蓝队的狂欢
探子来报,RedTeam暂无消息!
1、 通天星主动安全监控云平台远程代码执行漏洞2、 H3C Workspace 云桌面 远程命令执行漏洞3、 润乾报表前台任意文件上传漏洞4、 通天星 CMSV6 车载视频监控平台 disable 存在 SOQL注入漏洞5、 亿赛通数据泄露防护(DLP)系统 NetSecConfigAjax SQL注入漏洞6、 亿赛通数据泄露防护(DLP)系统 NoticeAjax SQL 注入漏洞7、 天问物业 ERP 系统 AreaAvatarDownLoad.aspx 任意文件读取漏洞8、 启明星辰 天玥网络安全审计系统 SQL注入漏洞9、 致远 OA fileUpload.do 前台文件上传绕过漏洞10、F5 BIG-IP 远程代码执行漏洞11、用友U8 cloud MonitorServlet 反序列化漏洞12、万户 OA SOL 注入漏洞13、锐捷 RG-NBS2026G-P 交换机WEB管理 ping.htm 未授权访问漏洞14、福建科立讯通信 指挥调度管理平台 ajax users.php 信息泄露漏洞15、福建科立讯通信 指挥调度管理平台 ajax users.php SQL注入漏洞16、福建科立讯通信 指挥调度管理平台存在远程命令执行漏洞17、广联达 Linkworks ArchiveWebService XML 实体注入漏洞18、致远互联 AnalyticsCloud 分析云 任意文件读取漏洞19、润乾报表 dataSphereServet 任意文件读取漏洞20、联软安渡 UniNXG 安全数据交换系统 SOL注入漏洞21、帆软 FineReport ReportSever Sqlite 注入导致远程代码执行漏洞22、浪潮云财务系统 bizintegrationwebservice 命令执行漏洞23、时空智友 ERP uploadstudiofile 文件上传漏洞24、易天智能EHR管理平台任意用户添加漏洞25、上海上讯信息技术股份有限公司运维管理系统rce26、Nacos removal 远程代码执行漏洞27、九思OA 文件上传漏洞
关于2024攻防演练员工守则通知.exeSHA256:bccd982dab220d22689cf81277789ef64b32f575a08f604e1a75da1d5d6aee10MD5:0f3f69ah55hf8h34fdd22日期:7.22攻击手法:C2:8.134.249.167:9099攻击手法:利用微信检测虚拟机分析结论:后门木马IP 地址8.134.249.167
样本名称:东风电子采购平台数字签名服务补丁升级包安装说明,exeSHA256:3f3cb10b9eb096a4f6aeb74ab44487d9b7d4b88cf6cdb14bc7364b3263e79f10MD5:0950d8bba59da75d88bf5a77d4f2fd82SHA1:35d5a49e441a7a3de27b4b096f2a88b7536189fdIOC:62.234.31.47:80
样本名称:关于 2024 年公司财务调整的通知.exeSHA256:d44f628b8e447249ef9ce8871350c52693c1f31cb126307be9f1b2c535053a4aMD5:248b44673cbb0384180fc62ca972f018C2:无分析结论:向日葵多协议 RDP 插件
样本名称:集团“星火计划”推荐学员参加选拔考试通知 docx.exeSHA256:54a28a2bc66c4529aaf2c7b92d724f2a2943dcd12bb960f43e6d34cf90ace700MD5:7c29a8b9e872af42b5d92dc98f87a917
C2:59.42.126.162:80分析结论:CobaltStrike 木马
通天星主动安全监控云平台远程代码执行漏洞 (XVE-2023-36633)
影响版本 :version < = V7.32.0.2临时缓解措施 :使用防护类设备对相关资产进行防护 ,拦截请求中出现的恶意 SQL 语句。如非必要 ,避免将资产暴露在互联网。详情信息 :该漏洞仍处于 0day 状态 ,暂不公开提供。
H3C Workspace 云桌面 远程命令执行漏洞(XVE-2024-8180)
影响版本 :version < = E1013P13临时缓解措施 :使用防护类设备对相关资产进行防护 ,拦截请求中出现的恶意命令执行语句。如非必要 ,避免将资产暴露在互联网。详情信息 :该漏洞仍处于 0day 状态 ,暂不公开提供.
