部门 Industry

Timeframe: -28 days

Default Categories (66): Access Management Software, Accounting Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Automation Software, Backup Software, Billing Software, Business Process Management Software, Calendar Software, Chip Software, Cloud Software, Communications System, Connectivity Software, Customer Relationship Management System, Database Administration Software, Database Software, Directory Service Software, Document Management Software, Document Reader Software, Endpoint Management Software, Enterprise Resource Planning Software, File Compression Software, File Transfer Software, Firewall Software, Firmware Software, Groupware Software, Hardware Driver Software, Image Processing Software, Information Management Software, IP Phone Software, Knowledge Base Software, Log Management Software, Mail Client Software, Mail Server Software, Middleware, Network Attached Storage Software, Network Authentication Software, Network Encryption Software, Network Management Software, Network Routing Software, Office Suite Software, Operating System, Presentation Software, Printing Software, Product Lifecycle Management Software, Project Management Software, Remote Access Software, Reporting Software, Router Operating System, SCADA Software, Server Management Software, Service Management Software, Software Library, Software Management Software, Spreadsheet Software, SSH Server Software, Supplier Relationship Management Software, Supply Chain Management Software, Virtualization Software, Warehouse Management System Software, Web Browser, Web Server, Windowing System Software, Wireless LAN Software, Word Processing Software

时间轴

供应商

产品

Linux Kernel272
Microsoft Windows96
Foxit PDF Reader42
Juniper Junos OS36
Microsoft SQL Server26

修正

Official Fix710
Temporary Fix0
Workaround2
Unavailable0
Not Defined124

易受攻击性

High4
Functional2
Proof-of-Concept26
Unproven118
Not Defined686

访问向量

Not Defined0
Physical8
Local126
Adjacent314
Network388

身份验证

Not Defined0
High60
Low464
None312

用户交互

Not Defined0
Required198
None638

C3BM Index

CVSSv3 Base

≤10
≤20
≤318
≤464
≤5192
≤6224
≤7144
≤8128
≤958
≤108

CVSSv3 Temp

≤10
≤20
≤318
≤480
≤5178
≤6316
≤7116
≤8102
≤918
≤108

VulDB

≤10
≤20
≤330
≤482
≤5172
≤6222
≤7138
≤8130
≤954
≤108

NVD

≤1836
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

CNA

≤1620
≤20
≤36
≤42
≤530
≤646
≤734
≤874
≤916
≤108

供应商

≤1710
≤20
≤30
≤40
≤54
≤68
≤722
≤852
≤940
≤100

零日攻击

<1k36
<2k182
<5k54
<10k312
<25k120
<50k106
<100k26
≥100k0

本日攻击

<1k226
<2k318
<5k116
<10k74
<25k96
<50k6
<100k0
≥100k0

攻击市场容量

IOB - Indicator of Behavior (1000)

时间轴

语言

en970
ja12
zh6
es4
de2

国家/地区

us466
gb84
jp22
cn20
de16

演员

活动

利益

时间轴

类型

供应商

产品

Palo Alto Networks PAN-OS10
Google Chrome6
Linux Kernel6
cym1102 nginxWebUI6
SourceCodester Online Library System4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1cym1102 nginxWebUI saveCmd handlePath 弱身份验证7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000454.11CVE-2024-3738
2PHPGurukul Small CRM Registration Page SQL注入7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.86CVE-2024-3691
3cym1102 nginxWebUI reload exec 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000453.21CVE-2024-3740
4cym1102 nginxWebUI upload 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.81CVE-2024-3739
5PHPGurukul Small CRM Change Password SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.49CVE-2024-3690
6cym1102 nginxWebUI addOver findCountByQuery 目录遍历6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.54CVE-2024-3737
7Xiamen Four-Faith RMP Router Management Platform SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.15CVE-2024-3688
8cym1102 nginxWebUI upload 权限升级4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.49CVE-2024-3736
9Vesystem Cloud Desktop fileupload2.php 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000001.89-CVE-2024-3804
10Vesystem Cloud Desktop fileupload.php 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000001.80-CVE-2024-3803
11Palo Alto Networks PAN-OS GlobalProtect 权限升级8.98.7$0-$5k$0-$5kHighOfficial Fix0.003713.78CVE-2024-3400
12360 Total Security Antivirus 权限升级4.44.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.14CVE-2024-22014
13Real Media Library Plugin 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.16CVE-2024-2328
14Palo Alto Networks PAN-OS Cloud Identity Engine 未知漏洞6.16.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.19CVE-2024-3383
15Enhanced Media Library Plugin 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.18CVE-2024-2840
16Linux Kernel amdkfd kzalloc 内存损坏5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.21CVE-2024-26817
17mysql2 readCodeFor 权限升级8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.14CVE-2024-21508
18Microsoft Azure Identity Library for .NET 信息公开4.44.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.12CVE-2024-29992
19code-projects Online Book System Product.php SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.07CVE-2024-3001
20code-projects Car Rental add-vehicle.php 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.10CVE-2024-3369

