Updated by Github Bot

EXP-Tools · Oct 25, 2023 · 1fdc342 · 1fdc342
1 parent f0f2082
commit 1fdc342
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 41 deletions.
diff --git a/cache/NVD.dat b/cache/NVD.dat
@@ -193,3 +193,13 @@ fe5bf87ad64ea55642c4d0e4638e7d70
 128b17765083a4832013f2039b8b0be9
 8bc481861646a25a6e84624862c1807e
 a160970831fc3fae1bdc2afb91c8e24e
+24350df5d247e1559d0898180614d6ed
+13648c4b7e9351e2693d2a72e320f604
+df63e2f66f180dd927c40e3fb9fe410d
+a3321ac3cd6145f8ca72c2e4197af26f
+d023e5ae79f9bc2c39fdf5ebc47bec59
+b93c4a7e10a6469a8df32bfaa481ab99
+a2194003cded30f3648ab520bedbbf43
+bda915458500b3a0d864dbbbee4650d9
+288259ee8428cad41d8fd37addb25f97
+25ee175739f8f9e16e714ed8d7bd7178
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2023-10-25 18:27:08 -->
+<!-- RELEASE TIME : 2023-10-25 20:23:28 -->
 <html lang="zh-cn">
 
  <head>
@@ -2227,6 +2227,46 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>d023e5ae79f9bc2c39fdf5ebc47bec59</td>
+       <td>CVE-2023-45280</td>
+       <td>2023-10-19 22:15:09 </td>
+       <td>Yamcs 5.8.6 allows XSS (issue 2 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrary JavaScript.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45280">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b93c4a7e10a6469a8df32bfaa481ab99</td>
+       <td>CVE-2023-45279</td>
+       <td>2023-10-19 22:15:09 </td>
+       <td>Yamcs 5.8.6 allows XSS (issue 1 of 2). It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload a display referencing a malicious JavaScript file to the bucket. The user can then open the uploaded display by selecting Telemetry from the menu and navigating to the display.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45279">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a3321ac3cd6145f8ca72c2e4197af26f</td>
+       <td>CVE-2023-45281</td>
+       <td>2023-10-19 17:15:10 </td>
+       <td>An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45281">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a2194003cded30f3648ab520bedbbf43</td>
+       <td>CVE-2023-45278</td>
+       <td>2023-10-19 17:15:10 </td>
+       <td>Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45278">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>bda915458500b3a0d864dbbbee4650d9</td>
+       <td>CVE-2023-45277</td>
+       <td>2023-10-19 17:15:10 </td>
+       <td>Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). The vulnerability is in the storage functionality of the API and allows one to escape the base directory of the buckets, freely navigate system directories, and read arbitrary files.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45277">详情</a></td>
+      </tr>
+
       <tr>
        <td>128b17765083a4832013f2039b8b0be9</td>
        <td>CVE-2023-5639</td>
@@ -2427,46 +2467,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44694">详情</a></td>
       </tr>
 
-      <tr>
-       <td>1a31e5786000fecf692bc59af26d7334</td>
-       <td>CVE-2023-44693</td>
-       <td>2023-10-17 06:15:09 </td>
-       <td>D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44693">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>245b6bb6149fd6f189705fa4925b4366</td>
-       <td>CVE-2023-4215</td>
-       <td>2023-10-17 00:15:11 </td>
-       <td>Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4215">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a47e710aafb3e2e6eabc8eb6611795bd</td>
-       <td>CVE-2023-38719</td>
-       <td>2023-10-17 00:15:10 </td>
-       <td>IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF.  IBM X-Force ID:  261607.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38719">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>eb7a4b89c1dbe4f1aeada05de4994d55</td>
-       <td>CVE-2023-43814</td>
-       <td>2023-10-16 22:15:12 </td>
-       <td>Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43814">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>faa83f924c91af9193ff34670b58e40e</td>
-       <td>CVE-2023-38740</td>
-       <td>2023-10-16 22:15:12 </td>
-       <td>IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement.  IBM X-Force ID:  262613.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38740">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>