润乾报表前台任意文件上传漏洞(XVE-2023-2519)
影响版本 :version < = 20221210临时缓解措施 :使用防护类设备对相关资产进行防护 ,拦截请求中出现的恶意 jsp 代码和../路径穿越字符。如非必要 ,避免将资产暴露在互联网。详情信息 :该漏洞仍处于 0day 状态 ,暂不公开提供。
天问物业 ERP 系统 AreaAvatarDownLoad.aspx 任意文件读 取漏洞(XVE-2024-17939)
漏洞描述:天问互联科技有限公司以软件开发和技术服务为基础,建立物业ERP应用系统,向物管公司提供旨在降低成本、保障品质、提升效能为目标的智慧物管整体解决方案,实现物管公司的管理升级;以平台搭建和资源整合为基础,建立社区O2O服务平台,向物管公司提供旨在完善服务、方便业主、增加收益为目标的智慧小区综合服务平台,实现物业公司的服务转型.。影响厂商/产品:天问互联科技有限公司-天问物业ERP系统临时修复建议 :使用防护类设备进行防护,限制访问 /HM/M_Main/InformationManage/AreaAvatarDownLoad.aspx 路径 ,拦截请求中 出现../路径穿越字符如非必要 ,避免将资产暴露在互联网
致远 OA fileUpload.do 前台文件上传绕过漏洞 (XVE-2024-8166)
漏洞描述:致远OA是致远云技术变革诞生的新一代“互联网云协同”的行业协同云产品。深耕行业领域,提供符合行业特性的企业管理应用及产品,并以“流程、数据、云技术、移动、业务定制技术”为核心,打造云端的一站式、可定制的行业协同工作平台。成为多行业的中小微企业客户的团队管理和工作的新方式。致远互联OA A8和A6的5.x版本的fileUpload.do接口存在任意文件上传漏洞,该漏洞允许未经身份验证的攻击者通过fileUpload.do上传文件,并使用menu.do接口修改文件实现上传webshell从而代码执行。影响厂商/产品:北京致远互联软件股份有限公司-致远OAversion<=致远OA8V5.x,version<=致远OA6V5.x受影响。临时修复建议 :使用防护类设备进行防护 ,拦截请求中出现的恶意 JSP 代码以及../路径穿越字符如非必要 ,避免将资产暴露在互联网
F5 BIG-IP 远程代码执行漏洞(XVE-2023-29359)
漏洞描述:F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。F5 BIG-IP Configuration utility存在安全漏洞,该漏洞源于存在远程代码执行(RCE)漏洞。攻击者可利用该漏洞通过management port或self IP addresses执行任意系统命令。影响厂商/产品:F5 Networks-Big-ip Local Traffic Manager13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-BIG-IP Policy Enforcement Manager (PEM)13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-BIG-IP Application Acceleration Manager (AAM)13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Webaccelerator13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Global Traffic Manager13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Ddos Hybrid Defender13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-BIG-IP Application Security Manager (ASM)13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Access Policy Manager13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Ssl Orchestrator13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Analytics13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Link Controller13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Carrier-grade Nat13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Advanced Web Application Firewall13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Domain Name System13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Websafe13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Container Ingress Services13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Application Visibility And Reporting13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Automation Toolchain13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。F5 Networks-Big-ip Fraud Protection Services13.1.0<=version<=13.1.5,14.1.0<=version<=14.1.5,15.1.0<=version<=15.1.10,16.1.0<=version<=16.1.4,17.1.0<=version<=17.1.1受影响。CPE:cpe:2.3:a:f5:big-ip_link_controller:13.1.1.2:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_security_manager:13.1.3.1:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_domain_name_system:16.1.3.4:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_analytics:14.1.2.1.0.34.4:*:*:*:*:*:*:*cpe:2.3:a:f5:big-ip_application_security_manager:14.1.0.6.0.11.9:*:*:*:*:*:*:*.....官方修复方案 :官方已发布修复方案 ,请前往以下地址获取 :https://my.f5.com/manage/s/article/K000137353临时修复建议 :使用防护类设备进行防护 ,拦截请求中出现的恶意 SQL 语句如非必要 ,避免将资产暴露在互联网
锐捷 RG-NBS2026G-P 交换机 WEB 管理 ping.htm 未授权 访问漏洞(XVE-2024-17942)
漏洞描述:锐捷网络是一家拥有包括交换机、路由器、软件、安全防火墙、无线产品、存储等全系列的网络设备产品线及解决方案的专业化网络厂商。锐捷RG-NBS2026G-P交换机存在未授权访问漏洞,攻击者通过漏洞可以获取服务器权限,导致服务器失陷。影响厂商/产品:锐捷网络股份有限公司-锐捷 Smartweb管理系统RG-NBS2026G-P受影响。临时修复建议 :使用防护类设备进行防护 ,限制访问/safety/ping.htm 路径如非必要 ,避免将资产暴露在互联网
帆软 FineReport ReportSever Sqlite 注入导致远程代码执行 漏洞(XVE-2024-18078)
漏洞描述:FineReport 是帆软自主研发的企业级 Web 报表工具。帆软 FineReport /view/ReportSever 接口存在sqlite注入,攻击者能够利用该漏洞执行attach database写入jsp文件执行系统命令影响厂商/产品:帆软软件有限公司-FineReport报表软件=全版本2024.7.22之前(且未设置url.properties黑名单或删除sqlite依赖)受影响。:使用防护类设备进行防护 ,限制访问/web root/decision/view/ReportServer 路径 ,拦截请求中出现的恶意 SQL 注入语句如非必要 ,避免将资产暴露在互联网
浪潮云财务系统 biz integrationwebservice 命令执行漏洞(XVE-2024-18082)
