【2024Hvv情报】日报总结

admin
admin
admin
139580
文章
114
评论
2024年7月23日11:26:51评论85 views字数 11158阅读37分11秒阅读模式

              爆出漏洞篇

 

一、蓝凌EKP存在sys_ui_component远程命令执行漏洞二、亿赛通数据泄露防护(DLP)系统NoticeAjax接口存在SQL注入漏洞三、天问物业ERP系统AreaAvatarDownLoad存在任意文件读取漏洞四、赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞五、赛蓝企业管理系统GetJSFile存在任意文件读取漏洞六、数字通指尖云平台-智慧政务payslip SQL注入漏洞七、通天星CMSV6车载定位监控平台disable存在SQL注入八、北京致远互联软件股份有限公司AnalyticsCloud分析云存在任意文件读取漏洞九、网传天擎0day rce十、网传某康综合安防0day十一、SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412)十二、亿赛通数据泄露防护(DLP)系统NetSecConfigAjax接口存在SQL注入漏洞十三、用友NC querygoodsgridbycode存在SQL注入漏洞十四、云课网校系统uploadImage存在任意文件上传漏洞十五、NC系统blobRefClassSearch接口中pk_org参数的sql注入漏洞十六、浪潮云财务系统存在命令执行十七、通天星主动安全监控云平台远程代码执行漏  十八、H3C Workspace 云桌面 远程命令执行漏洞(XVE-2024-8180  十九、润乾报表前台任意文件上传漏洞二十、启明星辰 天玥网络安全审计系统 SQL 注入漏洞二十一、致远 OA fileUpload.do 前台文件上传绕过漏洞二十二、(指挥调度平台invite_one_member存在远程命令执行漏洞二十三、指挥调度平台ajax_users存在SQL注入漏洞二十四、锐捷 RG-NBS2026G-P交换机WEB 管理ping.htm未授权访问漏洞  二十五、万户协同办公平台ezoffice DocumentEdit_unite.jsp SQL注入漏洞二十六、用友U8 Cloud MonitorServlet 存在反序列化漏洞二十八、U8cloud系统MeasureQueryframeAction SQL注入漏洞 二十九、用友 GRP-A-Cloud 政府财务云 selectGlaDatasourcePreview SQL注入漏洞 三十、蓝凌KEP前台RCE漏洞三十一、泛微E-office-10接口leave_record.php存在SQL注入漏洞三十二、1Panel面板最新前台RCE漏洞(CVE-2024-39911)三十三、Netgear-WN604接口downloadFile.php信息泄露漏洞(CVE-2024-6646)三十四、Nacos远程代码执行漏洞三十五、LiveNVR流媒体服务软件接口存在未授权访问漏洞  livenvr 青柿视频管理系统 channeltree 存在未授权访问漏洞三十六、fogproject系统接口export.php存在远程命令执行漏洞(CVE-2024-39914)三十七、全息AI网络运维平台ajax_cloud_router_config.php存在命令执行漏洞三十八、广联达OA接口ArchiveWebService存在XML实体注入漏洞三十九、用友CRM系统import.php任意文件上传漏洞四十、用友GRP A++Cloud政府财务云存在任意文件读取漏洞四十一、瑞友天翼应用虚拟化系统hmrao.php存在SQL注入漏洞四十二、红海云eHR-PtFjk.mob存在任意文件上传漏洞四十三、福建科立讯通信指挥调度管理平台ajax_users.php存在SQL注入漏洞、四十四、泛微OA E-Cology ln.FileDownload文件读取漏洞四十五、大华DSS数字监控系统存在SQL注入漏洞

              红队IP篇

 

