正文

【2024Hvv情报】情报总结-5

admin
admin V管理员 /0 评论 /367 阅读
0731
此篇文章发布距今已超过115天,您需要注意文章的内容或图片是否可用!

点击上方蓝字关注我们

建议大家把公众号“TeamSecret安全团队”设为星标,否则可能就看不到啦!因为公众号现在只对常读和星标的公众号才能展示大图推送。操作方法:点击右上角的【...】,然后点击【设为星标】即可。

                   免责申明

"本文档所提供的信息旨在帮助网络安全专业人员更好地理解并维护他们负责的网站和服务器等系统。我们鼓励在获得适当授权的情况下使用这些信息。请注意,任何未经授权的使用或由此产生的直接或间接后果和损失,均由使用者自行承担。我们提供的资源和工具仅供学习和研究之用,我们不鼓励也不支持任何非法活动。"

"我们创建这个社区是为了促进技术交流和知识分享。我们希望每位成员都能在遵守法律法规的前提下参与讨论和学习。如果使用本文档中的信息导致任何直接或间接的后果和损失,我们提醒您,这将由您个人承担。我们不承担由此产生的任何责任。如果有任何内容侵犯了您的权益,请随时告知我们,我们将立即采取行动并表示诚挚的歉意。我们感谢您的理解和支持。"

                   爆出漏洞

1. 万户-ezOffice-SQL2. Sharp-多功能打印机-PermissionAC3. 奇安信-网神SecSSL3600-PermissionAC4. 致远-OA-任意文件上传5. 紫光-电子档案管理系统-PermissionAC6. 用友-U8-Cloud-SQL7. 拓尔思-TRSWAS5.0-PermissionAC8. TOTOLINK-A6000R-RCE9. SuiteCRM-SQL10. 赛蓝-企业管理系统-任意文件读取11. livenvr-青柿视频管理系统-PermissionAC12. 科荣-AIO-SQL13. 金蝶-云星空-SQL14. 九思-OA-任意文件上传15. 金慧-综合管理信息系统-SQL16. 湖南众合百易信息技术有限公司-资产管理运营系统 -任意文件上传17. 红海云-EHR系统-任意文件上传18. 华天动力-OA-任意文件读取19. 广州图创-图书馆集群管理系统-PermissionAC20. 百易云-资产管理运营系统-任意文件上传21. 瑞斯康达-多业务智能网关-rce22. 金万维-云联应用系统接入平台-RCE23. 金和-OA-SQL24. 宏脉-医美行业管理系统-任意文件读取25. 泛微-E-Cology-SQL26. logic-DataCube3测量系统-RCE27. 用友-NC-反序列化RCE28. 用友-GRP-U8-SQL29. 深澜-计费管理系统-反序列化RCE30. Netgear-WN604无线路由器-PermissionAC31. 铭飞-MCMS-RCE32. 浪潮-GS企业管理软件-RCE33. 浪潮-GS企业管理软件-RCE34. 开源-餐厅数字化综合管理平台-PermissionAC35. 泛微-云桥E-Bridge-SQL36. 超级猫-签名APP分发平台-任意文件读取37. 超级猫-签名APP分发平台-SQL38. RAISECOM网关设备list_base_config.php存在远程命令执行漏洞39. 用友时空KSOA系统接口PreviewKPQT.jsp存在SQL注入漏洞40. 用友时空KSOA系统接口PrintZP.jsp存在SQL注入漏洞41. 用友时空KSOA系统接口PrintZPYG.jsp存在SQL注入漏洞42. 用友时空KSOA系统接口PrintZPFB.jsp存在SQL注入漏洞43. 用友时空KSOA系统接口PrintZPZP.jsp存在SQL注入漏洞44. 用友时空KSOA系统接口fillKP.jsp存在SQL注入漏洞45. 方天云智慧平台系统GetCompanyItem存在sql注入漏洞46. 用友U9系统DoQuery接口存在SQL注入47. 泛微ecology系统setup接口存在信息泄露漏洞48. eking管理易FileUpload接口存在任意文件上传漏洞49. SpringBlade系统menu接口存在SQL注入漏洞

