Sector Hostingprovider

Timeframe: -28 days

Default Categories (69): Access Management Software, Accounting Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Atlassian Confluence Plugin, Atlassian Jira App Software, Backup Software, Billing Software, Bug Tracking Software, Calendar Software, Chat Software, Cloud Software, Communications System, Connectivity Software, Content Management System, Continuous Integration Software, Customer Relationship Management System, Database Administration Software, Database Software, Directory Service Software, Document Reader Software, Domain Name Software, E-Commerce Management Software, File Compression Software, File Transfer Software, Firewall Software, Firmware Software, Groupware Software, Hardware Driver Software, Information Management Software, JavaScript Library, Joomla Component, Log Management Software, Mail Client Software, Mail Server Software, Mailing List Software, Network Attached Storage Software, Network Authentication Software, Network Encryption Software, Network Management Software, Network Routing Software, Network Utility Software, Office Suite Software, Operating System, Operating System Utility Software, Packet Analyzer Software, Printing Software, Product Lifecycle Management Software, Programming Language Software, Programming Tool Software, Project Management Software, Remote Access Software, Router Operating System, Server Management Software, Service Management Software, Software Library, Software Management Software, Spreadsheet Software, SSH Server Software, Testing Software, Ticket Tracking Software, Versioning Software, Virtualization Software, Web Browser, Web Server, Windowing System Software, Word Processing Software, WordPress Plugin

Cronología

Proveedor

Not Defined414
Linux410
Microsoft158
Oracle50
Foxit38

Producto

Linux Kernel410
Microsoft Windows102
Foxit PDF Reader38
Microsoft SQL Server36
Google Chrome30

Contramedidas

Official Fix996
Temporary Fix0
Workaround2
Unavailable0
Not Defined1030

Explotabilidad

High4
Functional2
Proof-of-Concept54
Unproven142
Not Defined1826

Vector de acceso

Not Defined0
Physical8
Local140
Adjacent470
Network1410

Autenticación

Not Defined0
High220
Low1112
None696

La interacción del usuario

Not Defined0
Required916
None1112

C3BM Index

CVSSv3 Base

≤10
≤20
≤350
≤4228
≤5708
≤6512
≤7266
≤8186
≤978
≤100

CVSSv3 Temp

≤10
≤20
≤352
≤4248
≤5700
≤6622
≤7222
≤8160
≤924
≤100

VulDB

≤10
≤22
≤3106
≤4442
≤5638
≤6350
≤7266
≤8176
≤948
≤100

NVD

≤12028
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

CNA

≤11126
≤22
≤34
≤414
≤5176
≤6192
≤7212
≤8216
≤954
≤1032

Proveedor

≤11876
≤20
≤30
≤40
≤52
≤616
≤728
≤856
≤950
≤100

Explotar día 0

<1k100
<2k1138
<5k46
<10k474
<25k114
<50k138
<100k18
≥100k0

Explotar hoy

<1k1032
<2k574
<5k208
<10k106
<25k102
<50k6
<100k0
≥100k0

Explotar el volumen del mercado

IOB - Indicator of Behavior (1000)

Cronología

Idioma

en710
de62
ja52
es42
zh30

País

us190
gb98
de74
cn42
es30

Actores

Cobalt Strike7
Mirai4
Sandworm3
Responder2
Grizzly Steppe2

Ocupaciones

Interesar

Cronología

Escribe

WordPress Plugin76
Operating System30
Web Browser20
E-Commerce Management Software18
Content Management System14

Proveedor

Not Defined72
Microsoft26
Linux20
code-projects12
SourceCodester12

Producto

Linux Kernel20
Microsoft SQL Server10
Microsoft Windows10
code-projects Online Book System8
Mozilla Firefox8

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1Backdoor.Win32.Dumador.c FTP Server desbordamiento de búfer6.35.6$0-$5k$0-$5kProof-of-ConceptWorkaround0.000002.15
2Thimo Grauerholz WP-Spreadplugin spreadplugin.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000002.38CVE-2015-10132
3SourceCodester Online Chatting System update_room.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.24CVE-2024-2932
4GNU C Library iconv desbordamiento de búfer5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.46CVE-2024-2961
5Royal Elementor Addons and Templates Plugin escalada de privilegios7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.50CVE-2024-1567
6PHP proc_open escalada de privilegios7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.05CVE-2024-1874
7Microsoft Edge divulgación de información5.45.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.00CVE-2024-29987
8PuTTY ECDSA Nonce Generation divulgación de información3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.09CVE-2024-31497
9Happy Addons for Elementor Plugin Image Stack Group cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.09CVE-2024-3724
10bdthemes Prime Slider Plugin cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.18CVE-2024-1730
11User Registration Plugin escalada de privilegios6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.18CVE-2024-2417
12hCaptcha Plugin cf7-hcaptcha Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.14CVE-2024-4014
13Cisco ClamAV HTML Parser denegación de servicio7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000430.09CVE-2024-20380
14Microsoft Edge escalada de privilegios5.04.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000430.23CVE-2024-29991
15Palo Alto Networks PAN-OS GlobalProtect escalada de privilegios8.98.7$0-$5k$0-$5kHighOfficial Fix0.022210.32CVE-2024-3400
16PHP password_verify vulnerabilidad desconocida3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000000.05CVE-2024-3096
17code-projects Online Book System description.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-3002
18SolarWinds Serv-U directory traversal6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.06CVE-2024-28073
19Node.js child_process.spawn escalada de privilegios5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.14CVE-2024-27980
20ShopLentor Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.09CVE-2024-1057

