yonyou nc 漏洞列表
共找到 11 个与 yonyou nc 相关的漏洞
📅 加载漏洞趋势中...
-
yonyou-nc-accept-upload: YonYou NC Accept Upload POC
fofa:icon_hash="1085941792" -
yonyou-nc-cloud-getStaffInfo-sqli: Yonyou NC-Cloud getStaffInfo SQL Injection POC
Yonyou NC-Cloud getStaffInfo interface has a SQL injection vulnerability. The vulnerability allows attackers to execute arbitrary SQL statements through maliciously crafted requests. FOFA: app="用友-NC-Cloud" -
yonyou-nc-cloud-uapjs-rce: 用友 Yonyou NC uapjs RCE POC
Fofa: app="用友-NC-Cloud" -
yonyou-nc-portalsesInittoolservice-disclosure: 用友 portalsesInittoolservice 泄露数据库账号密码 POC
用友 portalsesInittoolservice 泄露数据库账号密码 fofa: app="用友-UFIDA-NC" -
yonyou-nc-savexmltofileservlet-fileupload: YONYOU NC saveXmlToFIleServlet接口文件上传 POC
fofa: title="YONYOU NC" -
yonyou-filereceiveservlet-fileupload: Yonyou NC FileReceiveServlet - Aribitrary File Upload POC
An unauthorized attacker can upload a file via the FileReceiveServlet endpoint. -
yonyou-nc-accept-fileupload: YonYou NC Accept Upload - Arbitray File Upload POC
Arbitrary file upload vulnerability in UFIDA N C accept.jsp . An attacker can obtain website permissions through the vulnerability. -
yonyou-nc-baseapp-deserialization: Yonyou NC BaseApp UploadServlet - Deserialization Detect POC
Yonyou NC is an enterprise-level management software, widely used in large and medium-sized enterprises.Realize modeling, development, inheritance, operation, management integration of IT solution information platform.UFIDA NC for C/S architecture, the use of Java programming language development, the client can directly use UClient, the server interface for HTTP.A page of UFIDA NC6.5, there is arbitrary file upload vulnerability.The cause of vulnerability is that there is no type restriction at the uploading file, and an attacker without authentication can take advantage of this vulnerability by sending special data packets to the target system, and a remote attacker who successfully takes advantage of this vulnerability can upload any file to the target system to execute commands. -
yonyou-nc-grouptemplet-fileupload: UFIDA NC Grouptemplet Interface - Unauthenticated File Upload POC
The UFIDA NC Grouptemplet Interface permits unauthenticated users to upload potentially malicious files. -
yonyou-nc-ncmessageservlet-rce: UFIDA NC NCMessageServlet - Deserialization RCE Detection POC
UFIDA NC is in the process of processing client request data. Insufficient checking and filtering when deserializing user-supplied data can lead to malicious deserialization operations and execution of commands on the operating system. After analysis, security researchers found that the system has many exploit points for deserialization. Currently, the official vulnerability fix plan is to perform deserialization whitelist control on known exploit points and repair some exploit chain dependencies. The possibility of similar problems occurring in the system in the future is still high. -
yonyouNC 任意命令执行 无POC
用友NC是一款企业级ERP软件。用友NC存在远程命令执行漏洞,攻击者利用该漏洞可在未授权的情况实现远程命令执行