威胁情报

Spring Cloud Data Flow
漏洞介绍:Spring Cloud Data FlowSCDF)是一个基于微服务的工具包,用于在 Cloud Foundry()和 Kubernetes 中构建流式和批量数据处理管道。漏洞危害:受影响版本中,Skipper 服务器在处理文件上传时没有对路径进行适当的验证和清理,拥有 Skipper 服务器 API 访问权限攻击者可以通过构造恶意请求将 YAML 文件写入服务器的任意位置,同时由于 PackageMetadata 的创建过程中使用默认构造器反序列化 YAML 数据,从而导致任意代码执行。漏洞编号:CVE-2024-37084影响范围:org.springframework.cloud:spring-cloud-skipper@[2.11.0, 2.11.4)修复方案:官方已发布修复方案,受影响的用户建议及时下载补丁包进行漏洞修复
帆软报表 ReportServer SQL注入导致任意代码执行漏洞
漏洞介绍:帆软报表是一个企业级Web报表工具。漏洞危害:受影响版本在使用 SQLite 作为数据库时,view/ReportServer?test=&n= 接口存在SQL注入漏洞,当使用SQLite数据库时,未经授权的攻击者可利用该漏洞写入任意文件,从而执行任意系统命令。影响范围:finereport@(-∞, 11.0.28]修复方案:及时测试并升级到最新版本或升级版本
Laravel v11.x 存在PHP反序列化漏洞
漏洞介绍:Laravel 是用 PHP 编写的开源 Web 应用程序框架。漏洞危害:受影响版本中,由于 MonologHandler()Handle 类的 __destruct 方法调用了 close 方法,GroupHandler 重载了并调用每个 handlerclose 方法,反序列化恶意对象时会通过 getStreamName 方法调用对象的 __toString 方法,攻击者可利用应用中存在的反序列化逻辑,构造基于laravel 的反序列化利用链执行任意代码。漏洞编号:CVE-2024-40075影响范围:laravel/framework@[11.0.0, 11.16.0]修复方案:及时测试并升级到最新版本或升级版本
达梦数据库管理系统存在命令执行漏洞
漏洞介绍:达梦数据库管理系统(DM8)是武汉达梦数据库有限公司开发的一款数据库系统。漏洞危害:达梦数据库管理系统存在命令执行漏洞,攻击者可利用该漏洞获取服务器权限。影响范围:武汉达梦数据库股份有限公司 达梦数据库管理系统 V8(231011)修复方案:及时测试并升级到最新版本或升级版本
LiveBOS UploadImage.do 接口任意文件上传
微步编号:XVE-2024-18835漏洞类型:文件上传漏洞描述:LiveBOS灵动业务架构平台,是面向对象的业务支撑平台与建模工具。在LiveBos的UploadImage.do接口中,发现了一处任意文件上传漏洞,攻击者可利用该漏洞上传任意文件。影响厂商/产品:福建顶点软件股份有限公司-LiveBOS灵动业务架构平台
深澜计费管理系统 /strategy/ip/bind-ip 远程代码执行漏洞
微步编号:XVE-2024-18750漏洞类型:远程代码执行漏洞描述:深澜计费管理系统是一套计费系统,系统主要由 AAA认证计费平台、系统运营维护管理平台、用户及策略管理平台、用户自助服务平台、智能客户端模块、消息推送模块、数据统计模块组成。该系统/strategy/ip/bind-ip接口存在反序列化漏洞,可以远程执行任意代码。影响厂商/产品:杭州瀚洋科技有限公司-深澜计费管理系统
万户ezOFFICE协同管理平台 getAutoCode SQL注入漏洞
微步编号:XVE-2024-18749漏洞类型:SQL注入漏洞平台:应用程序漏洞描述:万户ezOFFICE协同管理平台是一个综合信息基础应用平台。万户ezOFFICE协同办公系统存在SQL注入漏洞。由于参数缺乏过滤,允许攻击者利用漏洞获取数据库敏感信息。影响厂商/产品:北京万户软件技术有限公司-万户 EzOFFICE