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP range参与者类型可信度
131.50.144.0/24QakBotpredictive
254.38.234.0/24AsyncRATpredictive
3XX.XXX.XXX.X/XXXxxxxxpredictive
4XX.XX.XXX.X/XXXxxxxxxpredictive
5XX.XX.XXX.X/XXXxxxxpredictive
6XXX.XX.XXX.X/XXXxxxxpredictive
7XXX.XX.XXX.X/XXXxxxxxxxpredictive
8XXX.XX.XX.X/XXXxxxx Xxxpredictive
9XXX.XXX.XX.X/XXXxxxxpredictive
10XXX.XX.XXX.X/XXXxxxxx Xxxxxxpredictive
11XXX.XXX.XXX.X/XXXxxxxxxxxxxxpredictive
12XXX.XX.XX.X/XXXxxxxxpredictive
13XXX.XXX.XXX.X/XXXxxxpredictive
14XXX.XXX.XX.X/XXXxxxxxx Xxxxxxpredictive
15XXX.XXX.XXX.X/XXXxxxxx Xxxpredictive
16XXX.XXX.XXX.X/XXXxxxxpredictive
17XXX.XX.XX.X/XXXxxxxxxpredictive
18XXX.XX.XX.X/XXXxxxxxpredictive
19XXX.XXX.XX.X/XXXxxxpredictive

