Updated by Github Bot

EXP-Tools · Oct 5, 2023 · 0252281 · 0252281
1 parent 1666ac9
commit 0252281
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -170,3 +170,13 @@ b012832d3a8ddf9f201c46891c36ff94
 3b649ea03a2f19d1c0ac1f6cd5828a63
 4b712849f4a1cc56a416ba5472b2bf81
 7c7e32d4464b3460b4820ff5d6f8be0d
+9ca9792c98ad62b48e370e1aa295fd84
+056c7939087fa0e798c751f815aaebf3
+091d6c9c5355d16a872090e66b6b97b7
+374675ce8158bc5ada9237aec0349eda
+7cb0bbcdd298dc22c46f1286fc7c0be0
+82660d0802d08a35a43d7dabcc2cc71d
+f24724b4245f3d104822ccfa2b90371a
+509b57e46b7c62e43ad7ee227d766a3b
+ed2f1a8dc05feefc501efd1efda89a0f
+ce7d6fda602857944038dd36ecb93ff4
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2023-10-05 20:23:55 -->
+<!-- RELEASE TIME : 2023-10-05 23:23:15 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>9ca9792c98ad62b48e370e1aa295fd84</td>
+       <td>CVE-2023-44390</td>
+       <td>2023-10-05 14:15:00 <img src="imgs/new.gif" /></td>
+       <td>HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version).</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-44390">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>056c7939087fa0e798c751f815aaebf3</td>
+       <td>CVE-2022-3248</td>
+       <td>2023-10-05 14:15:00 <img src="imgs/new.gif" /></td>
+       <td>A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-3248">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>091d6c9c5355d16a872090e66b6b97b7</td>
+       <td>CVE-2022-4145</td>
+       <td>2023-10-05 13:15:00 <img src="imgs/new.gif" /></td>
+       <td>A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-4145">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>374675ce8158bc5ada9237aec0349eda</td>
+       <td>CVE-2023-45159</td>
+       <td>2023-10-05 11:15:00 <img src="imgs/new.gif" /></td>
+       <td>1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-45159">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>7cb0bbcdd298dc22c46f1286fc7c0be0</td>
+       <td>CVE-2023-45198</td>
+       <td>2023-10-05 05:15:00 <img src="imgs/new.gif" /></td>
+       <td>ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-45198">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>82660d0802d08a35a43d7dabcc2cc71d</td>
+       <td>CVE-2023-26239</td>
+       <td>2023-10-05 01:15:00 <img src="imgs/new.gif" /></td>
+       <td>An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-26239">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f24724b4245f3d104822ccfa2b90371a</td>
+       <td>CVE-2023-26238</td>
+       <td>2023-10-05 01:15:00 <img src="imgs/new.gif" /></td>
+       <td>An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-26238">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>509b57e46b7c62e43ad7ee227d766a3b</td>
+       <td>CVE-2023-26237</td>
+       <td>2023-10-05 01:15:00 <img src="imgs/new.gif" /></td>
+       <td>An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-26237">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ed2f1a8dc05feefc501efd1efda89a0f</td>
+       <td>CVE-2023-26236</td>
+       <td>2023-10-05 01:15:00 <img src="imgs/new.gif" /></td>
+       <td>An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-26236">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ce7d6fda602857944038dd36ecb93ff4</td>
+       <td>CVE-2023-43877</td>
+       <td>2023-10-04 22:15:00 <img src="imgs/new.gif" /></td>
+       <td>Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43877">详情</a></td>
+      </tr>
+
       <tr>
        <td>b7fd6fc4c3e8c4948273869e8c66879a</td>
        <td>CVE-2023-5113</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-2422">详情</a></td>
       </tr>
 
-      <tr>
-       <td>19a929c75a0db3e1a29b8750fa57da29</td>
-       <td>CVE-2023-5353</td>
-       <td>2023-10-03 13:15:00</td>
-       <td>Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5353">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>98f045a937e47181833d620a0bf4ec61</td>
-       <td>CVE-2023-42508</td>
-       <td>2023-10-03 13:15:00</td>
-       <td>JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-42508">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8e4abd0c256dcc9896522487d1fe0779</td>
-       <td>CVE-2023-40212</td>
-       <td>2023-10-03 13:15:00</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40212">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1afb65f4a79925badf70ea949aef5826</td>
-       <td>CVE-2023-40202</td>
-       <td>2023-10-03 13:15:00</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40202">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c5ee033c4d2ccde6a7293762319a6216</td>
-       <td>CVE-2023-40201</td>
-       <td>2023-10-03 13:15:00</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40201">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b45d3d35ab2ceec33e8c47169c4dcfaf</td>
-       <td>CVE-2023-40199</td>
-       <td>2023-10-03 13:15:00</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40199">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>26411efdf4a2f8673ed2b7a40f46fdc1</td>
-       <td>CVE-2023-40198</td>
-       <td>2023-10-03 13:15:00</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40198">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>85ea4a6dac065a8406318f651f2ec7c3</td>
-       <td>CVE-2023-40009</td>
-       <td>2023-10-03 13:15:00</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40009">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e448fd600273fe5d8dc41eba93c8b221</td>
-       <td>CVE-2023-39159</td>
-       <td>2023-10-03 13:15:00</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-39159">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ae464d63e124637be25be685cc4c2673</td>
-       <td>CVE-2023-32792</td>
-       <td>2023-10-03 13:15:00</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-32792">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>