漏洞描述:浪潮会计云服务简介浪潮云会计——全方位解决小微企业财务管理痛点,专为小微企业打造的在线财务软件,帮助财务人员随时随地管理资产、发票、报税、往来、经营 分析等,高效、便捷的人工智能化系统。浪潮云财务系统存在命令执行漏洞,攻击者可以利用该漏洞执行任意命令。影响厂商/产品:浪潮集团有限公司-浪潮云财务系统临时修复建议 :使用防护类设备进行防护,限制访问 /cwbase/gsp/webservice/biz integrationwebservice/biz integrationwebservice.a smx 路径如非必要 ,避免将资产暴露在互联网
JumpServer 存在多个高危漏洞
漏洞介绍:JumpServer 是广受欢迎的开源堡垒机,是符合4A 规范的专业运维安全审计系统。漏洞危害:playbook读取celery容器中的任意文件,从而导致敏感信息泄露;漏洞CVE-2024-40629,攻击者可以利用Ansible playbook写入任意文件,以root身份运行并具有数据库访问权限。漏洞编号:CVE-2024-40628CVE-2024-40629影响范围:<= JumpServer <= v3.10.11修复方案:及时测试并升级到最新版本或升级版本临时缓解方案:关闭作业中心功能。关闭作业中心功能的具体步骤为:以管理员身份登录至JumpServer堡垒机。依次选择“系统设置”→“功能设置”→“任务中心”,在打开的页面中关闭作业中心功能。
Nacos derby 接口SQL注入导致RCE漏洞
漏洞介绍:Nacos 是一个用于动态服务发现和配置以及服务管理的平台,Derby 是一个轻量级的嵌入式数据库。漏洞危害:受影响版本的 Nacos 默认未开启身份认证,/data/removal 接口存在条件竞争漏洞,攻击者可借此接口执行恶意SQL,加载恶意jar并注册函数,随后可以在未授权条件下利用 derby sql 注入漏洞(CVE-2021-29442)调用恶意函数来执行恶意代码。影响范围:nacos@(-∞, 2.4.0)com.alibaba.nacos:nacos-config@(-∞, 2.4.0)修复方案:及时测试并升级到最新版本或升级版本
Oracle WebLogic Server 远程代码执行漏洞
漏洞介绍:Oracle WebLogic Server是一个用于构建、部署和管理企业级Java应用程序。漏洞危害:在受影响版本中未经身份验证的攻击者可以通过T3或IIOP协议来利用 Oracle WebLogic Server 执行任意代码。漏洞编号:CVE-2024-21181影响范围:weblogic_server@[12.2.1.4.0, 14.1.1.0.0]修复方案:及时测试并升级到最新版本或升级版本
海康威视综合安防系统ISecure Center未授权代码执行
漏洞描述:海康威视综合安防系统ISecure Center是杭州海康威视数字技术股份有限公司旗下一款安防系统。海康威视iSecureCenter综合安防管理平台存在未授权接口,该系统存在未授权命令执行,攻击者可以未授权访问漏洞路由,直接执行任意命令修复建议:请关注厂商的修复版本,并及时更新到最新版本.
赛蓝企业管理系统ReadTxtLog存在任意文件读取漏洞
漏洞描述漏洞介绍:赛蓝企业管理系统漏洞危害:ReadTxtLog存在任意文件读取漏洞,可读取任意文件。漏洞范围:Fofa:body="www.cailsoft.com"||body="赛蓝企业管理系统"临时缓解方案:防火墙上屏蔽改接口
赛蓝企业管理系统GetJSFile存在任意文件读取漏洞
漏洞介绍:赛蓝企业管理系统漏洞危害:GetJSFile接口处存在任意文件读取漏洞,未经身份验证攻击者可通过该漏洞读取系统重要文件(如数据库配置文件、系统配置文件)、数据库配置文件等等,导致网站处于极度不安全状态。漏洞范围:Fofa:body="www.cailsoft.com"||body="赛蓝企业管理系统"临时缓解方案:增加接口鉴权
数字通指尖云平台-智慧政务payslip SQL注入漏洞
漏洞信息:数字通指尖云平台-智慧政务漏洞危害:数字通指尖云平台智慧政务OAPayslipUser接口存在SQL注入漏洞,未经身份验证的远程攻击者除了可以利用SQL注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。漏洞范围:fofa:body="assets/8cca19ff/css/bootstrap-yii.css"处置措施关注厂商及时更新补丁或升级至安全版本
截止于下午6点
18.158.145.1539.100.78.5838.54.56.43192.144.214.21939.105.154.13338.60.254.21539.100.111.11339.101.204.250185.174.101.8039.101.76.24939.106.248.14939.107.61.144198.16.238.78194.59.31.3118.223.161.23639.34.79.130182.92.157.25185.104.181.13539.100.107.190193.36.119.250198.23.137.164185.117.118.21188.127.249.32192.227.248.201193.143.1.180195.66.87.23539.105.130.70194.182.188.42198.12.107.149185.196.11.5539.101.75.1262.2.2.103185.125.50.39192.252.178.181193.70.37.121194.113.72.1840.76.51.14193.143.1.195192.54.74.32192.151.157.114192.121.162.21192.227.249.230192.22.31.11185.81.114.195191.233.253.225186.102.167.1839.101.187.9739.100.94.68193.42.33.51193.29.56.122192.252.189.6238.54.23.133185.221.225.102186.71.150.23193.26.115.7438.6.178.161193.26.115.132182.92.214.11138.207.149.97185.235.242.16718.221.155.0181.214.152.13038.207.176.21839.100.106.193183.254.32.172193.26.115.78195.189.96.7039.100.85.24438.54.111.45185.158.248.107194.59.30.141192.227.234.14038.55.251.221185.64.246.150192.252.178.241185.154.52.150184.147.209.22139.100.70.22938.54.15.164191.144.152.5539.100.111.20818.140.63.42192.169.26.133193.148.166.24738.81.101.181185.225.201.6139.100.84.204188.166.78.20538.54.40.15639.107.225.19738.60.217.10638.6.190.81199.201.110.10538.55.26.37192.193.55.16039.100.120.237185.170.144.142196.75.182.240198.23.228.112192.227.137.122192.165.29.1284.231.28.21192.154.200.13118.191.219.171192.136.24.138.60.200.16138.61.3.36193.36.119.207198.58.123.4038.255.63.185185.216.70.7518.132.148.10639.101.70.82195.133.53.7439.104.66.132190.123.44.228195.90.209.113192.161.101.10185.18.222.24185.225.114.82188.166.252.8818.168.221.150198.46.182.60185.56.204.242185.254.37.80198.46.182.61198.46.182.6220.239.165.111182.119.140.169192.210.149.119197.207.20.12218.144.30.84192.210.149.126192.210.149.124192.210.149.125192.210.149.122192.210.149.123192.210.149.120192.210.149.121185.209.31.28185.234.72.188185.222.21.24238.55.234.19238.55.191.181198.46.182.52198.46.182.53198.46.182.50198.46.182.51192.227.238.8839.101.122.168192.227.238.89192.227.238.86192.227.238.87194