IOC - Indicator of Compromise (42)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP rangeActorEscribeConfianza
12.58.95.0/24BashlitepredictiveAlto
23.68.157.0/24SliverpredictiveAlto
33.71.7.0/24Cobalt StrikepredictiveAlto
45.42.66.0/24Cobalt StrikepredictiveAlto
518.193.71.0/24Cobalt StrikepredictiveAlto
6XX.XXX.XXX.X/XXXxxxxxxxpredictiveAlto
7XX.XX.XXX.X/XXXxxxxxpredictiveAlto
8XX.XXX.XX.X/XXXxxxxx XxxxxxpredictiveAlto
9XX.XXX.XXX.X/XXXxxxxxx XxxxxxxpredictiveAlto
10XX.XX.XXX.X/XXXxxxxxxxpredictiveAlto
11XX.XXX.XXX.X/XXXxxxxxxpredictiveAlto
12XX.XXX.XX.X/XXXxxxxpredictiveAlto
13XX.XXX.XX.X/XXXxxxxpredictiveAlto
14XX.XX.XXX.X/XXXxxxxxxxpredictiveAlto
15XX.XXX.XXX.X/XXXxxxxxxpredictiveAlto
16XX.XXX.XXX.X/XXXxxxxxxpredictiveAlto
17XX.XX.XXX.X/XXXxxxxxxxpredictiveAlto
18XX.XX.XXX.X/XXXxxxxx XxxxxxpredictiveAlto
19XX.XX.XX.X/XXXxxxxxxxxxxpredictiveAlto
20XX.XXX.XXX.X/XXXxxxxx XxxxxxpredictiveAlto
21XX.XX.XX.X/XXXxxxxpredictiveAlto
22XX.XXX.XX.X/XXXxxxxxxxpredictiveAlto
23XX.XXX.XXX.X/XXXxxxxxx XxxxxxpredictiveAlto
24XX.XXX.X.X/XXXxxxx XxxxxxxpredictiveAlto
25XXX.XXX.XXX.X/XXXxxxxxxxxxxxxxxpredictiveAlto
26XXX.XXX.XX.X/XXXxxxxpredictiveAlto
27XXX.XXX.XXX.X/XXXxxxxx XxxxxxpredictiveAlto
28XXX.XX.XXX.X/XXXxxxxxx Xxxxx XxxxxpredictiveAlto
29XXX.XXX.XXX.X/XXXxxxxpredictiveAlto
30XXX.XXX.XXX.X/XXXxxxxpredictiveAlto
31XXX.XX.XX.X/XXXxxxxxx XxxxxxpredictiveAlto
32XXX.XX.XX.X/XXXxxxxpredictiveAlto
33XXX.XXX.XXX.X/XXXxxxxx XxxpredictiveAlto
34XXX.XXX.XXX.X/XXXxxxx XxxxxxxpredictiveAlto
35XXX.XX.XXX.X/XXXxxxxxpredictiveAlto
36XXX.XX.XX.X/XXXxxxxxxpredictiveAlto
37XXX.XX.XX.X/XXXxxxxpredictiveAlto
38XXX.XXX.XXX.X/XXXxxxxxx XxxxxxxpredictiveAlto
39XXX.XXX.XXX.X/XXXxxxxpredictiveAlto
40XXX.XXX.XXX.X/XXXxxxxpredictiveAlto
41XXX.XXX.XX.X/XXXxxxxpredictiveAlto
42XXX.XX.XXX.X/XXXxxxxxxpredictiveAlto

TTP - Tactics, Techniques, Procedures (27)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22, CWE-24, CWE-35Path TraversalpredictiveAlto
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4T1059CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveAlto
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
6T1068CWE-250, CWE-269, CWE-274, CWE-284Execution with Unnecessary PrivilegespredictiveAlto
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveAlto
13TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveAlto
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
16TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
17TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveAlto
18TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictiveAlto
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveAlto
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
22TXXXXCWE-XXXXxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx XxxxxpredictiveAlto
23TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
24TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
25TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
26TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto
27TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveAlto
AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!