124.222.56.1032409:8a34:423:7910:5538:8be:26e9:f4a749.232.195.9218.60.117.33218.60.117.242140.246.68.14945.136.18.3939.105.173.98103.218.92.23434.170.36.9645.128.232.12823.95.190.190222.85.139.162119.45.164.10539.105.53.172129.211.180.50146.56.201.123104.152.52.34123.249.91.1593.15.154.27180.143.102.2394.151.229.42103.39.93.938.219.150.33146.190.152.115217.60.247.66122.117.51.33223.76.215.193165.154.4.145178.239.146.228165.154.23.25123.207.51.10345.128.232.22103.82.195.12652.228.153.19260.210.21.250118.107.44.11139.172.74.24318.222.137.194103.146.22.100159.138.3.90213.169.137.235178.238.224.3927.222.11.18645.90.46.14595.111.233.2314.255.99.21168.183.225.172221.10.124.142128.199.203.116165.154.21.188185.4.28.64212.113.102.66165.154.21.143103.232.122.33103.119.17.99185.229.119.12743.143.240.248113.125.14.174223.113.128.228223.113.128.141118.194.255.11164.92.161.119152.32.183.31159.89.194.18491.92.251.38149.50.130.8549.0.203.169183.15.122.44203.34.56.254213.199.57.254152.32.171.126188.130.207.4139.109.126.25462.108.52.76212.113.102.134124.156.204.44156.236.72.2747.245.34.1958.209.223.148103.173.227.187152.32.247.54119.45.29.30157.66.49.10162.215.23.12534.67.180.17827.124.53.4034.134.31.82156.237.192.1823.94.245.12642.193.125.16823.94.245.12423.94.245.12523.94.245.12223.94.245.12323.94.245.12023.94.245.12118.158.145.15223.255.246.169162.215.23.134162.215.23.13523.94.234.9434.81.227.53162.215.23.13223.94.234.9223.94.234.93162.215.23.13138.6.193.10222.186.11.172159.75.111.24323.94.245.11927.124.7.10739.98.196.145185.174.101.8023.94.245.11723.94.245.11823.94.245.11523.94.245.11637.37.183.2823.94.245.11435.224.58.25038.6.176.18839.105.107.96159.75.164.3323.247.128.403.11.124.2414.180.40.8318.223.161.236157.230.9.1413.228.106.14639.34.79.130182.92.157.25185.104.181.135159.65.130.146162.215.23.14631.42.185.190162.215.23.14439.106.5.215162.215.23.140185.117.118.2139.105.197.8838.181.78.247162.215.23.147162.215.23.148156.238.233.183156.238.225.8135.221.150.166156.247.33.205159.203.166.17923.224.61.53159.100.248.1003.78.29.203221.190.222.201157.20.182.5185.125.50.393.236.126.155156.237.192.19162.14.73.15425.31.95.31159.89.187.246162.215.23.168159.75.104.8162.215.23.165162.215.23.16639.64.239.162159.223.224.93162.215.23.16438.6.175.12236.138.173.47162.215.23.20827.124.53.8323.94.230.18424.199.120.2223.94.230.18935.84.184.25423.95.248.20339.101.71.20823.95.248.20423.95.248.20523.95.248.20639.105.130.9423.95.248.20023.95.248.20123.95.248.19723.95.248.19839.100.89.1934.233.217.19234.45.75.6538.46.14.5838.46.14.5936.134.129.1638.6.185.10198.44.250.23823.224.144.21238.54.57.7938.46.14.6034.198.241.131159.75.164.943.136.65.2363.106.28.15123.95.181.154182.92.4.10223.95.181.153180.101.25.48159.75.104.19723.95.181.1523.66.145.34221.15.241.17123.95.181.15123.95.181.150185.11.61.124158.220.115.8242.192.36.3138.60.252.11823.95.181.15823.94.233.12423.95.181.15737.24.111.2723.95.181.15623.95.181.155185.150.26.24018.170.246.7227.54.170.50185.17.165.2816.163.148.219222.188.218.2162.215.23.17138.147.172.174.246.230.34184.72.112.171162.215.23.17638.55.197.17437.187.27.24034.28.72.212185.174.101.12641.215.243.2438.47.107.4438.12.42.216156.245.25.17339.98.119.22931.220.30.244162.215.23.18239.107.117.48162.215.23.18839.104.208.2404.180.6.24231.230.52.1753.216.133.137156.238.234.18734.142.201.103157.90.254.25438.6.221.41162.215.23.192156.245.19.1273.127.253.8639.105.141.35162.215.23.1913.8.115.15539.100.79.87162.215.23.198162.215.23.19635.171.228.255157.230.31.2639.100.91.8923.27.127.19934.16.198.17431.172.87.230222.112.248.18139.105.114.17923.95.213.6134.237.94.238157.230.254.334.84.42.35159.100.248.255183.144.22.5631.192.236.8223.94.234.8541.216.183.1353.6.115.6431.124.151.20523.94.234.89162.215.23.12823.94.234.8731.128.32.22182.92.214.11123.95.248.2023.18.245