红队及恶意攻击IP

129.211.220.212119.45.151.227146.56.209.163220.231.145.193154.212.141.198154.212.141.253110.40.20.102110.40.39.82106.75.187.10223.113.128.1781.117.236.166110.42.66.212203.86.254.105203.91.121.207223.113.128.142218.241.249.123123.125.21.211222.186.13.133119.167.222.135185.33.53.121165.154.192.177154.204.179.24165.109.15.19114.224.21.143119.91.208.128101.132.253.139139.196.7.181118.89.238.339.98.41.16114.132.159.1258.134.102.19036.139.221.11539.103.159.236106.75.133.4536.133.221.93188.131.128.110110.41.23.52182.42.105.110124.222.124.77180.106.239.217220.167.140.180101.126.173.203114.251.188.228106.75.144.12842.101.15.878.134.85.791.13.14.7639.104.70.192218.60.22.11242.193.252.20339.103.164.3814.103.44.17239.103.162.98161.189.42.18106.39.213.50101.200.218.8193.176.211.2639.105.125.188106.75.138.147118.178.133.14460.205.230.2461.13.198.7958.215.103.16447.120.42.15123.207.75.12858.215.103.161120.27.110.150123.56.176.19106.75.175.181159.75.159.2947.98.236.160182.116.21.1858.142.5.2242.101.14.246109.244.96.73154.212.141.19947.92.199.109101.43.216.2782.157.160.9103.106.230.54121.237.176.195175.178.93.1036.112.155.1243.137.215.124125.39.175.20161.153.188.7847.108.13.37223.15.244.207220.192.220.105103.106.230.173139.196.145.119121.204.150.32111.180.204.14736.134.153.32120.27.133.10547.97.75.180111.172.248.58118.118.95.100106.55.202.118103.106.230.36101.200.148.20247.116.199.171121.62.63.58180.163.246.131180.163.246.132101.200.57.211110.248.163.16845.158.222.202183.56.225.1638.138.42.47106.75.165.8339.105.121.20460.191.137.103180.130.123.188117.50.186.16439.103.157.21747.93.142.152104.152.52.36106.75.133.175104.152.52.38104.209.34.200101.67.50.34106.75.130.53106.75.188.194104.248.191.107104.199.38.190104.152.52.27106.14.57.117101.132.137.180104.40.73.150112.86.225.169101.36.106.69106.55.160.215112.13.112.190106.53.208.178103.230.15.172101.67.50.109100.42.185.220104.40.75.1341.13.184.229101.36.106.135101.67.29.70104.40.75.118106.54.45.201104.209.33.45103.73.160.217101.67.29.208107.151.182.50104.199.37.210107.151.182.58112.13.112.171112.13.112.33103.230.15.39101.36.106.165101.67.29.101101.67.29.103101.67.49.194101.36.107.83112.50.53.5112.13.112.20104.236.2.197106.75.138.9106.75.70.142104.203.242.76110.230.116.5111.253.163.141112.86.225.123103.230.15.41112.13.112.154103.186.108.247112.13.112.153104.152.52.18101.43.30.166106.75.129.206110.40.33.40101.67.49.31103.93.175.146104.209.33.87101.67.49.162103.148.244.208101.67.50.96101.67.49.25106.75.5.52167.94.138.153167.71.58.10147.185.132.138167.94.145.107154.31.35.225134.122.135.149167.94.146.61172.169.190.120147.78.47.22134.122.133.217147.185.133.18414.128.63.1013.64.193.60134.122.102.65164.90.142.20128.14.209.26147.185.133.104147.185.132.85167.94.138.43152.32.252.198147.182.254.89147.185.133.217134.122.106.248138.197.164.81137.184.92.212172.104.73.58172.206.143.20128.14