Updated by Github Bot

EXP-Tools · May 9, 2024 · 1008ddc · 1008ddc
1 parent 43fcf78
commit 1008ddc
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -152,3 +152,13 @@ acb1dd99034b22e19bbceb314bbd00db
 52fa672bbd3a7f22a0f78fd08f91a0ee
 ef976b03caaeb0cdf5fee42b6b02e889
 1e5dfcdbfb82e43fab4e5369d9a56145
+c3e2b6b243e34573d0b81c24d1e300fc
+b647ebcf3cc84cf575fbd0004a2eb179
+2b47291691b3018ef30f4a55f391a2fd
+3c5756d567557d61cef29d07c71f0ace
+38bb9387f4ad743a1aa9efe1da567c9e
+6df4f5aa29d70ed58dc25794dddfd731
+255e484330920e9c437b6c578d3ab3f5
+6ee3299057c4c3af4ef45ddcd2f5f654
+a4601f68d2ab5c36dab2e9387c9c269f
+8c53135663c216f47554532f107d4859
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-05-09 03:26:36 -->
+<!-- RELEASE TIME : 2024-05-09 07:23:38 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>c3e2b6b243e34573d0b81c24d1e300fc</td>
+       <td>CVE-2024-34257</td>
+       <td>2024-05-08 17:15:07 <img src="imgs/new.gif" /></td>
+       <td>TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34257">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b647ebcf3cc84cf575fbd0004a2eb179</td>
+       <td>CVE-2024-34244</td>
+       <td>2024-05-08 17:15:07 <img src="imgs/new.gif" /></td>
+       <td>libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34244">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2b47291691b3018ef30f4a55f391a2fd</td>
+       <td>CVE-2024-33382</td>
+       <td>2024-05-08 17:15:07 <img src="imgs/new.gif" /></td>
+       <td>An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33382">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3c5756d567557d61cef29d07c71f0ace</td>
+       <td>CVE-2024-25533</td>
+       <td>2024-05-08 17:15:07 <img src="imgs/new.gif" /></td>
+       <td>Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25533">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>38bb9387f4ad743a1aa9efe1da567c9e</td>
+       <td>CVE-2024-25532</td>
+       <td>2024-05-08 17:15:07 <img src="imgs/new.gif" /></td>
+       <td>RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25532">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6df4f5aa29d70ed58dc25794dddfd731</td>
+       <td>CVE-2024-25528</td>
+       <td>2024-05-08 17:15:07 <img src="imgs/new.gif" /></td>
+       <td>RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25528">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>255e484330920e9c437b6c578d3ab3f5</td>
+       <td>CVE-2024-31961</td>
+       <td>2024-05-08 16:15:08 <img src="imgs/new.gif" /></td>
+       <td>A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31961">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6ee3299057c4c3af4ef45ddcd2f5f654</td>
+       <td>CVE-2024-28971</td>
+       <td>2024-05-08 16:15:08 <img src="imgs/new.gif" /></td>
+       <td>Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28971">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a4601f68d2ab5c36dab2e9387c9c269f</td>
+       <td>CVE-2024-25531</td>
+       <td>2024-05-08 16:15:08 <img src="imgs/new.gif" /></td>
+       <td>RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25531">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8c53135663c216f47554532f107d4859</td>
+       <td>CVE-2024-25530</td>
+       <td>2024-05-08 16:15:08 <img src="imgs/new.gif" /></td>
+       <td>RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25530">详情</a></td>
+      </tr>
+
       <tr>
        <td>ee4d6349ce5e5820111c2f9faf97110a</td>
        <td>CVE-2024-4418</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-33548">详情</a></td>
       </tr>
 
-      <tr>
-       <td>a17cc9c6a507e5918bd1cbcd0f975cfd</td>
-       <td>CVE-2024-4519</td>
-       <td>2024-05-06 04:15:07</td>
-       <td>A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4519">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f55f8b1ade4f73e4ad136e03c255fdd9</td>
-       <td>CVE-2024-4518</td>
-       <td>2024-05-06 04:15:07</td>
-       <td>A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4518">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>cb7430efbbc16c0c4f1e71f7d2f2e910</td>
-       <td>CVE-2024-4517</td>
-       <td>2024-05-06 03:15:10</td>
-       <td>A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4517">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1702b5d377f89cd6202d232063f0a7f0</td>
-       <td>CVE-2024-4516</td>
-       <td>2024-05-06 03:15:10</td>
-       <td>A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4516">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ea01733ce09667fe17089c86319b132a</td>
-       <td>CVE-2024-34538</td>
-       <td>2024-05-06 03:15:10</td>
-       <td>Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34538">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d9695d1d87eda1178e0471a00551c451</td>
-       <td>CVE-2024-20064</td>
-       <td>2024-05-06 03:15:09</td>
-       <td>In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-20064">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>56059de2c13e85066a934b40bd15c8d0</td>
-       <td>CVE-2024-20060</td>
-       <td>2024-05-06 03:15:09</td>
-       <td>In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-20060">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b1b9a644388df6faac1056112348b5c3</td>
-       <td>CVE-2024-20059</td>
-       <td>2024-05-06 03:15:09</td>
-       <td>In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-20059">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ff40b24a628cf6c9dfba323cd6ad9113</td>
-       <td>CVE-2024-20058</td>
-       <td>2024-05-06 03:15:09</td>
-       <td>In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-20058">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>83f92f9a231d6605dcfb8ae470bc73f2</td>
-       <td>CVE-2024-20057</td>
-       <td>2024-05-06 03:15:09</td>
-       <td>In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-20057">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>