ÿÖÜÉý¼¶Í¨¸æ-2022-12-27
Ðû²¼Ê±¼ä 2022-12-27
ÊÂÎñÃû³Æ£º | HTTP_ÌáȨ¹¥»÷_Cacti_ÏÂÁîÖ´ÐÐ[CVE-2022-46169][CVE-2022-46169] |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | CactiÏîÄ¿ÊÇÒ»¸ö¿ªÔ´Æ½Ì¨£¬¿ÉΪÓû§ÌṩǿʢÇÒ¿ÉÀ©Õ¹µÄ²Ù×÷¼à¿ØºÍ¹ÊÕÏÖÎÀí¿ò¼Ü¡£ÓÉÓÚremote_agent.phpÖеÄcasePOLLER_ACTION_SCRIPT_PHPÔÚʹÓÃproc_openº¯Êýʱδ¶Ô´«ÈëµÄpoller_id²ÎÊý×öÑÏ¿á¹ýÂË£¬¹¥»÷Õ߿ɽṹ֪×ãÌõ¼þµÄpayload¶ÔÏà¹ØÄ¿µÄϵͳ¾ÙÐÐÏÂÁî×¢È룬µ¼ÖÂÔ¶³ÌÏÂÁîÖ´ÐС£Ó°Ïì¹æÄ££ºCacti==1.2.22 |
¸üÐÂʱ¼ä£º | 20221227 |
ÊÂÎñÃû³Æ£º | TCP_ÌáȨ¹¥»÷_Hessain_lite_´úÂëÖ´ÐÐ[CVE-2022-39198] |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | HessianÊÇÒ»ÖÖ¶¯Ì¬ÀàÐ͵Ķþ½øÖÆÐòÁл¯ºÍWeb·þÎñÐÒ飬רΪÃæÏò¹¤¾ßµÄ´«Êä¶øÉè¼Æ¡£Hessian-lite×î³õÊǹٷ½hessianµÄApachedubboembed°æ±¾£¬Õâ¸öÄ£¿éØʺó´ÓDubboÖÐÊèÉ¢³öÀ´¡£DubboµÄËùÓзÖÖ§£º2.5.x¡¢2.6.x(×Ô2.6.3)ºÍ2.7.x¶¼ÒÀÀµÓÚËü¡£ÓÉÓÚHessian-liteÔÚ¾ÙÐÐÐòÁл¯Êý¾Ý´«Êäʱ±£´æÎó²î£¬¹¥»÷Õß¿Éͨ¹ýÈ«ÐĹ¹½¨µÄpayloadÈƹý¹Ù·½µÄºÚÃûµ¥ÀàÏÞÖÆ£¬´Ó¶øÔÚÄ¿µÄÖ÷»úÉÏÔì³ÉÔ¶³Ì´úÂëÖ´ÐС£ |
¸üÐÂʱ¼ä£º | 20221227 |
ÊÂÎñÃû³Æ£º | HTTP_Îļþ²Ù×÷¹¥»÷_ThinkPhp_lang_pearcmd_Îļþ°üÀ¨[CVE-2022-47945] |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | ¼ì²âµ½Ô´ipÕýÔÚʹÓÃThinkphp¶àÓïÑÔ¹¦Ð§Öб£´æµÄĿ¼´©Ô½¾ÙÐÐÎļþ°üÀ¨¹¥»÷¡£ThinkPHPÊÇÒ»¸öÔÚÖйúʹÓý϶àµÄPHP¿ò¼Ü¡£ÔÚÆä6.0.13°æ±¾¼°ÒÔÇ°£¬±£´æÒ»´¦ÍâµØÎļþ°üÀ¨Îó²î¡£µ±¶àÓïÑÔÌØÕ÷±»¿ªÆôʱ£¬¹¥»÷Õß¿ÉÒÔʹÓÃlang²ÎÊýÀ´°üÀ¨í§ÒâPHPÎļþ£¬²¢½øÒ»²½Í¨¹ýpearcmd.phpʵÏÖí§ÒâÎļþдÈë¡£ |
¸üÐÂʱ¼ä£º | 20221227 |
ÊÂÎñÃû³Æ£º | HTTP_ÌáȨ¹¥»÷_fuelCMS_1.4.1_´úÂëÖ´ÐÐ[CVE-2018-16763] |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | FUELCMSÊÇÒ»¿î»ùÓÚCodeIgniterµÄÄÚÈÝÖÎÀíϵͳ¡£Æä1.4.1°æ±¾±£´æÎó²î£¬ÔÊÐíͨ¹ýpages/select/Ö´ÐÐphp´úÂ룬Õâ¿ÉÄܻᵼÖÂÔ¶³Ì´úÂëÖ´ÐС£ |