.211.186167.94.138.128172.232.208.48175.176.38.138147.185.132.99152.32.132.38175.24.229.108175.178.16.155172.169.4.164162.216.149.133172.202.177.22167.94.138.131180.101.81.159137.184.226.250138.199.62.5162.142.125.90180.101.81.158138.199.62.3172.169.2.171128.14.211.190167.71.57.153128.199.2.164172.206.150.13125.74.55.217172.206.143.196134.122.135.15147.185.132.201164.92.172.25150.158.46.19140.246.61.63156.238.255.152147.185.133.250165.154.23.208165.154.6.82167.94.138.32147.185.133.41167.94.138.112162.216.150.130162.216.150.131167.94.138.115167.94.138.118162.216.150.13913.91.165.136152.32.175.64170.64.233.18013.91.166.2213.87.128.101172.212.59.22129.204.86.17150.91.220.178172.202.178.6162.216.149.194128.14.153.234172.206.143.136143.110.192.130167.99.196.152152.32.174.249162.216.150.202176.111.174.5172.202.177.19113.64.193.92175.6.228.253146.190.57.24172.232.195.139147.182.153.3513.64.193.6156.146.45.110162.216.149.185147.185.132.51175.178.119.226125.8.94.219162.216.150.22147.185.132.193165.227.40.7147.185.132.192124.64.19.30172.212.59.114167.94.145.100152.89.198.67159.75.103.236142.93.132.9180.101.81.25135.148.232.57143.110.158.195180.101.81.157134.122.45.14180.101.81.156180.101.81.155125.63.115.122180.101.81.151167.94.138.145162.142.125.85172.169.206.122157.90.182.30162.142.125.83167.94.138.149172.233.92.4167.99.178.237165.227.0.96178.212.35.142162.216.150.103172.206.142.235162.142.125.89144.217.180.194150.158.42.96162.216.149.96134.122.135.61162.243.163.14167.94.138.15691.92.252.239.106.226.14947.92.35.20868.183.206.12052.230.152.20760.188.9.16245.58.184.22246.101.164.23147.102.126.5551.222.253.1751.222.253.1446.101.164.1539.173.105.15651.8.223.8946.101.164.1152.228.154.8739.173.105.14251.159.103.1046.101.157.3047.96.228.24864.227.155.1278.213.194.3052.167.144.16164.227.125.4847.92.161.2935.203.210.16964.62.197.12659.110.166.19960.26.94.13739.77.179.6252.228.155.17268.183.223.4460.188.9.13849.234.52.6752.230.152.11152.167.144.17534.34.177.15246.101.164.3352.167.144.19036.28.78.14288.88.133.17439.109.126.25442.236.17.22660.188.9.24560.188.9.9946.101.164.2635.203.210.17243.135.155.25127.215.125.13647.92.34.961.244.94.12664.226.127.6746.101.164.2235.203.210.18943.130.49.13860.188.9.9066.240.236.11660.188.9.11760.188.10.2760.188.9.23377.90.22.1639.107.140.15840.83.133.23746.101.164.5987.242.121.1245.135.132.16160.188.10.3066.240.236.11946.101.164.5047.103.57.7360.188.9.8160.188.9.8040.118.213.5546.101.228.8634.140.160.6283.212.98.22360.188.9.10139.173.107.25260.188.11.1268.183.221.15734.140.167.634.76.56.21040.118.214.17557.151.67.25035.203.211.6571.6.199.2335.203.211.6646.101.164.4234.76.224.18191.92.244.45.59.248.23052.167.144.13660.188.9.21260.188.9.6552.167.144.13835.203.210.8791.92.249.22739.173.107.4291.92.244.22746.101.227.21952.230.152.17060.188.9.20952.230.159.20275.115.206.11846.101.164.6735.203.211.20136.48