diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 230e50f407c..6acf6128246 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -125,3 +125,13 @@ abc98a4297728b2ac3bbbd18f543244d 513fc7dceb33b1153ed0d166aee94e36 61e84068cb80ef9b50a9ee902932b340 9e122f8609364bfdcc51c47f6d4faa69 +de38eadf3f428a11f8dcb87a3f91b375 +05fa1c815f1bdc15126c4104a4719152 +b62c36b103b401ee5e516be331b8c765 +0e564e93560dd868f2941c891b0fc1d0 +8509d1c26cb8a6400bffbb07c2b563d1 +08a7bd9b21a0086546208d94e37a25f8 +c96d254e874bf118528f3fc1e51212de +baa5d39b9995d2f0df7da75d3fcab711 +831ece73886792578f79b0d05b291316 +07448a35e1b99671d77204e6ee1ce710 diff --git a/data/cves.db b/data/cves.db index 3aae2ec550c..bfda9a3971d 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 8e3ffe6b218..bd3d25b7930 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + de38eadf3f428a11f8dcb87a3f91b375 + CVE-2021-47157 + 2024-03-18 05:15:06 + The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling. + 详情 + + + + 05fa1c815f1bdc15126c4104a4719152 + CVE-2021-47156 + 2024-03-18 05:15:06 + The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. + 详情 + + + + b62c36b103b401ee5e516be331b8c765 + CVE-2021-47155 + 2024-03-18 05:15:06 + The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. + 详情 + + + + 0e564e93560dd868f2941c891b0fc1d0 + CVE-2021-47154 + 2024-03-18 05:15:06 + The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. + 详情 + + + + 8509d1c26cb8a6400bffbb07c2b563d1 + CVE-2018-25099 + 2024-03-18 05:15:06 + In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag. + 详情 + + + + 08a7bd9b21a0086546208d94e37a25f8 + CVE-2024-28745 + 2024-03-18 04:15:09 + Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack. + 详情 + + + + c96d254e874bf118528f3fc1e51212de + CVE-2024-27757 + 2024-03-18 04:15:09 + flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024." + 详情 + + + + baa5d39b9995d2f0df7da75d3fcab711 + CVE-2024-2581 + 2024-03-18 03:15:06 + A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability. + 详情 + + + + 831ece73886792578f79b0d05b291316 + CVE-2024-2577 + 2024-03-18 03:15:06 + A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080. + 详情 + + + + 07448a35e1b99671d77204e6ee1ce710 + CVE-2024-24539 + 2024-03-18 03:15:06 + FusionPBX before 5.2.0 does not validate a session. + 详情 + + 2d1d1723004df46e0b0071a11330e1c5 CVE-2024-2567 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 16df5f9f826d1561c298d28e8b8e475b - CVE-2024-2553 - 2024-03-17 04:15:07 - A vulnerability, which was classified as problematic, was found in SourceCodester Product Review Rating System 1.0. Affected is an unknown function of the component Rate Product Handler. The manipulation of the argument Your Name/Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257052. - 详情 - - - - 04dd0539cbe382e6bfc72ee4169cf6a0 - CVE-2024-2547 - 2024-03-17 04:15:06 - A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. - 详情 - - - - 6c8e5c9b47b16ab22e0b29ce046f8b47 - CVE-2024-2546 - 2024-03-17 02:15:06 - A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. - 详情 - - - - f54a33b5e376ae115770563bce2e3c07 - CVE-2024-2535 - 2024-03-17 01:15:50 - A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256972. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. - 详情 - - - - 45e1e08e117e8a3e4c8a92d89af42959 - CVE-2024-2534 - 2024-03-17 00:15:06 - A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256971. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. - 详情 - - - - b64dfab990110a7dd65f0122daa01e76 - CVE-2024-2515 - 2024-03-16 09:15:07 - A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file home.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. - 详情 - - - - 47d74f12d197aaf09a549ae5bc6854ce - CVE-2024-1857 - 2024-03-16 09:15:06 - The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data. - 详情 - - - - 083e3294d4f9a77388475e7a18b5e63b - CVE-2024-22513 - 2024-03-16 07:15:06 - djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method. - 详情 - - - - 148e46dd2fb9fd59414a9dd721087f1e - CVE-2024-28640 - 2024-03-16 06:15:14 - Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. - 详情 - - - - 9de485c3b7bffb67d7bbf6a419a9e69a - CVE-2024-28639 - 2024-03-16 06:15:14 - Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. - 详情 - -