.36.191.2218.169.194.5192.210.149.117192.210.149.118194.36.191.25192.210.149.115192.210.149.116192.227.238.84192.210.149.114192.227.238.85192.227.238.82192.227.238.83198.46.182.56193.36.119.110198.46.182.57198.46.182.54198.46.182.5540.71.163.16239.107.242.125198.46.182.5839.106.77.203198.46.182.59191.88.250.6338.207.179.24194.182.190.30184.54.46.2194.110.169.188192.227.238.91192.227.238.92192.227.238.90193.37.69.169194.87.102.49192.227.238.93192.227.238.94193.111.125.200195.123.217.2239.108.220.93185.208.158.113185.50.203.18238.99.82.23518.167.125.209189.18.237.1539.100.103.175192.3.179.133188.126.90.4192.210.213.221193.47.61.2514.191.74.1185.235.242.7638.47.226.69198.12.81.138194.26.135.11518.176.57.20339.106.48.91194.156.90.112191.173.187.73185.106.176.168183.176.135.22192.144.238.18194.63.129.24238.207.176.8340.81.131.0193.134.209.5938.55.186.6638.242.212.254185.196.8.4839.103.150.56185.196.9.11192.227.245.179192.227.245.17818.233.73.116192.227.244.215192.210.236.218192.227.244.21439.104.232.7639.106.2.240192.227.244.21319.168.29.97192.227.244.212192.227.244.211192.227.244.2104.223.138.20439.107.242.130185.216.70.112190.232.148.21193.32.149.59192.16.199.12538.54.30.122198.139.93.192193.26.115.34194.36.188.145192.144.234.75192.210.216.213192.210.216.214192.210.216.215192.210.216.216202.79.172.198192.210.216.210192.210.216.211193.26.115.42192.210.216.212194.87.254.64193.206.65.18038.45.126.24239.103.196.13439.105.191.1193.3.19.13638.54.16.50185.18.222.235192.210.216.217185.31.200.215192.210.216.218191.96.210.22338.242.21.22192.210.216.21939.100.109.22938.55.184.71193.17.92.24839.100.101.5539.106.50.1894.224.84.20192.210.216.220192.210.216.221192.210.216.222193.149.129.132193.106.30.99185.222.57.75185.196.9.22638.87.196.22139.106.72.19139.100.102.4039.105.13.236192.227.244.22238.54.2.165192.227.244.221192.227.244.22038.55.184.8239.101.1.39191.93.113.10192.227.244.21939.104.28.176192.227.244.218192.227.244.217192.227.244.21638.60.15.7538.60.217.159185.196.9.234199.248.230.106194.113.73.80185.196.10.247185.239.87.14539.105.126.8139.100.103.167198.244.144.231194.26.192.1324.248.13.38185.68.177.189198.44.250.238194.87.252.12193.181.23.187185.196.8.9339.104.230.18438.46.14.6239.109.126.10182.92.4.102192.227.229.201180.101.25.4839.107.191.49185.11.61.124185.239.70.229191.120.197.41185.196.10.224185.91.127.221185.150.26.240188.166.184.11818.170.246.7239.107.252.21139.100.112.195185.17.165.28194.58.33.24638.54.33.85185.95.165.130198.46.145.14040.230.189.47198.46.145.141184.72.112.171198.251.88.196198.46.145.142193.32.179.23438.55.197.17438.45.64.22339.104.22.98185.174.101.126192.3.241.235185.216.117.38192.200.7.251192.144.232.11180.222.140.29185.225.74.17039.105.93.251198.46.145.132198.46.145.133198.46.145.130198.46.145.131198.46.145.136198.46.145.137198.46.145.134198.46.145.13540.85.187.81191.72.198.214185.196.9.7198.46.145.138193.203.215.141198.46.145.139193.201.126.69194.163.168.80192.227.177.214192.144.233.1339.100.72.235194.87.252.224192.227.155.158185.234.218.239188.166.177.25195.80.148.103185.224.171.15539.105.24.180187.24.12.84192.169.75.13039.105.113.249193.201.9.183198.44.174.17739.101.198.2185.196.21.1434.233.75.23939.100.109.38194.36.171.3539.101.138.102183.144.22.56193.203.164.209192.210.136.197185.77.225.8839.160.219.207188.116.22.10939.105.213.32197.202.102.236195.90.201.13839.254.233.184192.163.31.61192.210.194.43185.80.130.127192.210.194.46196.168.48.11193.243.28.418.253.127.16718.189.106.45192.18.183.137194.59.30.11339.107.70.2638.6.184.12538.55.24.35192.3.211.19638.87.196.12185.218.126.174185.172.128.639.105.33.24118.217.214.178182.92.179.23839.106.153.195195.3.146.18338.6.177.76195.3.146.18239.101.205.127194.105.5.19439.107.67.21340.71.230.15738.207.178.198190.14.37.12193.168.7.4139.106.17.72194.26.192.5938.242.236.11618.192.213.182185.250.37.16838.80.1.20938.6.177.10518.183.19.253198.12.3.439.104.52.139.101.130.5318.222.52.18138.34.187.12194.87.196.12639.104.234.68192.3.55.6198.137.168.128191.89.247.6194.182.189.6182.135.42.23192.227.152