.238.12064.62.156.11195.214.27.18343.248.141.17046.101.164.9436.135.72.1334.156.21.17169.172.97.1745.156.128.6352.167.144.20034.22.220.8552.167.144.2557.151.71.13571.6.167.14260.188.9.3636.111.177.1477.90.30.6339.173.107.7451.8.222.15298.152.200.368.183.194.1834.156.21.14245.156.128.6646.101.228.744.151.218.13145.156.128.6745.156.128.6845.156.129.4245.156.128.7652.167.144.21778.128.114.828.213.23.664.156.21.5445.33.109.1739.101.71.18445.156.129.10445.156.129.10060.188.10.1938.45.125.15445.156.128.7779.110.62.1884.151.38.19445.156.128.8366.240.219.14639.173.107.7843.225.198.23445.141.215.23945.9.74.6980.82.77.3369.10.48.17442.236.101.25345.156.128.8836.150.164.8135.203.211.15545.156.129.6465.49.1.7645.156.130.4045.156.129.6545.156.128.9145.156.128.9278.128.114.11445.156.129.6843.134.170.4636.103.230.23445.79.163.5358.20.6.13294.102.49.19378.128.114.10235.203.210.1057.152.56.13889.190.156.4635.203.210.12434.76.207.25491.92.246.10338.9.146.10760.188.9.1748.213.212.5046.101.163.21957.152.56.24848.217.211.95205.210.31.154205.210.31.82223.113.128.220205.210.31.156205.210.31.83223.72.29.31212.113.102.130185.191.171.10209.38.20.190199.47.82.19205.210.31.7320.70.176.140184.105.139.68199.45.154.146209.97.179.89223.113.128.216202.107.226.2205.210.31.162209.38.241.167223.109.252.213223.113.128.210223.109.252.210205.210.31.70223.72.29.25180.214.237.128205.210.31.216185.189.182.234185.165.191.27199.204.96.22198.235.24.177205.210.31.212205.210.31.211209.38.233.75198.235.24.169206.168.34.197203.86.123.54198.235.24.182198.235.24.186193.118.52.78185.200.116.49195.15.207.23820.118.68.233205.210.31.235199.45.154.179193.118.51.134199.45.154.177193.112.206.240193.118.51.130205.210.31.231205.210.31.234223.109.255.158222.187.119.230199.45.154.184185.200.116.76199.45.154.181205.210.31.24920.251.144.86205.210.31.242209.38.233.42198.235.24.159207.90.244.14199.45.154.191185.65.134.145193.177.182.119180.101.81.29192.34.128.73223.113.128.166180.101.81.27223.113.128.168198.235.24.254183.134.104.172223.109.252.172198.235.24.248205.210.31.17205.210.31.18180.101.81.35206.168.34.160180.101.81.33223.109.252.159223.109.252.154223.72.102.241185.142.236.34223.109.255.145192.3.80.130190.120.231.58206.168.34.171203.150.141.248198.235.24.232198.235.24.39203.195.213.121209.141.53.28223.104.41.66198.235.24.104198.235.24.226223.113.128.194198.235.24.108205.234.156.88180.102.110.144206.168.34.172198.235.24.45198.235.24.43205.210.31.206209.38.233.187209.38.233.186198.235.24.40223.113.128.174198.235.24.122198.235.24.244205.210.31.201205.210.31.200223.113.128.183198.235.24.117198.235.24.11920.118.69.93206.237.115.15211.53.189.137185.150.26.247198.235.24.54198.235.24.5223.27.48.150205.210.31.69205.210.31.173205.210.31.172223.109.252.243205.210.31.176193.3.19.26199.45.154.116202.151.42.147205.210.31.60198.235.24.202198.235.24.203223.72.29.99198.235.24.205198.235.24