.10218.221.155.034.206.138.66181.214.152.13035.166.57.84157.66.25.1639.105.24.228183.254.32.1723.0.250.71185.158.248.107159.89.204.19838.55.251.22123.95.235.1038.6.193.9162.215.23.220185.64.246.15027.50.63.13538.6.193.723.94.123.235162.215.23.10927.25.138.25442.192.84.184185.154.52.150184.147.209.221162.215.23.10835.238.182.19739.96.162.136162.215.23.22518.140.63.4234.95.215.17842.194.133.168162.215.23.11137.19.201.131219.157.135.10222.239.35.173162.215.23.117185.170.144.142159.100.248.2540.115.32.175159.100.246.8742.51.37.127162.215.23.12323.239.19.42162.215.23.12029.54.63.19235.197.55.14742.193.248.12718.253.127.16734.195.136.418.189.106.4539.96.116.3135.204.170.221185.172.128.639.100.182.5618.217.214.178182.92.179.23827.50.63.21538.147.186.10124.144.86.7234.105.74.8225.62.225.22441.216.189.13323.95.90.77160.80.97.22930.141.64.67159.100.254.18618.192.213.18238.6.177.22618.183.19.25336.91.103.1943.21.143.25539.105.8.12635.157.245.4523.21.80.2018.222.52.1814.246.214.14834.93.210.16525.62.225.23638.132.114.1723.97.251.20123.94.230.178159.75.148.6738.6.177.943.141.142.211182.135.42.23159.203.125.55159.100.245.70182.92.216.17138.12.36.5339.98.201.12531.7.61.184.37.94.98183.131.85.6439.104.200.45185.17.115.23827.25.140.1438.6.179.13026.81.134.145182.204.180.148159.100.253.16623.224.239.103159.75.101.1553.18.247.131185.130.46.22923.95.243.3023.95.243.2423.95.243.2523.95.243.2623.95.243.2723.95.243.20159.89.204.23123.95.243.2123.95.243.2223.95.243.2324.137.215.159206.123.132.16323.95.243.283.248.199.10323.95.243.29158.247.250.15427.189.30.4634.126.174.3439.108.248.638.6.190.154.158.105.16738.6.216.1338.6.177.4218.176.57.203159.75.132.9939.98.250.47159.223.219.1923.224.239.7723.95.243.1823.95.243.19222.186.148.12138.91.113.74185.106.176.168183.176.135.2238.60.253.18336.52.45.7816.171.241.15838.47.101.17638.92.40.8338.6.164.15927.105.178.1618.233.73.11623.95.233.14040.124.112.2323.91.137.533.79.67.9042.193.53.7434.136.92.12735.189.217.15134.248.124.8939.100.111.7738.54.30.12235.220.155.11437.197.57.11634.120.16.13716.163.146.197202.79.172.198192.210.216.212159.65.56.303.31.238.7841.163.25.13739.106.86.12623.227.198.5038.45.126.2424.218.17.13538.242.198.230185.18.222.23539.105.51.1139.100.109.22939.100.101.55156.251.17.5942.194.196.21534.231.255.333.130.13.22161.123.69.2938.147.171.16723.95.190.18023.95.190.181222.137.196.2093.135.98.24938.165.10.24039.102.213.15923.133.216.22339.100.79.15238.54.2.16523.94.141.2493.84.14.2138.55.184.8223.95.190.17923.95.190.17834.225.7.112159.75.166.18318.191.219.1713.86.13.343.27.133.11323.95.47.6826.139.162.7138.128.251.22723.224.61.7323.95.190.18823.95.190.18923.95.181.14923.95.190.18623.95.181.14823.95.190.18723.95.181.14723.95.190.18423.95.181.14623.95.190.18523.95.190.18223.95.190.18339.96.33.17818.132.148.10639.103.236.20038.6.155.8157.230.15.19534.41.72.142185.18.222.2438.47.106.17641.63.30.5039.100.132.14218.168.221.150185.56.204.242159.100.250.203185.254.37.8035.189.178.127222.77.177.198182.119.140.16918.144.30.84158.160.167.1335.177.233.199182.92.238.3123.224.61.903.27.12.150157.173.197.1773.127.59.753.142.167.435.240.151.120156.236.69.114156.238.229.79221.226.155.1324.180.40.693.131.200.23437.10.71.21537.60.242.2518.169.194.538.54.17.21036.139.139.19938.180.82.15439.102.210.16224.125.22.20524.48.65.1542.194.184.1614.185.109.4939.107.242.1253.107.99.9435.198.215.603.127.190.8938.45.65.19542.51.34.223218.93.155.3939.104.18.200157.230.110.191184.54.46.2158.101.167.23023.94.200.24939.98.37.14637.27.11.20942.193.117.16223.22.218.218157.245.14.2453.126.224.21423.95.248.19418.167.125.209201.230.41.1713.127.133.10635.91.159.17834.215.75.14134.69.83.1993.231.153.22623.95.248.1993.27.222.16335.240.206.12339.106.36.2623.95.248.19534.92.215.22723.95.248.19634.199.66.228223.113.128.179113.225.168.82