.21739.103.146.165185.248.24.174182.92.216.171193.37.69.6340.76.112.142185.203.116.5139.100.86.42193.42.25.174192.3.39.236195.10.205.20339.107.241.12138.6.177.16183.131.85.64193.38.34.125192.227.245.182192.169.145.135192.227.245.181185.17.115.238192.227.245.184192.227.245.18338.6.179.130187.24.4.91192.192.182.12192.227.245.180182.204.180.148192.227.245.18939.109.127.135192.227.245.186192.227.245.185192.227.245.188192.227.245.187185.130.46.22939.108.234.4738.72.115.20339.105.39.6838.96.199.106198.7.121.101185.77.226.14238.55.185.79192.227.245.19038.55.197.5738.6.175.9439.105.137.242188.218.202.7192.187.126.12239.105.121.115185.241.208.18139.101.135.210185.16.43.59194.168.225.171194.206.77.18185.73.124.24120.212.165.13218.220.216.190190.123.44.116188.132.184.13180.76.231.10520.201.119.16320.40.46.96178.128.113.16818.190.123.1193.32.162.6418.176.67.169185.236.22.170159.75.164.94193.112.85.116185.196.11.252185.158.248.56190.136.178.52195.3.223.146198.23.135.53185.11.61.242178.16.141.152185.25.49.232194.87.252.24175.198.130.242194.75.124.16186.137.33.8218.216.87.25420.19.35.117185.186.146.2520.126.97.180193.134.211.50186.11.64.108193.188.22.9193.233.75.241181.131.217.222192.95.21.45185.208.158.154192.252.181.5620.126.23.602.59.119.17193.41.226.148195.190.55.11920.234.212.180185.174.101.246185.22.64.121198.98.62.146194.182.166.158192.3.16.18182.92.154.226183.153.87.92188.213.49.223185.62.86.134164.88.184.76178.154.204.198185.234.216.64192.227.177.21620.234.212.17620.234.212.177195.26.240.251185.22.64.219197.207.13.209185.208.158.176185.145.148.107181.214.152.98185.246.118.237181.129.104.139187.94.21.4720.205.173.25020.243.130.122184.55.9.149194.32.149.191189.54.163.123159.100.248.25518.197.239.109194.182.166.254198.23.156.25118.216.133.250193.117.208.147198.168.29.128192.9.231.106185.195.27.189182.147.8.167198.46.215.14018.195.227.45194.165.16.3220.15.126.102185.52.1.169185.229.237.20120.160.204.211193.168.31.205185.112.144.13618.212.125.15418.195.157.1802.59.117.34193.53.126.234194.233.90.144198.44.251.164185.142.184.12185.64.247.109192.46.208.206192.169.0.26194.26.192.147185.17.3.70194.62.250.122182.92.188.19820.39.209.20120.49.161.2620.2.223.147192.250.225.3182.160.6.136195.201.138.24120.244.96.7185.196.8.13618.210.173.156182.253.111.11194.31.150.48185.216.70.136198.168.101.134185.81.215.149159.75.132.99195.201.223.219185.62.56.1518.216.226.169193.134.211.189185.224.128.251190.214.13.2180.178.36.50194.59.31.235192.3.24.157192.144.231.110185.236.231.201194.195.122.86190.213.184.38185.243.5.53185.200.246.67185.172.128.136185.227.154.57188.85.58.83180.112.97.128194.5.212.154185.196.8.107198.23.210.141194.26.192.196181.129.134.18178.159.39.153194.26.192.19418.177.236.8720.231.208.18218.192.228.10018.222.224.220185.196.8.220185.241.208.93185.225.28.235183.14.66.247188.64.13.520.33.62.5620.19.89.127182.43.247.17220.250.35.91181.112.157.42182.92.96.159185.196.9.214193.105.244.234188.212.124.111180.97.183.107185.239.209.227194.233.89.187198.16.164.11180.210.220.75179.43.172.53180.152.199.21418.143.169.29185.241.193.81185.98.35.23185.196.8.1819.4.152.54185.241.208.138193.104.107.92193.124.205.80182.88.149.248195.114.193.217194.233.165.73195.15.243.169190.66.30.168192.3.101.133187.46.202.720.203.142.96185.186.245.34192.164.1.22198.44.186.172190.131.202.1820.189.79.97182.92.141.3018.215.46.181180.97.221.197159.75.166.1832.2.2.12194.164.194.149198.98.62.227193.112.199.6620.41.84.11318.220.2.106159.75.111.243185.174.101.164198.144.180.213185.144.92.19159.75.164.33185.104.195.215193.134.208.202192.3.12.13920.199.191.10320.42.56.4194.182.188.51192.144.220.12197.234.29.188192.250.226.28194.182.188.237185.241.124.218159.100.248.10018.192.31.165194.182.166.13185.197.251.134197.173.95.25418.219.151.49197.145.129.76194.163.175.163193.53.127.130194.59.31.14181.131.218.39184.185.107.720.250.0.198194.147.115.133186.83.189.181185.200.221.19193.43.94.149194.15.216.113195.112.117.161198.16.145.90198.211.103.11120.215.41.119188.242.176.217194.87.206.105188.232.249.167185.16.38.41185