tongda 漏洞列表
共找到 33 个与 tongda 相关的漏洞
📅 加载漏洞趋势中...
-
tongda-down-php-unauthorized-access: 通达OA down.php存在未授权访问漏洞 POC
通达OA(Office Anywhere网络智能办公系统) inc/package/down.php 接口存在未授权访问漏洞,通过此漏洞攻击者构造特殊链接,下载敏感文件,获取企业员工个人信息。 Fofa: app="TDXK-通达OA" -
tongda-oa-api-ali-upload: 通达OA v11.8 api.ali.php任意文件上传漏洞 POC
通达OA(OfficeAnywhere网络智能办公系统)是由北京通达信科科技有限公司自主研发的协同办公自动化软件,是与中国企业管理实践相结合形成的综合管理办公平台。通达存在任意文件上传漏洞,攻击者可以通过指定接口上传任意文件,获取服务器管理权限。 fofa-query: app="TDXK-通达OA" -
tongda-online-user-session-disclosure-login: 通达OA Online User Session Disclosure and Login POC
通达OA v11.7 中存在某接口查询在线用户,当用户在线时会返回 PHPSESSION使其可登录后台系统 -
tongda-path-traversal: Office Anywhere TongDa - Path Traversal POC
Office Anywhere (OA) is susceptible to path traversal vulnerabilities which can be leveraged to perform remote code execution. -
tongda-action-uploadfile: Tongda OA v2017 action_upload - Arbitrary File Upload POC
Tongda OA v2017 action_upload.php file filtering is insufficient and does not require background permissions, resulting in arbitrary file upload vulnerabilities -
tongda-api-file-upload: Tongda OA v11.8 api.ali.php - Arbitrary File Upload POC
Tongda OA v11.8 api.ali.php has an arbitrary file upload vulnerability. An attacker can upload malicious files to control the server through the vulnerability. -
tongda-auth-bypass: Tongda OA 11.7 - Authentication Bypass POC
Tongda OA is a collaborative office automation software independently developed by Beijing Tongda Xinke Technology Co., LTD v11.7 has the interface query online user function, when the user is online, it will return PHPSESSION so that it can log in to the background system. -
tongda-contact-list-exposure: Tongda OA v2014 Get Contactlistt - Sensitive Information Disclosure POC
There is an information leakage vulnerability in the get_contactlist.php file of Tongda OA v2014. Attackers can obtain sensitive information through the vulnerability and conduct further attacks. -
tongda-getdata-rce: Tongda OA v11.9 getadata - Remote Code Execution POC
There is an arbitrary command execution vulnerability in the getdata interface of Tongda OA v11.9. An attacker can execute arbitrary commands on the server to control server permissions through the vulnerability. -
tongda-getway-rfi: Tongda OA v11.8 getway.php - Remote File Inclution POC
There is a file inclusion vulnerability in Tongda OA v11.8 getway.php, an attacker sends a malicious request to include a log file, resulting in an arbitrary file writing vulnerability -
tongda-insert-sqli: Tongda OA v11.6 Insert Parameter - SQL Injection POC
Tongda OA v11.6 insert parameters contain SQL injection vulnerabilities, through which attackers can obtain sensitive database information -
tongda-login-code-authbypass: Tongda OA v11.8 logincheck_code.php - Authentication Bypass POC
There is a login bypass vulnerability in Tongda OA v11.8 logincheck_code.php, through which an attacker can log in to the system administrator background -
tongda-meeting-unauth: Tongda OA Meeting - Unauthorized Access POC
Tongda Meeting Unauthorized Access were Detected. -
tongda-oa-swfupload-sqli: Tongda OA v11.5 swfupload_new.php - SQL Injection POC
There is a SQL injection vulnerability in the swfupload_new.php file of Tongda OA v11.5. An attacker can obtain sensitive information of the server through the vulnerability. -