TTP - Tactics, Techniques, Procedures (25)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-23, CWE-35Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94, CWE-1321Argument Injectionpredictive
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
19TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
21TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
22TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
23TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
24TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
25TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (104)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/adminPage/conf/reloadpredictive
2File/adminPage/conf/saveCmdpredictive
3File/adminPage/main/uploadpredictive
4File/adminPage/www/addOverpredictive
5File/cart.phppredictive
6File/description.phppredictive
7File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictive
8File/etc/passwdpredictive
9File/index.phppredictive
10File/loginpredictive
11File/Product.phppredictive
12File/Public/webuploader/0.1.5/server/fileupload.phppredictive
13File/Public/webuploader/0.1.5/server/fileupload2.phppredictive
14File/sys/kernel/notespredictive
15Filexxx-xxxxxxx.xxxpredictive
16Filexxxxx/xxxxx/xxxxxxxxxx.xxxpredictive
17Filexxxxx/xxxxx/xxxxxxxxxxxx.xxxpredictive
18Filexxxxx/xxxxx/xxxxx.xxxpredictive
19Filexxxxx/xxxxxxxx/xxxxx.xxxpredictive
20Filexxxxx/xxxxx.xxxpredictive
21Filexxxxx/xxxxx/xxxxxxxxxx.xxxpredictive
22Filexxxx/xxx/xxxxxx/xxx/xxxx.xpredictive
23Filexxxxx/xxx-xxxxxx.xpredictive
24Filexxxxx/xxx-xx-xxx.xpredictive
25Filexxx_xxx.xxxxpredictive
26Filexxxx_xxxxxxx.xxpredictive
27Filexxxxxxxxxxxxxx.xxxpredictive
28Filexxxxxxxxx.xxxpredictive
29Filexxxxxxx.xxxpredictive
30Filexxxxxxx/xxxxx/xxxxxxx/xx_xxxxxxxxx.xpredictive
31Filexxxxxxx/xxxx/xxx/xxxxxx.xpredictive
32Filexx/xxxxx/xxxx-xx.xpredictive
33Filexx/xxxxx/xxxxxxxxxxx.xpredictive
34Filexx/xxxxx/xxxx-xxx.xpredictive
35Filexx/xxxx/xxxx.xpredictive
36Filexxxxxpredictive
37Filexxxxx_xxxxxxpredictive
38Filexx/xxx/xxx_xx_xxx.xpredictive
39Filexxxxxxx/xxxxx/xxxxxx.xpredictive
40Filexxxxx.xpredictive
41Filexxxxxx/xxx/xxxxxxx.xpredictive
42Filexxxxxx/xxx/xxxxx.xpredictive
43Filexxxxxx/xxx/xxxx.x:predictive
44Filexxxxxxx/xxxxxx.xxxpredictive
45Filexx/xxxx_xxxxx.xpredictive
46Filexx/xxxxxxxx.xpredictive
47Filexxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxx.xpredictive
48Filexxx/xxxx/xxxxxx.xpredictive
49Filexxx/xxx/xxx_xxxxxx.xpredictive
50Filexxx/xxxxxxxxxxx/xxxx.xpredictive
51Filexxx/xxxxxx/xxxxxxxxxxxxx.xpredictive
52Filexxxxxxxxx.xxxpredictive
53Filexxxxx/xxx/xxxx/xxxxx-xxx-xxx.xpredictive
54Filexxxx_xxxxxx.xxpredictive
55Filexxxxxxx/xx/xxxx/xxx/xxxxxx/xxxxxxxxx.xxpredictive
56Libraryxxxx.xxxpredictive
57Libraryxxxxxxx/xxxxx/xxxx.xpredictive
58Libraryxxx/xxx_xxxx.xpredictive
59Libraryxxx/xxxxxxxxxxxx.xpredictive
60Libraryxxx/xxxx_xxxxx.xpredictive
61Libraryxxx/xxx_xxxx.xpredictive
62Libraryxxx/xxxxxxxxxxx.xpredictive
63Libraryxxxxxxxx.xxxpredictive
64Libraryxxxx.xpredictive
65Argumentxxxxxxpredictive
66Argumentxxxxpredictive
67Argumentxxxxxxxxxxxxxxxxpredictive
68Argumentxxxxxxxxxxxxx/xxxxxxxxxpredictive
69Argumentxx-xxxxxxpredictive
70Argumentxxxxxxxxpredictive
71Argumentxxxxxxxxpredictive
72Argumentxx_xxxx_xxxpredictive
73Argumentxxxpredictive
74Argumentxxxxxxx_xxxxpredictive
75Argumentxxxxpredictive
76Argumentxxxxxx_xxxxpredictive
77Argumentxxxxxxxpredictive
78Argumentx_xxxxpredictive
79Argumentxxxxpredictive
80Argumentxxpredictive
81Argumentxxpredictive
82Argumentxxxxxpredictive
83Argumentxxxxx_xxxpredictive
84Argumentxxxxxxxpredictive
85Argumentxxxxxxxxpredictive
86Argumentxxxxxxxxxpredictive
87Argumentxxx_xxxxxxpredictive
88Argumentxxxxxxpredictive
89Argumentxxx_xxxxxxpredictive
90Argumentxx_xxxxx_xxxxxxxpredictive
91Argumentxxxx_xxxxxx_xxxxxpredictive
92Argumentxxxxxxxpredictive
93Argumentxxxxxxxpredictive
94Argumentxxxxxxxx/xxxxxxpredictive
95Argumentxxxxxxxxxxxpredictive
96Argumentxxxx_xxxxxxx_xxxxpredictive
97Argumentxxxxpredictive
98Argumentxxxx/xxxxxxxxpredictive
99Argumentxxxxxx xxxxxpredictive
100Argumentxxxxxxxx/xxxxxxxx/xxxxx_xxxxxxxx/xxxxx_xxxxxxxxpredictive
101Argumentxxxx_xxxxxpredictive
102Argumentxxxx_xxxxpredictive
103Argumentxxxxxpredictive
104Argumentx-xxxxxxxxx-xxxpredictive

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!