxprädiktivMedium
96ArgumentxxxxxprädiktivLow
97ArgumentxxxxxprädiktivLow
98Argumentxxx_xxxxxxxprädiktivMedium
99ArgumentxxxxxxxxprädiktivMedium
100ArgumentxxxxxxxxxprädiktivMedium
101Argumentxxxxxxx_xxxxx_xxxxxxprädiktivHigh
102ArgumentxxxxxxprädiktivLow
103ArgumentxxxxxxxxprädiktivMedium
104ArgumentxxxxxxxprädiktivLow
105ArgumentxxxxxprädiktivLow
106ArgumentxxxxprädiktivLow
107ArgumentxxxxxxxxprädiktivMedium
108ArgumentxxxxxprädiktivLow
109ArgumentxxxxxxxxxxprädiktivMedium
110ArgumentxxxxxxxxxprädiktivMedium
111Argumentxx_xxxxxprädiktivMedium
112Argumentxxx_xx_xxx_xxxxprädiktivHigh
113Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxprädiktivHigh
ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!