.208205.210.31.171185.242.226.38202.165.14.21205.210.31.53192.241.137.216205.210.31.58205.210.31.183198.235.24.222223.113.128.231198.235.24.223223.113.128.230198.235.24.218207.90.244.6207.90.244.2185.242.226.49220.243.191.67220.243.191.69220.181.51.85195.170.172.225223.113.128.144223.113.128.147212.80.21.22223.113.128.146205.210.31.198223.72.29.77222.88.83.2205.210.31.193198.235.24.72209.97.137.27193.177.182.107185.133.250.71209.38.254.244210.252.212.2198.235.24.201195.154.176.37206.189.63.169199.204.99.110223.72.29.233198.235.24.98223.113.128.204223.113.128.203223.113.128.205223.109.252.203205.210.31.131223.113.128.201205.210.31.253183.154.32.102198.235.24.9420.225.3.216205.210.31.95205.210.31.96213.199.54.89205.210.31.98209.38.201.119193.118.52.34223.72.29.48218.75.38.211209.141.51.21223.72.29.44218.75.38.210223.113.128.229199.45.154.1352.58.56.25198.235.24.194198.235.24.19827.150.194.2119.96.122.241103.197.113.18547.242.238.41110.40.20.16247.94.222.178120.92.12.14103.234.72.21989.134.11.61117.72.75.193119.45.23.22643.133.59.22112.13.87.3221.227.86.19320.225.3.8854.206.97.67103.118.55.294.156.67.200114.132.153.2347.120.57.207119.194.149.177128.14.227.6745.156.130.8116.255.241.142154.26.158.17249.232.227.12936.40.88.14264.62.197.1588.214.26.54121.40.171.96103.197.112.179115.55.248.220118.99.2.982.156.219.235121.40.212.132116.213.38.178211.90.236.43114.119.130.67154.26.154.251104.234.140.163146.56.224.174124.90.86.28120.55.60.18758.87.78.60218.60.117.242114.236.93.1845.79.120.183222.182.52.193101.34.79.85140.249.15.165121.40.212.24647.92.113.49123.14.154.221140.249.15.177121.204.188.105140.249.15.170123.57.234.233209.210.153.60116.179.33.14152.184.71.175114.132.64.19561.160.236.3291.92.255.248119.45.135.98123.162.190.217112.248.83.14351.254.53.1447.92.137.29185.142.236.4327.155.196.20035.216.167.104165.154.129.13027.115.124.3443.143.10.95182.92.243.11187.236.176.22313.91.179.10294.156.68.92211.193.31.5234.222.120.115165.154.72.19339.107.73.2539.106.59.15047.108.145.56209.38.46.1788.130.21.221150.138.125.9654.188.214.12964.62.156.8647.95.0.13124.222.24.20845.149.92.100182.92.232.8587.236.176.21964.62.156.91101.67.29.12345.143.199.145101.35.217.117146.56.201.12343.143.120.1647.100.232.4015.188.88.7539.105.14.1647.92.163.80113.2.164.19752.167.144.6739.180.88.140134.122.196.6195.128.249.3162.216.149.6961.1.180.60134.122.196.19121.43.40.11445.145.228.15768.183.53.7787.236.176.1574.151.218.179157.148.120.9871.105.100.70101.6.15.130119.164.93.44121.40.170.195213.180.203.19034.243.9.124113.2.165.191129.28.178.2278.220.192.59112.235.248.24156.236.70.244112.0.129.25198.235.24.57119.180.28.27223.104.79.66205.210.31.51170.64.181.2201.63.60.19242.227.201.1421.63.60.19139.128.106.253205.210.31.47135.125.149.207198.235.24.544.204.141.8152.36.88.20239.98.157.4162.191.9.13947.92.240.8147.185.132.19119.160.166.237202.170.201.186

