Updated by Github Bot

EXP-Tools · Sep 19, 2023 · 1c01ab0 · 1c01ab0
1 parent 44887ed
commit 1c01ab0
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -195,3 +195,13 @@ ae8e5e6a2b1158c355ae0b637eb57dbf
 880c45cb900ff32d101c49fb87536634
 19c9f48348443624c320525d30175aaa
 c239442185948f47094cac55e5ba21d6
+f114b1a453dd2679c443d6f1c99a376b
+3ea21828198aeef90f482065e2c6e27f
+45fcaa9a44a30fecab3e4f19f2b74338
+785364ebdf6d6701458acaeba37ad2c3
+27689c04c58a249bcb8e365a3512ea68
+97cb88a559d97524c4d6b88d1e56efcd
+81f2ed0446b79a4799e107a0863b51d0
+efa5965579beded63b89260cb295da91
+d75a3573520b8e80616692df319f654c
+7dcf01e57fdaefbc3b62d1506a8a094e
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2023-09-19 10:29:08 -->
+<!-- RELEASE TIME : 2023-09-19 11:19:34 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>f114b1a453dd2679c443d6f1c99a376b</td>
+       <td>CVE-2023-5054</td>
+       <td>2023-09-19 07:15:51 <img src="imgs/new.gif" /></td>
+       <td>The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5054">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3ea21828198aeef90f482065e2c6e27f</td>
+       <td>CVE-2023-26143</td>
+       <td>2023-09-19 05:17:10 <img src="imgs/new.gif" /></td>
+       <td>Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-26143">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>45fcaa9a44a30fecab3e4f19f2b74338</td>
+       <td>CVE-2023-42399</td>
+       <td>2023-09-19 04:15:55 <img src="imgs/new.gif" /></td>
+       <td>Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-42399">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>785364ebdf6d6701458acaeba37ad2c3</td>
+       <td>CVE-2023-5060</td>
+       <td>2023-09-19 03:15:08 <img src="imgs/new.gif" /></td>
+       <td>Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5060">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>27689c04c58a249bcb8e365a3512ea68</td>
+       <td>CVE-2023-41599</td>
+       <td>2023-09-19 02:15:58 <img src="imgs/new.gif" /></td>
+       <td>An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-41599">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>97cb88a559d97524c4d6b88d1e56efcd</td>
+       <td>CVE-2022-28357</td>
+       <td>2023-09-19 02:15:54 <img src="imgs/new.gif" /></td>
+       <td>NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-28357">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>81f2ed0446b79a4799e107a0863b51d0</td>
+       <td>CVE-2023-40788</td>
+       <td>2023-09-19 00:15:34 <img src="imgs/new.gif" /></td>
+       <td>SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40788">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>efa5965579beded63b89260cb295da91</td>
+       <td>CVE-2021-26837</td>
+       <td>2023-09-19 00:15:33 <img src="imgs/new.gif" /></td>
+       <td>SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2021-26837">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d75a3573520b8e80616692df319f654c</td>
+       <td>CVE-2023-42454</td>
+       <td>2023-09-18 22:15:47 <img src="imgs/new.gif" /></td>
+       <td>SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the `sqlpage/sqlpage.json` configuration file (not in an environment variable), with the web_root is the current working directory (the default), and with their database exposed publicly, is vulnerable to an attacker retrieving database connection information from SQLPage and using it to connect to their database directly. Version 0.11.0 fixes this issue. Some workarounds are available. Using an environment variable instead of the configuration file to specify the database connection string prevents exposing it on vulnerable versions. Using a different web root (that is not a parent of the SQLPage configuration directory) fixes the issue. One should also avoid exposing one's database publicly.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-42454">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>7dcf01e57fdaefbc3b62d1506a8a094e</td>
+       <td>CVE-2023-42446</td>
+       <td>2023-09-18 22:15:47 <img src="imgs/new.gif" /></td>
+       <td>Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-42446">详情</a></td>
+      </tr>
+
       <tr>
        <td>0ecfbc2303e306322b0fad8ce1484d38</td>
        <td>CVE-2023-5030</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-39612">详情</a></td>
       </tr>
 
-      <tr>
-       <td>475709114cd7424900b016d7ccafebe3</td>
-       <td>CVE-2023-41436</td>
-       <td>2023-09-16 00:15:08</td>
-       <td>Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-41436">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>0ba2eb5c5709f0cbc83e114a3e9f3829</td>
-       <td>CVE-2023-36160</td>
-       <td>2023-09-16 00:15:07</td>
-       <td>An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-36160">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>5fb01facb22518c63ed0f4a782c65bc7</td>
-       <td>CVE-2023-41626</td>
-       <td>2023-09-15 23:15:07</td>
-       <td>Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-41626">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>693a75ad7e0937b6fd3316ca7a2f0837</td>
-       <td>CVE-2023-42442</td>
-       <td>2023-09-15 21:15:11</td>
-       <td>JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-42442">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>033efa9540755044f84643692a8de9d2</td>
-       <td>CVE-2023-42439</td>
-       <td>2023-09-15 21:15:11</td>
-       <td>GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. As of time of publication, no patched version is available.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-42439">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ffd9276ac3e7a431711d6c07c61e558a</td>
-       <td>CVE-2023-41901</td>
-       <td>2023-09-15 21:15:11</td>
-       <td>** REJECT ** Further research determined the issue is not a vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-41901">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>db8d815b5dd3856e74cd13026bfb73a2</td>
-       <td>CVE-2023-41900</td>
-       <td>2023-09-15 21:15:11</td>
-       <td>Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-41900">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>47d6911da8558be7e725a45d9656ba2f</td>
-       <td>CVE-2023-41889</td>
-       <td>2023-09-15 21:15:11</td>
-       <td>SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-41889">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>bac32f4ac6bac57b54ec3d83bca33455</td>
-       <td>CVE-2023-41887</td>
-       <td>2023-09-15 21:15:11</td>
-       <td>OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-41887">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3a3511b2973fb1ff1c854ad331332f22</td>
-       <td>CVE-2023-41886</td>
-       <td>2023-09-15 21:15:11</td>
-       <td>OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-41886">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>