部门 Pharma

Timeframe: -28 days

Default Categories (88): Access Management Software, Accounting Software, Anti-Malware Software, Anti-Spam Software, Application Server Software, Atlassian Confluence Plugin, Atlassian Jira App Software, Automation Software, Backup Software, Big Data Software, Billing Software, Bug Tracking Software, Business Process Management Software, Calendar Software, Chat Software, Chip Software, Cloud Software, Communications System, Connectivity Software, Continuous Integration Software, Customer Relationship Management System, Data Loss Prevention Software, Database Administration Software, Database Software, Directory Service Software, Document Management Software, Document Processing Software, Document Reader Software, Domain Name Software, Endpoint Management Software, Enterprise Resource Planning Software, File Compression Software, File Transfer Software, Firewall Software, Firmware Software, Groupware Software, Hardware Driver Software, Health Information Software, Human Capital Management Software, Image Processing Software, Information Management Software, IP Phone Software, Log Management Software, Mail Client Software, Mail Server Software, Medical Device Software, Middleware, Multimedia Player Software, Network Attached Storage Software, Network Authentication Software, Network Encryption Software, Network Management Software, Network Routing Software, Network Utility Software, Office Suite Software, Operating System, Policy Management Software, Presentation Software, Printing Software, Product Lifecycle Management Software, Programming Language Software, Project Management Software, Remote Access Software, Reporting Software, Risk Management System, Router Operating System, SCADA Software, Security Testing Software, Server Management Software, Service Management Software, Software Library, Software Management Software, Solution Stack Software, Spreadsheet Software, SSH Server Software, Supplier Relationship Management Software, Supply Chain Management Software, Testing Software, Ticket Tracking Software, Unified Communication Software, Video Surveillance Software, Virtualization Software, Warehouse Management System Software, Web Browser, Web Server, Windowing System Software, Wireless LAN Software, Word Processing Software

时间轴

供应商

产品

Linux Kernel256
Microsoft Windows104
Foxit PDF Reader52
Juniper Junos OS30
Microsoft SQL Server26

修正

Official Fix750
Temporary Fix0
Workaround2
Unavailable0
Not Defined152

易受攻击性

High4
Functional0
Proof-of-Concept40
Unproven132
Not Defined728

访问向量

Not Defined0
Physical8
Local128
Adjacent312
Network456

身份验证

Not Defined0
High74
Low484
None346

用户交互

Not Defined0
Required220
None684

C3BM Index

CVSSv3 Base

≤10
≤20
≤326
≤468
≤5208
≤6228
≤7164
≤8148
≤954
≤108

CVSSv3 Temp

≤10
≤20
≤326
≤480
≤5206
≤6328
≤7138
≤8108
≤910
≤108

VulDB

≤10
≤20
≤338
≤486
≤5204
≤6220
≤7154
≤8146
≤948
≤108

NVD

≤1904
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

CNA

≤1660
≤20
≤34
≤40
≤532
≤650
≤740
≤880
≤930
≤108

供应商

≤1766
≤20
≤30
≤40
≤52
≤68
≤730
≤860
≤938
≤100

零日攻击

<1k42
<2k224
<5k48
<10k316
<25k132
<50k118
<100k24
≥100k0

本日攻击

<1k276
<2k304
<5k132
<10k88
<25k100
<50k4
<100k0
≥100k0

攻击市场容量

IOB - Indicator of Behavior (1000)

时间轴

语言

en958
de12
fr10
ja8
es6

国家/地区

us476
gb70
de26
jp16
ca16

演员

活动

利益

时间轴

类型

供应商

产品

Microsoft Windows10
SourceCodester Online Library System6
Vesystem Cloud Desktop4
SourceCodester PHP Task Management System4
Palo Alto Networks PAN-OS2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1cym1102 nginxWebUI saveCmd handlePath 弱身份验证7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000454.77CVE-2024-3738
2PHPGurukul Small CRM Registration Page SQL注入7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.85CVE-2024-3691
3PHPGurukul Small CRM Change Password SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.53CVE-2024-3690
4cym1102 nginxWebUI upload 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000453.18CVE-2024-3739
5cym1102 nginxWebUI reload exec 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000453.55CVE-2024-3740
6Xiamen Four-Faith RMP Router Management Platform SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.16CVE-2024-3688
7cym1102 nginxWebUI addOver findCountByQuery 目录遍历6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.90CVE-2024-3737
8cym1102 nginxWebUI upload 权限升级4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000452.64CVE-2024-3736
9PHP proc_open 权限升级7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.0000010.00CVE-2024-1874
10Vesystem Cloud Desktop fileupload2.php 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000001.74-CVE-2024-3804
11PHP password_verify 未知漏洞3.73.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000006.98CVE-2024-3096
12Vesystem Cloud Desktop fileupload.php 权限升级6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000001.62-CVE-2024-3803
13PHP Cookie 权限升级5.65.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000007.37CVE-2024-2756
14Palo Alto Networks PAN-OS GlobalProtect 权限升级8.98.7$0-$5k$0-$5kHighOfficial Fix0.003713.90CVE-2024-3400
15PHP mb_encode_mimeheader 拒绝服务5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000007.58CVE-2024-2757
16SourceCodester PHP Task Management System update-admin.php SQL注入6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.17CVE-2024-28557
17360 Total Security Antivirus 权限升级4.44.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.12CVE-2024-22014
18SourceCodester PHP Task Management System admin-manage-user.php SQL注入6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.09CVE-2024-28556
19Real Media Library Plugin 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.21CVE-2024-2328
20Enhanced Media Library Plugin 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000000.18CVE-2024-2840