              2024Hvv专栏

目前纷传已更新漏洞如下:

2024-07-22总更新漏洞如下:

1. U8cloud系统MeasureQueryframeAction SQL注入漏洞 2. 用友 GRP-A-Cloud 政府财务云 selectGlaDatasourcePreview SQL注入漏洞 3. 北京致远互联软件股份有限公司AnalyticsCloud分析云存在任意文件读取漏洞

4. 蓝凌KEP前台RCE漏洞

5. 泛微E-office-10接口leave_record.php存在SQL注入漏洞

6. 1Panel面板最新前台RCE漏洞(CVE-2024-39911)

7. SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412)

8. Netgear-WN604接口downloadFile.php信息泄露漏洞(CVE-2024-6646)

9. Nacos远程代码执行漏洞

10. LiveNVR流媒体服务软件接口存在未授权访问漏洞  livenvr 青柿视频管理系统 channeltree 存在未授权访问漏洞

11. fogproject系统接口export.php存在远程命令执行漏洞(CVE-2024-39914)

12. 全息AI网络运维平台ajax_cloud_router_config.php存在命令执行漏洞

13. 广联达OA接口ArchiveWebService存在XML实体注入漏洞

14. 亿赛通数据泄露防护(DLP)系统NetSecConfigAjax SQL 注入 漏洞

15. 亿赛通数据泄露防护(DLP)系统 NoticeAjax SQL 注入漏洞

16. 用友CRM系统import.php任意文件上传漏洞

17. 用友GRP A++Cloud政府财务云存在任意文件读取漏洞

18. 瑞友天翼应用虚拟化系统hmrao.php存在SQL注入漏洞

19. 红海云eHR-PtFjk.mob存在任意文件上传漏洞

20. 福建科立讯通信指挥调度管理平台ajax_users.php存在SQL注入漏洞

21. 泛微OA E-Cology ln.FileDownload文件读取漏洞

22. 大华DSS数字监控系统存在SQL注入漏洞

2024-07-23 总更新漏洞如下:

1. 万户OA SQL注入漏洞
2. 启明星辰 天玥网络安全审计系统 SQL 注入漏洞
3. 天问物业 ERP 系统 AreaAvatarDownLoad.aspx 任意文件读 取漏洞(XVE-2024-17939)
4. 帆软 FineReport ReportSever Sqlite 注入导致远程代码执行 漏洞(XVE-2024-18078)
5. 广联达 Linkworks ArchiveWebService XML 实体注入漏洞 (XVE-2024-18072)
6. 数字通指尖云平台-智慧政务payslip SQL注入漏洞
7. 浪潮云财务系统 biz integrationwebservice 命令执行漏洞 (XVE-2024-18082)
8.润乾报表 dataSphereServlet 任意文件读取漏洞 (XVE-2024-18076)
9. 福建科立讯通信 指挥调度管理平台 ajax_users.php SQL 注 入漏洞(XVE-2024-15986)
10. 福建科立讯通信 指挥调度管理平台 ajax_users.php 信息泄露漏洞
11. 福建科立讯通信 指挥调度管理平台存在远程命令执行漏洞 (XVE-2023-36635)
12. 联软安渡 UniNXG 安全数据交换系统 SQL 注入漏洞
13. 致远 OA fileUpload.do 前台文件上传绕过漏洞 (XVE-2024-8166)
14. 致远互联 AnalyticsCloud 分析云 任意文件读取漏洞 (XVE-2024-18073)
15. 赛蓝企业管理系统GetJSFile存在任意文件读取漏洞
16. 赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞
17. 通天星 CMSV6 车载视频监控平台 disable 存在 SQL 注入漏洞
18. 锐捷 RG-NBS2026G-P 交换机 WEB 管理 ping.htm 未授权 访问漏洞(XVE-2024-17942)
2024-07-24 总更新漏洞如下

1. TOTOLINK A6000R 命令执行漏洞

2. Sharp 多功能打印机 未授权访问漏洞

3.科讯一卡通管理系统dormitoryHealthRanking存在SQL注入漏洞

4. 泛微E-Mobile-installOperate.do存在SSRF漏洞

5. 科讯一卡通管理系统get_kq_tj_today存在SQL注入漏洞

6. 天问物业ERP系统ContractDownLoad.aspx存在任意文件读取漏洞

7. 润乾报表存在⽂件上传漏洞

8. 华磊科技物流-modifyInsurance-delay-pg-sql注⼊漏

9. 有友NCquerygoodsgridbycode存在SQL注⼊漏洞

10. 万⼾协同办公平台ezofficeDocumentEdit_unite. jspSQL注⼊漏洞

11. 用友NC-Cloud blobRefClassSearch接口存在反序列化漏洞

12. QM-vpn-download-client-任意文件读取

13. Bazarr swaggerui 组件 目录穿越导致任意文件读取漏洞

14. 海康威视综合安防管理平台detection前台远程命令执行

15. 建文工程项目管理软件 SQL 注入漏洞

2024-07-25 总更新漏洞如下:

