diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index a2997577982..8639d26b0c9 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -152,3 +152,13 @@ acb1dd99034b22e19bbceb314bbd00db 52fa672bbd3a7f22a0f78fd08f91a0ee ef976b03caaeb0cdf5fee42b6b02e889 1e5dfcdbfb82e43fab4e5369d9a56145 +c3e2b6b243e34573d0b81c24d1e300fc +b647ebcf3cc84cf575fbd0004a2eb179 +2b47291691b3018ef30f4a55f391a2fd +3c5756d567557d61cef29d07c71f0ace +38bb9387f4ad743a1aa9efe1da567c9e +6df4f5aa29d70ed58dc25794dddfd731 +255e484330920e9c437b6c578d3ab3f5 +6ee3299057c4c3af4ef45ddcd2f5f654 +a4601f68d2ab5c36dab2e9387c9c269f +8c53135663c216f47554532f107d4859 diff --git a/data/cves.db b/data/cves.db index b690d949534..34892a33b43 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index f01bd33a0c8..e6c2b495526 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + c3e2b6b243e34573d0b81c24d1e300fc + CVE-2024-34257 + 2024-05-08 17:15:07 + TOTOLINK EX1800T V9.1.0cu.2112_B20220316 has a vulnerability in the apcliEncrypType parameter that allows unauthorized execution of arbitrary commands, allowing an attacker to obtain device administrator privileges. + 详情 + + + + b647ebcf3cc84cf575fbd0004a2eb179 + CVE-2024-34244 + 2024-05-08 17:15:07 + libmodbus v3.1.10 is vulnerable to Buffer Overflow via the modbus_write_bits function. This issue can be triggered when the function is fed with specially crafted input, which leads to out-of-bounds read and can potentially cause a crash or other unintended behaviors. + 详情 + + + + 2b47291691b3018ef30f4a55f391a2fd + CVE-2024-33382 + 2024-05-08 17:15:07 + An issue in Open5GS v.2.7.0 allows an attacker to cause a denial of service via the 64 unsuccessful UE/gnb registration + 详情 + + + + 3c5756d567557d61cef29d07c71f0ace + CVE-2024-25533 + 2024-05-08 17:15:07 + Error messages in RuvarOA v6.01 and v12.01 were discovered to leak the physical path of the website (/WorkFlow/OfficeFileUpdate.aspx). This vulnerability can allow attackers to write files to the server or execute arbitrary commands via crafted SQL statements. + 详情 + + + + 38bb9387f4ad743a1aa9efe1da567c9e + CVE-2024-25532 + 2024-05-08 17:15:07 + RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the bt_id parameter at /include/get_dict.aspx. + 详情 + + + + 6df4f5aa29d70ed58dc25794dddfd731 + CVE-2024-25528 + 2024-05-08 17:15:07 + RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the id parameter at /PersonalAffair/worklog_template_show.aspx. + 详情 + + + + 255e484330920e9c437b6c578d3ab3f5 + CVE-2024-31961 + 2024-05-08 16:15:08 + A SQL injection vulnerability in unit.php in Sonic Shopfloor.guide before 3.1.3 allows remote attackers to execute arbitrary SQL commands via the level2 parameter. + 详情 + + + + 6ee3299057c4c3af4ef45ddcd2f5f654 + CVE-2024-28971 + 2024-05-08 16:15:08 + Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. + 详情 + + + + a4601f68d2ab5c36dab2e9387c9c269f + CVE-2024-25531 + 2024-05-08 16:15:08 + RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/SearchCondiction.aspx. + 详情 + + + + 8c53135663c216f47554532f107d4859 + CVE-2024-25530 + 2024-05-08 16:15:08 + RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the PageID parameter at /WebUtility/get_find_condiction.aspx. + 详情 + + ee4d6349ce5e5820111c2f9faf97110a CVE-2024-4418 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - a17cc9c6a507e5918bd1cbcd0f975cfd - CVE-2024-4519 - 2024-05-06 04:15:07 - A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123. - 详情 - - - - f55f8b1ade4f73e4ad136e03c255fdd9 - CVE-2024-4518 - 2024-05-06 04:15:07 - A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability. - 详情 - - - - cb7430efbbc16c0c4f1e71f7d2f2e910 - CVE-2024-4517 - 2024-05-06 03:15:10 - A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability. - 详情 - - - - 1702b5d377f89cd6202d232063f0a7f0 - CVE-2024-4516 - 2024-05-06 03:15:10 - A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120. - 详情 - - - - ea01733ce09667fe17089c86319b132a - CVE-2024-34538 - 2024-05-06 03:15:10 - Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. - 详情 - - - - d9695d1d87eda1178e0471a00551c451 - CVE-2024-20064 - 2024-05-06 03:15:09 - In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229. - 详情 - - - - 56059de2c13e85066a934b40bd15c8d0 - CVE-2024-20060 - 2024-05-06 03:15:09 - In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754. - 详情 - - - - b1b9a644388df6faac1056112348b5c3 - CVE-2024-20059 - 2024-05-06 03:15:09 - In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749. - 详情 - - - - ff40b24a628cf6c9dfba323cd6ad9113 - CVE-2024-20058 - 2024-05-06 03:15:09 - In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204. - 详情 - - - - 83f92f9a231d6605dcfb8ae470bc73f2 - CVE-2024-20057 - 2024-05-06 03:15:09 - In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881. - 详情 - -