.44.71.197194.33.191.318.232.156.244178.73.218.14194.158.209.132194.26.192.3420.105.43.16920.168.0.131185.11.188.99178.33.203.39181.85.22.204185.200.221.15180.97.238.77185.16.38.38196.253.209.251185.162.75.192.40.9.131182.92.148.115188.116.22.177180.102.25.46188.119.67.185197.207.12.14194.59.30.143182.92.67.197195.201.16.30184.174.96.94188.214.128.130194.163.44.236179.125.146.204194.195.127.180195.133.40.13818.252.159.103192.210.162.1472.56.116.21018.64.169.51195.2.67.224195.15.243.230185.239.69.162185.3.45.6192.169.239.128192.210.226.110195.38.12.109194.67.204.7185.171.196.251185.171.196.252184.43.55.12718.193.196.64180.76.154.194180.76.121.68194.182.189.1842.40.108.188185.25.51.200195.123.225.88185.196.10.27193.179.192.5118.190.40.112185.117.250.169195.201.129.13820.51.215.23518.191.57.224195.230.23.126185.158.94.21720.211.145.94194.182.167.235185.246.189.48178.62.80.12718.168.121.23189.214.79.212197.37.229.176188.214.122.88185.234.216.143185.22.152.167182.61.59.147185.130.45.147192.241.128.7192.3.86.166194.59.31.7420.226.0.95192.169.6.122185.113.8.135192.169.219.210187.21.225.111193.101.132.17179.14.8.26182.43.143.162178.128.112.20918.210.161.224159.100.250.203185.34.52.14020.255.58.253194.113.75.56194.87.69.132191.101.233.15198.23.149.76194.36.190.6720.212.244.21620.41.214.161181.71.216.30194.182.164.34182.92.238.3120.183.107.127195.14.123.64192.227.228.34185.241.208.213186.148.224.86198.214.243.120185.238.32.14020.124.95.169192.227.155.20120.52.146.50188.166.9.214183.4.248.69178.236.43.23192.252.181.106194.87.147.173178.73.218.8185.243.240.95193.42.37.56193.124.205.3185.243.172.25320.108.2.76192.3.44.21720.165.46.156182.92.235.68194.89.154.20720.16.73.54194.0.206.23198.176.63.213195.146.6.59182.255.44.86185.35.4.119185.243.115.502.29.196.40182.253.113.67178.62.5.113192.227.232.151190.232.148.99185.87.150.199198.58.99.111193.46.243.117194.147.140.13518.167.36.79180.76.54.181185.196.10.121194.87.213.6185.196.9.60185.219.84.231192.3.128.20418.207.197.162188.127.227.20818.169.80.101192.3.179.162194.4.49.8159.100.248.2520.52.130.24190.14.159.20159.100.246.87195.218.88.181192.227.234.164190.92.227.9185.11.61.8520.15.235.10185.237.252.174194.156.99.171194.163.44.9620.234.209.6720.234.209.66188.166.112.100194.59.31.172193.42.63.146198.46.190.5418.214.230.120185.203.114.122193.123.61.173192.94.242.123199.247.7.198193.109.120.191198.12.116.99185.212.47.40192.203.101.38194.182.166.198195.90.216.97192.169.29.2185.196.9.17218.35.120.147183.56.251.1193.183.68.128191.101.15.138189.111.227.227198.162.0.1180.76.136.235159.100.254.186182.92.86.16198.23.137.110198.46.233.1120.221.165.128185.10.12.36198.44.170.70185.196.9.181180.184.69.31185.216.117.157192.167.110.138193.134.211.38188.68.229.41183.31.203.141185.25.51.99188.25.10.129185.156.73.148196.70.214.102159.75.148.67194.180.191.6185.64.246.135192.3.95.131195.133.32.194182.254.140.582.224.144.191159.100.245.70184.174.96.71185.196.9.197187.24.4.218187.185.196.16185.126.117.55177.26.95.91198.41.40.100195.197.77.253185.52.1.46185.3.95.209185.74.222.13320.2.209.212185.243.240.54185.239.226.11185.88.175.105185.130.44.166194.26.192.154192.253.234.80194.163.168.9192.210.150.25194.87.234.191159.100.253.166192.144.219.118193.105.245.220185.104.112.206192.3.189.182198.23.227.17520.5.43.62178.128.39.255180.113.15.195185.16.39.245185.69.153.72171.99.147.172192.3.108.47185.201.226.192154.215.17.171154.215.23.161154.215.17.176154.215.17.177154.215.17.174154.215.17.175154.204.43.76154.204.32.69156.224.24.144154.198.245.62154.215.17.161154.215.17.162154.215.17.165154.215.17.166154.215.17.163154.215.17.164154.8.158.16154.92.18.159159.75.180.29159.75.120.80192.166.10.119154.197.98.159159.75.170.201156.195.2.182207.90.244.6178.128.94.4218.118.172.14288.214.25.16156.232.186.206156.232.186.207156.232.186.208156.194.86.44156.232.186.209156.194.63.46156.232.186.21018.119.104.19178.73.192.2179.243.0.223156.232.186.212156.232.186.213156.232.186.214156.232.186.215156.232.186.216154.92.18.140154.12.31.24156.232.186.217156.232.186.218156.232