              威胁情报

 

【情报-漏洞预警】【情报来源】:内部【漏洞类型】:泛微 E-Cology 远程代码执行漏洞漏洞危害】:高【情报简述】【漏洞详情】【处置方法】:官方已发布最新版本修复该漏洞,受影响客户请联系厂商或自行下载最新补丁包。下载链接:S https://www.weaver.com.cn/cs/securityDownload.html?src=cn临时措施:封堵该路径,等待厂商发布升级补丁。
【情报-漏洞预警】【情报来源】:内部【漏洞类型】:1Panel 面板前台 sql 注入漏洞(CVE-2024-39911)【漏洞危害】【情报简述】【漏洞详情】【处置方法】临时措施:升级最新版本 少 1Panel-现代化、开源的 Linux 服务器运维管理面板。

【情报-漏洞预警】【情报来源】:内部【漏洞类型】:Alibaba Nacos derby 远程代码执行漏洞【漏洞危害】:高【情报简述】【漏洞详情】【处置方法】:临时措施:封堵该路径,等待厂商发布升级补丁
【情报-漏洞预警】【情报来源】:内部【漏洞类型】:命令执行【漏洞危害】:高【情报简述】:关于浪潮云财务系统存在命令执行【漏洞洋情】:近日安全运营中心收到漏洞预警情报,浪潮云财务系统路径/cwbaselgspwebsenvicelbizintegrationwebsenicelbizintegrationwebsenice,asmx存在命令执行利用该漏洞可获取服务器控制权限。【处置方法】:临时措施:封堵该路径,等待厂商发布升级补丁。
【泛微一级安全通知】关于Ecology任意文件写入(RCE)漏洞的修复通知(注意:如部署有测试环境,测试环境也记得更新安全补丁包!)
泛微如下产品功能受以上漏洞影响:1、Ecology8.0(必须升级到10.65版本安全补丁包)2、Ecology9.0(目前安全补丁包,低于V10.62版本需要手工尽快升级)升级方法:方法1:等待安全包自动更新;方法2:用sysadmin登录oa系统,访问/security/monitor/Monitorjsp,点击【环境信息】,如果看到【下载并应用更新】,可以直接点击,然后等待几分钟后即可实现在线更新,该更新不需要重启服务。方法3:手工停止服务打包
【供应链厂商情报】奇安信天警存在0day漏洞漏洞等级:超危漏洞描述:奇安信天擎V10是一款终端安全软件,经供应链厂商反馈,该软件服务端存在0day漏洞,需增打安全补丁修复。受影响产品(版本):奇安信天擎V10服务端

              2024Hvv专栏

目前纷传已更新漏洞如下:

2024-07-22总更新漏洞如下:

1. U8cloud系统MeasureQueryframeAction SQL注入漏洞 2. 用友 GRP-A-Cloud 政府财务云 selectGlaDatasourcePreview SQL注入漏洞 3. 北京致远互联软件股份有限公司AnalyticsCloud分析云存在任意文件读取漏洞

4. 蓝凌KEP前台RCE漏洞

5. 泛微E-office-10接口leave_record.php存在SQL注入漏洞

6. 1Panel面板最新前台RCE漏洞(CVE-2024-39911)

7. SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412)

8. Netgear-WN604接口downloadFile.php信息泄露漏洞(CVE-2024-6646)

9. Nacos远程代码执行漏洞

10. LiveNVR流媒体服务软件接口存在未授权访问漏洞  livenvr 青柿视频管理系统 channeltree 存在未授权访问漏洞

11. fogproject系统接口export.php存在远程命令执行漏洞(CVE-2024-39914)

12. 全息AI网络运维平台ajax_cloud_router_config.php存在命令执行漏洞

13. 广联达OA接口ArchiveWebService存在XML实体注入漏洞

14. 亿赛通数据泄露防护(DLP)系统NetSecConfigAjax SQL 注入 漏洞

15. 亿赛通数据泄露防护(DLP)系统 NoticeAjax SQL 注入漏洞

16. 用友CRM系统import.php任意文件上传漏洞

17. 用友GRP A++Cloud政府财务云存在任意文件读取漏洞

18. 瑞友天翼应用虚拟化系统hmrao.php存在SQL注入漏洞

19. 红海云eHR-PtFjk.mob存在任意文件上传漏洞

20. 福建科立讯通信指挥调度管理平台ajax_users.php存在SQL注入漏洞

21. 泛微OA E-Cology ln.FileDownload文件读取漏洞

22. 大华DSS数字监控系统存在SQL注入漏洞

 

原文始发于微信公众号(TeamSecret安全团队):【2024Hvv情报】日报总结

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2024年7月23日11:26:51
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   【2024Hvv情报】日报总结https://cn-sec.com/archives/2987642.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息