部门 Hostingprovider

Timeframe: -28 days

Default Categories (69): Access Management Software, Accounting Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Atlassian Confluence Plugin, Atlassian Jira App Software, Backup Software, Billing Software, Bug Tracking Software, Calendar Software, Chat Software, Cloud Software, Communications System, Connectivity Software, Content Management System, Continuous Integration Software, Customer Relationship Management System, Database Administration Software, Database Software, Directory Service Software, Document Reader Software, Domain Name Software, E-Commerce Management Software, File Compression Software, File Transfer Software, Firewall Software, Firmware Software, Groupware Software, Hardware Driver Software, Information Management Software, JavaScript Library, Joomla Component, Log Management Software, Mail Client Software, Mail Server Software, Mailing List Software, Network Attached Storage Software, Network Authentication Software, Network Encryption Software, Network Management Software, Network Routing Software, Network Utility Software, Office Suite Software, Operating System, Operating System Utility Software, Packet Analyzer Software, Printing Software, Product Lifecycle Management Software, Programming Language Software, Programming Tool Software, Project Management Software, Remote Access Software, Router Operating System, Server Management Software, Service Management Software, Software Library, Software Management Software, Spreadsheet Software, SSH Server Software, Testing Software, Ticket Tracking Software, Versioning Software, Virtualization Software, Web Browser, Web Server, Windowing System Software, Word Processing Software, WordPress Plugin

时间轴

供应商

产品

Linux Kernel298
Microsoft Windows88
Foxit PDF Reader46
Microsoft SQL Server38
Juniper Junos OS30

修正

Official Fix770
Temporary Fix0
Workaround0
Unavailable0
Not Defined1056

易受攻击性

High0
Functional2
Proof-of-Concept50
Unproven132
Not Defined1642

访问向量

Not Defined0
Physical6
Local92
Adjacent356
Network1372

身份验证

Not Defined0
High178
Low936
None712

用户交互

Not Defined0
Required938
None888

C3BM Index

CVSSv3 Base

≤10
≤20
≤338
≤4220
≤5628
≤6450
≤7248
≤8162
≤978
≤102

CVSSv3 Temp

≤10
≤20
≤338
≤4232
≤5628
≤6556
≤7200
≤8156
≤914
≤102

VulDB

≤10
≤22
≤398
≤4404
≤5566
≤6302
≤7254
≤8148
≤950
≤102

NVD

≤11826
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

CNA

≤1980
≤20
≤36
≤44
≤5178
≤6176
≤7208
≤8190
≤950
≤1034

供应商

≤11688
≤20
≤30
≤40
≤52
≤66
≤724
≤856
≤950
≤100

零日攻击

<1k106
<2k1112
<5k36
<10k334
<25k106
<50k112
<100k20
≥100k0

本日攻击

<1k808
<2k738
<5k100
<10k78
<25k98
<50k4
<100k0
≥100k0

攻击市场容量

IOB - Indicator of Behavior (1000)

时间轴

语言

en892
ja76
de10
es8
fr4

国家/地区

us348
jp92
gb88
fr38
de30

演员

活动

利益

时间轴

类型

供应商

产品

PHP8
SourceCodester Online Library System6
SourceCodester PHP Task Management System6
cym1102 nginxWebUI4
code-projects Online Book System4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1cym1102 nginxWebUI saveCmd handlePath 弱身份验证7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000454.43CVE-2024-3738
2PHPGurukul Small CRM Registration Page SQL注入7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.89CVE-2024-3691
3DedeCMS stepselect_main.php SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.52CVE-2024-3685
4DedeCMS update_guide.php 未知漏洞4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.45CVE-2024-3686
5kyivstarteam react-native-sms-user-consent SmsUserConsentModule.kt registerReceiver Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000452.12CVE-2021-4438
6PHPGurukul Small CRM Change Password SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.49CVE-2024-3690
7cym1102 nginxWebUI upload 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000453.09CVE-2024-3739
8cym1102 nginxWebUI reload exec 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000453.49CVE-2024-3740
9cym1102 nginxWebUI addOver findCountByQuery 目录遍历6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.56CVE-2024-3737
10Xiamen Four-Faith RMP Router Management Platform SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.17CVE-2024-3688
11PHP proc_open 权限升级7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.0000010.00CVE-2024-1874
12cym1102 nginxWebUI upload 权限升级4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.57CVE-2024-3736
13GamerZ WP-PostRatings wp-postratings.php 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000451.35CVE-2011-10006
14namithjawahar Wp-Insert 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000451.38CVE-2014-125111
15Node.js child_process.spawn 权限升级5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000001.71CVE-2024-27980
16Vesystem Cloud Desktop fileupload2.php 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000001.83-CVE-2024-3804
17PHP password_verify 未知漏洞3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000006.95CVE-2024-3096
18Vesystem Cloud Desktop fileupload.php 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000001.70-CVE-2024-3803
19PHP Cookie 权限升级5.65.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000007.37CVE-2024-2756
20PHP mb_encode_mimeheader 拒绝服务5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000007.51CVE-2024-2757

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP range参与者类型可信度
154.38.234.0/24AsyncRATpredictive
268.66.216.0/24Powloadpredictive
3XX.XX.XXX.X/XXXxxxxpredictive
4XXX.XX.XXX.X/XXXxxxxpredictive
5XXX.XX.XXX.X/XXXxxxxxxxpredictive
6XXX.XX.XX.X/XXXxxxx Xxxpredictive
7XXX.XXX.XX.X/XXXxxxxpredictive
8XXX.XXX.XXX.X/XXXxxxxxxxxxxxpredictive
9XXX.XX.XXX.X/XXXxxxxxx Xxxxx Xxxxxpredictive
10XXX.XX.XX.X/XXXxxxxxpredictive
11XXX.XXX.XXX.X/XXXxxxpredictive
12XXX.XXX.XX.X/XXXxxxxxx Xxxxxxpredictive
13XXX.XXX.XXX.X/XXXxxxxpredictive
14XXX.XXX.XXX.X/XXXxxxxpredictive
15XXX.XX.XX.X/XXXxxxxxxpredictive
16XXX.XX.XX.X/XXXxxxxxpredictive
17XXX.XXX.XX.X/XXXxxxpredictive

TTP - Tactics, Techniques, Procedures (27)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-24, CWE-35Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94, CWE-1321Argument Injectionpredictive
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
6T1068CWE-250, CWE-269, CWE-274, CWE-284Execution with Unnecessary Privilegespredictive
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
8TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
14TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
19TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictive
20TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
22TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
23TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
24TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
25TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
26TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
27TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!