.186.219156.232.186.220156.232.186.221156.232.186.222154.201.75.150154.38.161.223154.215.21.171154.215.21.17218.162.41.97154.215.21.170154.215.21.175179.60.150.147156.21.163.76154.215.21.173154.215.21.174154.92.18.103154.8.156.4818.132.42.106178.128.81.147152.89.92.204178.215.236.224154.8.157.205178.62.62.918.136.214.207163.5.64.209154.215.21.168154.215.21.16918.141.47.57154.215.21.166154.215.21.167154.215.21.161154.215.21.164159.75.77.33154.215.21.165154.215.21.162154.201.66.219154.201.70.73154.215.21.163154.219.177.142154.219.177.143154.219.177.144154.219.177.145154.219.177.146154.219.177.147154.219.177.148154.201.70.254154.219.177.149177.228.123.124154.219.177.150154.219.177.151154.219.177.152178.13.212.27154.198.194.220156.194.218.180154.219.177.139154.82.92.47154.205.157.65154.219.177.131154.219.177.132154.219.177.133154.219.177.134154.219.177.135154.219.177.136154.219.177.137154.219.177.138156.232.186.201156.232.186.202156.232.186.203154.219.177.140156.232.186.204154.219.177.141156.232.186.205156.194.231.618.163.119.175156.195.158.173154.219.177.130154.9.227.54156.224.20.147156.194.104.2218.134.122.43155.20.110.167154.220.255.207154.91.64.22154.198.227.90159.75.51.6418.162.61.95178.63.172.20154.9.25.67159.75.201.58178.62.232.12155.138.237.249154.92.14.6162.14.102.143154.215.18.188154.215.18.189154.219.3.167154.204.177.22159.75.239.202154.215.18.180154.215.18.181154.215.18.182154.215.18.183154.215.18.184154.215.18.185154.215.18.186154.215.18.187179.60.149.214154.201.87.185158.69.68.223178.18.252.98154.215.18.177156.195.143.153154.215.18.178178.128.92.166154.215.18.179178.62.220.127154.215.18.170154.215.18.171154.215.18.172154.215.18.173154.215.18.174220.181.108.91154.215.18.175154.215.18.17618.102.93.155154.8.193.47154.204.177.133154.215.18.166154.215.18.167154.215.18.168154.215.18.169220.181.108.93154.82.92.142154.215.18.161159.75.254.173154.215.18.162178.128.59.129154.215.18.163178.208.94.64154.215.20.167154.8.204.80154.215.20.168159.75.150.254154.215.20.169154.215.20.163156.194.17.118154.215.20.164154.215.20.165154.215.20.166154.215.20.161154.215.20.16218.135.209.57154.215.19.163154.215.19.164154.215.19.161154.215.19.162156.194.18.157218.92.0.31154.201.83.203154.215.19.169154.215.19.167154.215.19.168154.215.19.165154.215.19.166154.90.63.253154.92.19.225156.195.37.3818.134.45.34159.75.188.21618.166.113.176154.215.19.174154.215.19.175218.92.0.29154.215.19.172154.215.19.173154.215.19.170154.215.19.17147.76.172.225154.205.138.168156.194.88.104154.215.19.178154.215.20.189154.215.19.179156.224.21.68154.215.19.176154.215.19.177154.215.20.185154.215.20.186154.215.20.187154.215.20.188154.215.20.181154.215.20.182156.224.20.92154.19.167.98154.215.20.183154.215.20.18418.158.243.74154.215.20.180154.215.19.185154.215.19.186154.215.19.183154.215.19.184154.215.19.181154.215.19.182154.215.19.180156.194.255.219154.8.202.157154.215.19.189154.215.20.17818.159.228.20179.234.27.47154.215.20.179154.215.19.187154.215.19.188154.8.161.14156.194.88.111154.219.177.153154.215.20.174154.219.177.154154.215.20.175154.219.177.155154.215.20.176154.219.177.156154.215.20.177154.219.177.157154.215.20.17018.162.204.69154.215.20.171154.219.177.158154.215.20.172154.215.20.173154.19.203.157179.13.4.3718.119.137.18518.159.137.30159.75.187.222156.224.20.35154.204.180.125154.215.18.164154.215.18.165178.159.14.77179.60.149.232220.181.108.82156.211.214.15154.19.161.11154.8.160.9318.130.37.164154.219.164.218154.219.164.219159.100.6.167178.20.42.245178.250.189.9178.128.43.134179.109.77.210154.219.164.220156.194.122.72154.9.246.151154.219.164.221179.61.246.206154.219.164.222156.224.26.122154.88.6.224154.8.205.130179.14.9.152155.133.26.131159.100.253.81156.224.25.208159.100.22.98178.61.174.243159.100.246.241156.232.192.101156.232.186.198156.232.192.100156.232.186.199156.232.192.103154.82.76.34156.232.192.102156.232.192.108156.232.192.105156.232.186.194156.232.192.104156.232.186.195159.75.170.77156.232.192.107156.232.186.196156.232.192.106156.232.186.197178.63.252.192154.44.10.182154.92.14.41153