tongda-path-traversal: Office Anywhere TongDa - Path Traversal POC
Office Anywhere (OA) is susceptible to path traversal vulnerabilities which can be leveraged to perform remote code execution. -
tongda-report-func-sqli: Tongda OA v11.6 report_bi.func.php - SQL injection POC
Tongda OA v11.6 report_bi.func.php has a SQL injection vulnerability, and attackers can obtain database information through the vulnerability. -
tongda-session-disclosure: Tongda User Session Disclosure POC
Tongda User session exposed. -
tongda-video-file-read: Tongda OA V2017 Video File - Arbitrary File Read POC
There is an arbitrary file reading vulnerability in Extreme OA video_file.php. An attacker can obtain sensitive files on the server through the vulnerability. -
tongdaoa-auth-bypass: Tongda OA - Authentication Bypass POC
Tongda OA is an OA system. The old version of header.inc.php has an authentication bypass vulnerability. An attacker can construct a malicious request to access header.inc.php, obtain the cookie, pass identity authentication, log in to the backend, perform related sensitive operations, and cause sensitive information leakage, etc. -
通达 OA submenu.php 未授权 SQL注入漏洞 无POC
-
TONGDA Office Anywhere 授权问题漏洞 无POC
TONGDA Office Anywhere是一套协同办公OA系统。 TONGDA Office Anywhere 11.2至11.6版本存在授权问题漏洞,该漏洞源于不正确的授权。 -
TONGDA Office Anywhere 资源管理错误漏洞 无POC
TONGDA Office Anywhere是一套协同办公OA系统。 TONGDA Office Anywhere 2017 11.7及之前版本存在资源管理错误漏洞,该漏洞源于资源消耗。 -
TONGDA Office Anywhere SQL注入漏洞 无POC
TONGDA Office Anywhere是一套协同办公OA系统。 TONGDA Office Anywhere 2017 11.10及之前版本存在SQL注入漏洞,该漏洞源于参数where_repeat存在SQL注入。 -
TONGDA Office Anywhere SQL注入漏洞 无POC
TONGDA Office Anywhere是一套协同办公OA系统。 TONGDA Office Anywhere 2017 11.9及之前版本存在SQL注入漏洞,该漏洞源于参数dataSrc存在SQL注入。 -
通达OA pda/appcenter/submenu.php SQL注入漏洞 无POC
TONGDA Office Anywhere是一套协同办公OA系统。 TONGDA Office Anywhere 2017 11.6及之前版本存在SQL注入漏洞,该漏洞源于参数appid存在SQL注入。 -
通达OA /get_columns.php SQL 注入漏洞 无POC
通达OA(Office Anywhere网络智能办公系统)是由北京通达信科科技有限公司自主研发的协同办公自动化软件,是与中国企业管理实践相结合形成的综合管理办公平台。通达OA /get_columns.php 接口存在SQL注入。攻击者可以利用 SQL 注入漏洞获取数据库中的信息,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。 -
通达OA /mysql/index.php 未授权访问漏洞 无POC
通达OA (0fice Anywhere网络智能办公系统)是由通达信科科技自主研发的协同办公自动化软件,是与中国企业管理实践相结合形成的综合管理办公平台。通达OA为各行业不同规模的众多用户提供信息化管理能力,包括流程审批、行政办公、日常事务、数据统计分析、即时通讯、移动办公等,帮助广大用户降低沟通和管理成本,提升生产和决策效率。通达OA /mysql/index.php存在未授权访问,攻击者可以不需要账号密码直接访问系统的phpmyadmin,造成敏感信息泄露。 -
通达OA /applyprobygroup 接口存在SQL注入漏洞 无POC
通达OA applyprobygroup存在前台SQL注入漏洞。 -
Tongda2000 CVE-2022-24206 SQL注入漏洞 无POC
Tongda2000存在SQL注入漏洞,此漏洞是缺乏校验导致的。 -
Tongda OA CVE-2023-5019 SQL注入漏洞 无POC
-
通达OA /wiki/cp/manage/delete.php 路径存在SQL注入漏洞 无POC
Tongda2000是中国通达(Tongda)公司的一套网络智能办公系统。 Tongda OA 2017 11.10及之前版本存在SQL注入漏洞,该漏洞源于general/wiki/cp/manage/delete.php 存在未知函数,通过参数 TERM_ID_STR 导致 SQL 注入。 -
通达OA /im/upload.php 路径存在任意文件上传漏洞 无POC
通达oa办公系统为您提供移动办公,微信办公,协同办公,流程管理,信息门户,知识管理,任务项目,系统集成,费控管理等,全面提高工作效率。 通达oa办公系统存在任意文件上传漏洞,并且可配合文件包含导致任意代码执行,攻击者可在服务器端执行任意代码,写入后门,获取服务器权限,进而控制整个web服务器。 -
通达OA /gateway/getdata 接口存在远程代码执行漏洞 无POC
远程代码执行漏洞是指攻击者通过某些漏洞在服务器上执行任意代码,这通常是由于应用程序对外部输入的验证不足或处理不当造成的。攻击者可以利用这个漏洞上传恶意代码或直接通过HTTP请求发送恶意代码,从而控制服务器,进行包括数据窃取、网站篡改、服务器资源滥用等在内的多种恶意行为。