Updated by Github Bot

EXP-Tools · Mar 18, 2024 · 2bd9a19 · 2bd9a19
1 parent 5041b1e
commit 2bd9a19
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -125,3 +125,13 @@ abc98a4297728b2ac3bbbd18f543244d
 513fc7dceb33b1153ed0d166aee94e36
 61e84068cb80ef9b50a9ee902932b340
 9e122f8609364bfdcc51c47f6d4faa69
+de38eadf3f428a11f8dcb87a3f91b375
+05fa1c815f1bdc15126c4104a4719152
+b62c36b103b401ee5e516be331b8c765
+0e564e93560dd868f2941c891b0fc1d0
+8509d1c26cb8a6400bffbb07c2b563d1
+08a7bd9b21a0086546208d94e37a25f8
+c96d254e874bf118528f3fc1e51212de
+baa5d39b9995d2f0df7da75d3fcab711
+831ece73886792578f79b0d05b291316
+07448a35e1b99671d77204e6ee1ce710
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-03-18 07:21:46 -->
+<!-- RELEASE TIME : 2024-03-18 12:38:09 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>de38eadf3f428a11f8dcb87a3f91b375</td>
+       <td>CVE-2021-47157</td>
+       <td>2024-03-18 05:15:06 <img src="imgs/new.gif" /></td>
+       <td>The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2021-47157">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>05fa1c815f1bdc15126c4104a4719152</td>
+       <td>CVE-2021-47156</td>
+       <td>2024-03-18 05:15:06 <img src="imgs/new.gif" /></td>
+       <td>The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2021-47156">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b62c36b103b401ee5e516be331b8c765</td>
+       <td>CVE-2021-47155</td>
+       <td>2024-03-18 05:15:06 <img src="imgs/new.gif" /></td>
+       <td>The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2021-47155">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>0e564e93560dd868f2941c891b0fc1d0</td>
+       <td>CVE-2021-47154</td>
+       <td>2024-03-18 05:15:06 <img src="imgs/new.gif" /></td>
+       <td>The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2021-47154">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8509d1c26cb8a6400bffbb07c2b563d1</td>
+       <td>CVE-2018-25099</td>
+       <td>2024-03-18 05:15:06 <img src="imgs/new.gif" /></td>
+       <td>In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2018-25099">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>08a7bd9b21a0086546208d94e37a25f8</td>
+       <td>CVE-2024-28745</td>
+       <td>2024-03-18 04:15:09 <img src="imgs/new.gif" /></td>
+       <td>Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28745">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c96d254e874bf118528f3fc1e51212de</td>
+       <td>CVE-2024-27757</td>
+       <td>2024-03-18 04:15:09 <img src="imgs/new.gif" /></td>
+       <td>flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-27757">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>baa5d39b9995d2f0df7da75d3fcab711</td>
+       <td>CVE-2024-2581</td>
+       <td>2024-03-18 03:15:06 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2581">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>831ece73886792578f79b0d05b291316</td>
+       <td>CVE-2024-2577</td>
+       <td>2024-03-18 03:15:06 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2577">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>07448a35e1b99671d77204e6ee1ce710</td>
+       <td>CVE-2024-24539</td>
+       <td>2024-03-18 03:15:06 <img src="imgs/new.gif" /></td>
+       <td>FusionPBX before 5.2.0 does not validate a session.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24539">详情</a></td>
+      </tr>
+
       <tr>
        <td>2d1d1723004df46e0b0071a11330e1c5</td>
        <td>CVE-2024-2567</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2554">详情</a></td>
       </tr>
 
-      <tr>
-       <td>16df5f9f826d1561c298d28e8b8e475b</td>
-       <td>CVE-2024-2553</td>
-       <td>2024-03-17 04:15:07 <img src="imgs/new.gif" /></td>
-       <td>A vulnerability, which was classified as problematic, was found in SourceCodester Product Review Rating System 1.0. Affected is an unknown function of the component Rate Product Handler. The manipulation of the argument Your Name/Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257052.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2553">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>04dd0539cbe382e6bfc72ee4169cf6a0</td>
-       <td>CVE-2024-2547</td>
-       <td>2024-03-17 04:15:06 <img src="imgs/new.gif" /></td>
-       <td>A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2547">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6c8e5c9b47b16ab22e0b29ce046f8b47</td>
-       <td>CVE-2024-2546</td>
-       <td>2024-03-17 02:15:06 <img src="imgs/new.gif" /></td>
-       <td>A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2546">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f54a33b5e376ae115770563bce2e3c07</td>
-       <td>CVE-2024-2535</td>
-       <td>2024-03-17 01:15:50 <img src="imgs/new.gif" /></td>
-       <td>A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256972. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2535">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>45e1e08e117e8a3e4c8a92d89af42959</td>
-       <td>CVE-2024-2534</td>
-       <td>2024-03-17 00:15:06 <img src="imgs/new.gif" /></td>
-       <td>A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256971. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2534">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b64dfab990110a7dd65f0122daa01e76</td>
-       <td>CVE-2024-2515</td>
-       <td>2024-03-16 09:15:07</td>
-       <td>A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file home.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2515">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>47d74f12d197aaf09a549ae5bc6854ce</td>
-       <td>CVE-2024-1857</td>
-       <td>2024-03-16 09:15:06</td>
-       <td>The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1857">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>083e3294d4f9a77388475e7a18b5e63b</td>
-       <td>CVE-2024-22513</td>
-       <td>2024-03-16 07:15:06</td>
-       <td>djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22513">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>148e46dd2fb9fd59414a9dd721087f1e</td>
-       <td>CVE-2024-28640</td>
-       <td>2024-03-16 06:15:14</td>
-       <td>Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28640">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9de485c3b7bffb67d7bbf6a419a9e69a</td>
-       <td>CVE-2024-28639</td>
-       <td>2024-03-16 06:15:14</td>
-       <td>Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28639">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>