.127.202.149154.201.86.47156.194.99.238154.205.128.78159.100.247.19193.174.95.106156.194.148.31155.43.127.60179.60.150.34156.170.250.201178.248.108.13461.188.233.235156.194.61.204156.116.114.12159.100.6.4536.155.130.71154.215.17.189156.215.216.18818.143.88.183154.204.58.6154.219.2.167154.62.24.122154.221.16.3154.9.225.100179.60.150.57154.82.95.108156.194.194.58154.215.17.178154.215.17.179154.215.17.183154.215.17.18418.159.64.109154.215.17.181154.215.17.182154.215.17.187154.215.17.188154.215.17.185155.94.204.217154.215.17.186154.215.17.180156.224.24.157154.215.17.169154.215.17.167154.215.17.168159.75.132.199154.215.17.172154.215.17.173154.215.17.170125.123.143.129182.92.223.165218.60.251.18934.170.36.9627.22.49.6947.95.210.9327.22.31.117101.132.253.139116.209.108.17123.95.190.19059.110.170.117119.98.220.21027.98.228.9239.107.84.15827.22.50.20914.204.197.21185.165.191.275.59.248.66185.165.191.26121.40.247.6643.155.147.38222.141.112.21339.105.53.17227.22.31.2303.15.154.27171.80.96.110216.219.94.14747.99.132.104104.244.79.4651.89.229.59119.101.50.36116.209.109.130223.104.41.18439.105.125.19060.16.218.254194.165.17.13117.27.115.164183.141.123.32193.118.51.12639.105.219.10627.22.62.17147.92.54.30119.98.220.2942.5.155.24842.52.166.12147.92.28.24742.5.104.25047.98.171.18119.98.222.4545.156.128.5739.105.34.5427.22.48.109183.141.195.22442.194.177.237182.92.4.240110.177.180.45207.90.244.2219.139.184.49120.85.115.11545.156.130.1571.6.167.142112.85.127.194221.235.222.3947.93.55.114121.199.14.196123.234.173.171123.57.234.96185.128.40.19845.148.10.251115.230.135.20145.66.231.91106.15.48.11939.105.175.25594.103.183.79203.6.239.239123.56.21.226112.126.80.14642.230.61.12546.23.108.170115.48.9.939.105.104.244121.40.187.1239.105.153.76115.231.78.339.105.114.177129.211.99.120185.224.128.7439.106.6.15347.98.205.57209.141.59.48104.152.52.42101.132.181.10139.105.99.2839.106.77.74125.212.217.21547.98.200.100152.32.190.16027.22.51.174103.228.36.203123.56.234.13839.105.143.139185.230.143.39182.92.64.10836.133.221.105121.41.2.7747.93.55.148128.14.209.4227.22.50.129120.26.48.70141.98.11.55223.104.40.73125.72.179.216101.200.218.133121.40.155.32106.14.56.187149.50.116.115111.192.176.445.156.128.90180.130.233.19647.97.168.239.105.3.8184.54.51.127112.126.83.22389.248.172.1698.96.193.439.106.16.76125.125.238.83116.209.100.228101.37.76.175182.126.127.238193.118.52.3460.10.15.2492.249.48.19742.4.124.8745.156.129.6947.102.40.18539.105.232.21739.107.80.17645.156.129.7339.105.130.23247.92.192.23182.92.167.63193.177.182.4071.6.199.23139.196.145.11954.147.118.190120.55.101.22527.22.63.205103.129.126.9347.96.144.8493.123.85.1445.128.232.20045.156.129.7839.105.185.13123.56.114.74175.174.91.18345.128.232.8094.156.248.3140.246.166.191115.231.78.10112.125.88.1747.98.220.17549.232.195.939.105.134.20481.70.246.129123.57.129.241119.98.220.80182.127.152.33119.101.50.25115.239.27.19124.220.11.15761.52.157.16445.128.232.9139.107.94.2977.105.166.7445.128.232.9582.156.219.16214.116.239.36
目前纷传已更新漏洞如下:
2024-07-22总更新漏洞如下:
-
U8cloud系统MeasureQueryframeAction SQL注入漏洞 -
用友 GRP-A-Cloud 政府财务云 selectGlaDatasourcePreview SQL注入漏洞 -
北京致远互联软件股份有限公司AnalyticsCloud分析云存在任意文件读取漏洞 -
蓝凌KEP前台RCE漏洞 -
泛微E-office-10接口leave_record.php存在SQL注入漏洞 -
1Panel面板最新前台RCE漏洞(CVE-2024-39911) -
SuiteCRM系统接口responseEntryPoint存在SQL注入漏洞(CVE-2024-36412) -
Netgear-WN604接口downloadFile.php信息泄露漏洞(CVE-2024-6646) -
Nacos远程代码执行漏洞 -
LiveNVR流媒体服务软件接口存在未授权访问漏洞 livenvr 青柿视频管理系统 channeltree 存在未授权访问漏洞 -
fogproject系统接口export.php存在远程命令执行漏洞(CVE-2024-39914) -
全息AI网络运维平台ajax_cloud_router_config.php存在命令执行漏洞 -
广联达OA接口ArchiveWebService存在XML实体注入漏洞 -
亿赛通数据泄露防护(DLP)系统NetSecConfigAjax SQL 注入 漏洞 -
亿赛通数据泄露防护(DLP)系统 NoticeAjax SQL 注入漏洞 -
用友CRM系统import.php任意文件上传漏洞 -
用友GRP A++Cloud政府财务云存在任意文件读取漏洞 -
瑞友天翼应用虚拟化系统hmrao.php存在SQL注入漏洞 -
红海云eHR-PtFjk.mob存在任意文件上传漏洞 -
福建科立讯通信指挥调度管理平台ajax_users.php存在SQL注入漏洞 -
泛微OA E-Cology ln.FileDownload文件读取漏洞 -
大华DSS数字监控系统存在SQL注入漏洞
2024-07-23 总更新如下:
原文始发于微信公众号(TeamSecret安全团队):【2024Hvv情报】日报总结-day2
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论