¸üÐÂʱ¼ä£º | 20221227 |
ÐÞ¸ÄÊÂÎñ
ÊÂÎñÃû³Æ£º | HTTP_ÌáȨ¹¥»÷_DrayTek_Ô¤Éí·ÝÑéÖ¤_ÏÂÁîÖ´ÐÐ[CVE-2020-8515] |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | ¼ì²âµ½¹¥»÷ÕßʹÓÃDrayTekÔ¤Éí·ÝÑéÖ¤´¦µÄÁ½´¦ÏÂÁî×¢ÈëÎó²î¾ÙÐй¥»÷µÄÐÐΪ¡£DrayTekÊÇÒ»¼ÒÔÚÖйúÉú²ú·À»ðǽ£¬VPN×°±¸£¬Â·ÓÉÆ÷£¬WLAN×°±¸µÈµÄÖÆÔìÉÌ¡£¸ÃÎó²îÔ´ÓÚ/cgi-bin/mainfunction.cgi³ÌÐòδ׼ȷ¹ýÂËkeyPath×ֶκÍrtick×Ö¶ÎÆäÖеÄÌØÊâ×Ö·û£¬¹¥»÷Õß¿ÉʹÓøÃÎó²î²»¾ÓÉÉí·ÝÑéÖ¤ÒÔrootȨÏÞÖ´ÐдúÂë¡£¹¥»÷Àֳɣ¬¿ÉÒÔrootȨÏÞÖ´ÐдúÂë |
¸üÐÂʱ¼ä£º | 20221227 |
ÊÂÎñÃû³Æ£º | TCP_Éó¼ÆÊÂÎñ_java.lang.ProcessBuilder_´úÂëÖ´ÐÐ |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | ¼ì²âµ½Ô´Ä¿µÄIPÕýÔÚʹÓÃJava¶¯Ì¬Å²ÓÃjava.lang.ProcessBuilder·½·¨¾ÙÐÐÔ¶³Ì´úÂëÖ´Ðй¥»÷µÄÐÐΪ¡£ÔÚJavaÖУ¬³ÌÐò¿ª·¢Ö°Ô±Í¨³£»áͨ¹ý¶¯Ì¬Å²ÓÃjava.lang.ProcessBuilder·½·¨Ö´ÐÐÍⲿµÄShellÏÂÁî¡£ProcessBuilderÊÇjava5.0ÒýÈëµÄ£¬start()ÒªÁì·µ»ØProcessµÄÒ»¸öʵÀý¡£Í¨³£ÔÚJavaÏà¹ØµÄÓ¦ÓÃϵͳÖУ¬ÈôÊÇ´¦Öóͷ£ÍâÊÖÏÂÁîÖ´ÐÐʱ£¬Ã»ÓжÔÓû§µÄÊäÈë×öºÏÀíÓÐÓõĹýÂË£¬¹¥»÷Õß¿ÉÒÔʹÓÃÕâ¸öÎó²îÔ¶³Ì×¢ÈëÏÂÁî»ò´úÂë²¢Ö´ÐС£ÖîÈçStruts2¡¢SpringÕâЩӦÓÃÒ»¾±»Åû¶³ö±£´æJavaÔ¶³Ì´úÂëÖ´ÐÐÎó²î£¬ÀýÈçOgnl±í´ïʽºÍSpEL±í´ïʽµÄí§Òâ´úÂëÖ´ÐÐÎó²î¡£¹¥»÷Õßͨ¹ý¶¯Ì¬Å²ÓÃjava.lang.ProcessBuilder·½·¨ÔÚÓÐȱÏÝÓ¦ÓÃÖÐÖ´ÐÐí§Òâ´úÂë»òÏÂÁ½øÒ»²½ÍêÈ«¿ØÖÆÄ¿µÄ·þÎñÆ÷¡£ÊµÑéÔ¶³ÌÖ´ÐÐí§Òâ´úÂë¡£ |
¸üÐÂʱ¼ä£º | 20221227 |
ÊÂÎñÃû³Æ£º | HTTP_Îļþ²Ù×÷¹¥»÷_ThinkPhp_lang_Îļþ°üÀ¨[CVE-2022-47945] |
Çå¾²ÀàÐÍ£º | Çå¾²Îó²î |
ÊÂÎñÐÎò£º | ¼ì²âµ½Ô´ipÕýÔÚʹÓÃThinkphp¶àÓïÑÔ¹¦Ð§Öб£´æµÄĿ¼´©Ô½¾ÙÐÐÎļþ°üÀ¨¹¥»÷¡£hinkPHPÊÇÒ»¸öÔÚÖйúʹÓý϶àµÄPHP¿ò¼Ü¡£ÔÚÆä6.0.13°æ±¾¼°ÒÔÇ°£¬±£´æÒ»´¦ÍâµØÎļþ°üÀ¨Îó²î¡£µ±¶àÓïÑÔÌØÕ÷±»¿ªÆôʱ£¬¹¥»÷Õß¿ÉÒÔʹÓÃlang²ÎÊýÀ´°üÀ¨í§ÒâPHPÎļþ¡£ |
¸üÐÂʱ¼ä£º | 20221227 |