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ranges which are known to be part of research and attack activities.

IDIP range参与者类型可信度
154.38.234.0/24AsyncRATpredictive
264.226.104.0/24IcedIDpredictive
3XX.XX.XXX.X/XXXxxxxxxpredictive
4XX.XX.XXX.X/XXXxxxxpredictive
5XXX.XX.XXX.X/XXXxxxxpredictive
6XXX.XX.XXX.X/XXXxxxxxxxpredictive
7XXX.XX.XX.X/XXXxxxx Xxxpredictive
8XXX.XXX.XXX.X/XXXxxxxxxxxxxxpredictive
9XXX.XX.XX.X/XXXxxxxxpredictive
10XXX.XXX.XXX.X/XXXxxxpredictive
11XXX.XXX.XX.X/XXXxxxxxx Xxxxxxpredictive
12XXX.XXX.XXX.X/XXXxxxxx Xxxpredictive
13XXX.XXX.XXX.X/XXXxxxxpredictive
14XXX.XX.XX.X/XXXxxxxxxpredictive
15XXX.XX.XX.X/XXXxxxxxpredictive
16XXX.XXX.XX.X/XXXxxxpredictive

TTP - Tactics, Techniques, Procedures (25)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-23, CWE-35Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94, CWE-1321Argument Injectionpredictive
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
19TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
21TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
22TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
23TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
24TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
25TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (130)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/login.phppredictive
2File/adminPage/conf/reloadpredictive
3File/adminPage/conf/saveCmdpredictive
4File/adminPage/main/uploadpredictive
5File/adminPage/www/addOverpredictive
6File/cart.phppredictive
7File/description.phppredictive
8File/Device/Device/GetDeviceInfoList?deviceCode=&searchField=&deviceState=predictive
9File/etc/passwdpredictive
10File/index.phppredictive
11File/loginpredictive
12File/Product.phppredictive
13File/Public/webuploader/0.1.5/server/fileupload.phppredictive
14File/Public/webuploader/0.1.5/server/fileupload2.phppredictive
15File/sys/kernel/notespredictive
16Fileactivate_jet_details_form_handler.phppredictive
17Fileadd-vehicle.phppredictive
18Filexxxxx-xxxxxx-xxxx.xxxpredictive
19Filexxxxx-xxxxxxxx-xxxxxx.xxxpredictive
20Filexxxxx/xxxxx/xxxxxxxxxx.xxxpredictive
21Filexxxxx/xxxxx/xxxxxxxxxxxx.xxxpredictive
22Filexxxxx/xxxxx/xxxxx.xxxpredictive
23Filexxxxx/xxxxxxxx/xxxxx.xxxpredictive
24Filexxxxx/xxxxx.xxxpredictive
25Filexxxxx/xxxxxx_xxxx.xxxpredictive
26Filexxxxx/xxxxx/xxxxxxxxxx.xxxpredictive
27Filexxxxxxx.xxxpredictive
28Filexxxxxxxxxxxxx.xxxpredictive
29Filexxxxxxxxxxx.xxxpredictive
30Filexxxxxxxxxxx.xxxpredictive
31Filexxxxxxxxx.xpredictive
32Filexxxxxxxxxxx.xxxpredictive
33Filexxxxxxxx.xxxpredictive
34Filexxxx/xxx/xxxxxx/xxx/xxxx.xpredictive
35Filexxxxxxxxxx-xxxx.xxxpredictive
36Filexxxxx/xxx-xxxxxx.xpredictive
37Filexxxxx/xxx-xx-xxx.xpredictive
38Filexxx_xxx.xxxxpredictive
39Filexxxx_xxxxxxx.xxpredictive
40Filexxxxxxx/xxxxx/xxxxxxxx.xxxpredictive
41Filexxxxxxxxxxxxxx.xxxpredictive
42Filexxxxxxxxx.xxxpredictive
43Filexxxxxxx.xxxpredictive
44Filexxxxxxx/xxxxx/xxxxxxx/xx_xxxxxxxxx.xpredictive