1. 金和OAC6GeneralXmlhttpPage.aspx SQL注入漏洞

2. 锐捷统一上网行为管理与审计系统 static_convert.php 命令注 入漏洞

3. 飞讯云 WMS/MyDown/MyImportData 前台SQL注入

4. 云课网校系统 uploadlmage 任意文件上传漏洞

5. 数字通云平台智慧政务 timeSQL注入漏洞

6. 用友时空 PreviewKPQT sql注入漏洞

7. 用友NC LoggingConfigServlet 反序列化漏洞

8. 泛微e-cology getFileViewUrl SSRF漏洞

9. 湖南众合百易信息技术有限公司 资产管理运营系统 comfileup.php 前台文件上传漏洞

10. 科荣AIO moffice 存在SQL注入漏洞

11. F-logic DataCube3存在命令执行漏洞(CVE-2024-7066)

12. JeePlus快速开发平台resetpassword存在SQL注入漏洞

13. Laravel v11.x 存在PHP反序列化漏洞(CVE-2024-40075)

14. 泛微e-cology9接口WorkPlanService前台SQL注入漏洞(XVE-2024-18112)

15. 华磊科技物流getOrderTrackingNumber存在SQL注入漏洞

16. 汇智ERP-filehandle.aspx存在任意文件读取漏洞

17. 用友NC-querygoodsgridbycode.json存在SQL注入漏洞

2024-07-30 总更新漏洞如下:

1. 万户-ezOffice-SQL
2. Sharp-多功能打印机-PermissionAC
3. 奇安信-网神SecSSL3600-PermissionAC
4. 致远-OA-任意文件上传
5. 紫光-电子档案管理系统-PermissionAC
6. 用友-U8-Cloud-SQL
7. 拓尔思-TRSWAS5.0-PermissionAC
8. TOTOLINK-A6000R-RCE
9. SuiteCRM-SQL
10. 赛蓝-企业管理系统-任意文件读取
11. livenvr-青柿视频管理系统-PermissionAC
12. 科荣-AIO-SQL
13. 金蝶-云星空-SQL
14. 九思-OA-任意文件上传
15. 金慧-综合管理信息系统-SQL
16. 湖南众合百易信息技术有限公司-资产管理运营系统 -任意文件上传
17. 红海云-EHR系统-任意文件上传
18. 华天动力-OA-任意文件读取
19. 广州图创-图书馆集群管理系统-PermissionAC
20. 百易云-资产管理运营系统-任意文件上传
21. 瑞斯康达-多业务智能网关-rce
22. 金万维-云联应用系统接入平台-RCE
23. 金和-OA-SQL
24. 宏脉-医美行业管理系统-任意文件读取
25. 泛微-E-Cology-SQL
26. logic-DataCube3测量系统-RCE
27. 用友-NC-反序列化RCE
28. 用友-GRP-U8-SQL
29. 深澜-计费管理系统-反序列化RCE
30. Netgear-WN604无线路由器-PermissionAC
31. 铭飞-MCMS-RCE
32. 浪潮-GS企业管理软件-RCE
33. 浪潮-GS企业管理软件-RCE
34. 开源-餐厅数字化综合管理平台-PermissionAC
35. 泛微-云桥E-Bridge-SQL
36. 超级猫-签名APP分发平台-任意文件读取
37. 超级猫-签名APP分发平台-SQL
38. RAISECOM网关设备list_base_config.php存在远程命令执行漏洞
39. 用友时空KSOA系统接口PreviewKPQT.jsp存在SQL注入漏洞
40. 用友时空KSOA系统接口PrintZP.jsp存在SQL注入漏洞
41. 用友时空KSOA系统接口PrintZPYG.jsp存在SQL注入漏洞
42. 用友时空KSOA系统接口PrintZPFB.jsp存在SQL注入漏洞
43. 用友时空KSOA系统接口PrintZPZP.jsp存在SQL注入漏洞
44. 用友时空KSOA系统接口fillKP.jsp存在SQL注入漏洞
45. 方天云智慧平台系统GetCompanyItem存在sql注入漏洞
46. 用友U9系统DoQuery接口存在SQL注入
47. 泛微ecology系统setup接口存在信息泄露漏洞
48. eking管理易FileUpload接口存在任意文件上传漏洞
49. SpringBlade系统menu接口存在SQL注入漏洞

                 


推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
ZhouSa.com-宙飒天下网