45Filexxxxxxx/xxxx/xxx/xxxxxx.xpredictive
46Filexxxx-xxxx.xxxpredictive
47Filexx/xxxxx/xxxx-xx.xpredictive
48Filexx/xxxxx/xxxxxxxxxxx.xpredictive
49Filexx/xxxxx/xxxx-xxx.xpredictive
50Filexx/xxxx/xxxx.xpredictive
51Filexxxxxpredictive
52Filexxxxx_xxxxxxpredictive
53Filexx/xxx/xxx_xx_xxx.xpredictive
54Filexxxxxxx/xxxxx/xxxxxx.xpredictive
55Filexxxxx.xpredictive
56Filexxxxxx/xxx/xxxxxxx.xpredictive
57Filexxxxxx/xxx/xxxxx.xpredictive
58Filexxxxxx/xxx/xxxx.x:predictive
59Filexxxxxxx/xxxxxx.xxxpredictive
60Filexx/xxxx_xxxxx.xpredictive
61Filexx/xxxxxxxx.xpredictive
62Filexxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxx.xpredictive
63Filexxx/xxxx/xxxxxx.xpredictive
64Filexxx/xxx/xxx_xxxxxx.xpredictive
65Filexxx/xxxxxxxxxxx/xxxx.xpredictive
66Filexxx/xxxxxx/xxxxxxxxxxxxx.xpredictive
67Filexxxxxxxxx.xxxpredictive
68Filexxxxx/xxx/xxxx/xxxxx-xxx-xxx.xpredictive
69Filexxxx-xxxxxxx.xxxpredictive
70Filexxxx_xxxxxx.xxpredictive
71Filexxxxxx-xxxxx.xxxpredictive
72Filexxxxxx-xxxxxxxx.xxxpredictive
73Filexxxxxxx/xx/xxxx/xxx/xxxxxx/xxxxxxxxx.xxpredictive
74File_xxxxxxxxxx.xpredictive
75Libraryxxxx.xxxpredictive
76Libraryxxxxxxx/xxxxx/xxxx.xpredictive
77Libraryxxx/xxx_xxxx.xpredictive
78Libraryxxx/xxxxxxxxxxxx.xpredictive
79Libraryxxx/xxxx_xxxxx.xpredictive
80Libraryxxx/xxx_xxxx.xpredictive
81Libraryxxx/xxxxxxxxxxx.xpredictive
82Libraryxxxxxxxx.xxxpredictive
83Libraryxxxx.xpredictive
84Argumentxxxxxxpredictive
85Argumentxxxxx_xxpredictive
86Argumentxxxxpredictive
87Argumentxxxxxxxxxxxxxxxxpredictive
88Argumentxxxxxxxxxxxxx/xxxxxxxxxpredictive
89Argumentxx-xxxxxxpredictive
90Argumentxxxxxxxxpredictive
91Argumentxxxxxxxxpredictive
92Argumentxx_xxxx_xxxpredictive
93Argumentxxxxxxxxxxxpredictive
94Argumentxxxpredictive
95Argumentxxxxxxx_xxxxpredictive
96Argumentxxxxpredictive
97Argumentxxxxxx_xxxxpredictive
98Argumentxxxxxxxpredictive
99Argumentx_xxxxpredictive
100Argumentxxxxpredictive
101Argumentxxpredictive
102Argumentxxpredictive
103Argumentxxxxxpredictive
104Argumentxxx_xxpredictive
105Argumentxxxxx_xxxpredictive
106Argumentxxxxxxxpredictive
107Argumentxxxxxxxxpredictive
108Argumentxxxxxxxxxpredictive
109Argumentxxx_xxxxxxpredictive
110Argumentxxxxxxpredictive
111Argumentxxxxxxxxpredictive
112Argumentxxx_xxxxxxpredictive
113Argumentxx_xxxxx_xxxxxxxpredictive
114Argumentxxx_xxxxpredictive
115Argumentxxxx_xxxxxx_xxxxxpredictive
116Argumentxxxxxxxpredictive
117Argumentxxxxxxxpredictive
118Argumentxxxxxxxx/xxxxxxpredictive
119Argumentxxxxxxxxxxxpredictive
120Argumentxxxx_xxxxxxx_xxxxpredictive
121Argumentxxxxpredictive
122Argumentxxxx/xxxxxxxxpredictive
123Argumentxxxx_xxpredictive
124Argumentxxxxxx xxxxxpredictive
125Argumentxxxxxxxx/xxxxxxxx/xxxxx_xxxxxxxx/xxxxx_xxxxxxxxpredictive
126Argumentxxxx_xxxxxpredictive
127Argumentxxxx_xxpredictive
128Argumentxxxx_xxxxpredictive
129Argumentxxxxxpredictive
130Argumentx-xxxxxxxxx-xxxpredictive

Do you need the next level of professionalism?

Upgrade your account now!