Updated by Github Bot

EXP-Tools · Apr 27, 2024 · 3508ed8 · 3508ed8
1 parent cc7a0c8
commit 3508ed8
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -130,3 +130,13 @@ b85204ab61164bbbea71be1be077589c
 e1b455f9593bd816c307679a43d85fcd
 6f88cdb25822c2c2fff7af07253fd82a
 6d309a8480978e80d45aa41aea1e6da9
+e1bb42e08783e8349c9b901a4a8d5547
+2df35630aef744ff595cf8f6b6081e11
+3971e3e034b68833e02e1eb2390f33c6
+c37d2f2b00567a070d842367ddd413eb
+511e69a55f9b3db722c048d02808c416
+584dfff03389ba2a3fdd8cce35a833a2
+0320bfd886c68ff724da6d3106700d0e
+8e0680838acd7b7a0d5c1637057c0d8f
+d490b80eeece4c355200325bc0b2b3b1
+fdad9fb02646a816f9cbdfdc53b0ebc7
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-04-27 03:27:03 -->
+<!-- RELEASE TIME : 2024-04-27 05:26:07 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>e1bb42e08783e8349c9b901a4a8d5547</td>
+       <td>CVE-2024-2838</td>
+       <td>2024-04-27 04:15:09 <img src="imgs/new.gif" /></td>
+       <td>The WPC Composite Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wooco_components[0][name]' parameter in all versions up to, and including, 7.2.7 due to insufficient input sanitization and output escaping and missing authorization on the ajax_save_components function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2838">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2df35630aef744ff595cf8f6b6081e11</td>
+       <td>CVE-2024-2258</td>
+       <td>2024-04-27 04:15:08 <img src="imgs/new.gif" /></td>
+       <td>The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's display name autofilled into forms in all versions up to, and including, 1.15.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2258">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3971e3e034b68833e02e1eb2390f33c6</td>
+       <td>CVE-2024-2859</td>
+       <td>2024-04-27 00:15:07 <img src="imgs/new.gif" /></td>
+       <td>By default, SANnav OVA is shipped with root user login enabled. While protected by a password, access to root could expose SANnav to a remote attacker should they gain access to the root account.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2859">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c37d2f2b00567a070d842367ddd413eb</td>
+       <td>CVE-2024-4244</td>
+       <td>2024-04-26 22:15:08 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as critical was found in Tenda W9 1.0.0.7(4456). Affected by this vulnerability is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4244">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>511e69a55f9b3db722c048d02808c416</td>
+       <td>CVE-2024-4243</td>
+       <td>2024-04-26 22:15:08 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as critical has been found in Tenda W9 1.0.0.7(4456). Affected is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-262134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4243">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>584dfff03389ba2a3fdd8cce35a833a2</td>
+       <td>CVE-2024-31828</td>
+       <td>2024-04-26 22:15:08 <img src="imgs/new.gif" /></td>
+       <td>Cross Site Scripting vulnerability in Lavalite CMS v.10.1.0 allows attackers to execute arbitrary code and obtain sensitive information via a crafted payload to the URL.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31828">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>0320bfd886c68ff724da6d3106700d0e</td>
+       <td>CVE-2024-31741</td>
+       <td>2024-04-26 22:15:08 <img src="imgs/new.gif" /></td>
+       <td>Cross Site Scripting vulnerability in MiniCMS v.1.11 allows a remote attacker to run arbitrary code via crafted string in the URL after login.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31741">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8e0680838acd7b7a0d5c1637057c0d8f</td>
+       <td>CVE-2024-31551</td>
+       <td>2024-04-26 22:15:08 <img src="imgs/new.gif" /></td>
+       <td>Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31551">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d490b80eeece4c355200325bc0b2b3b1</td>
+       <td>CVE-2024-30804</td>
+       <td>2024-04-26 22:15:08 <img src="imgs/new.gif" /></td>
+       <td>An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30804">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fdad9fb02646a816f9cbdfdc53b0ebc7</td>
+       <td>CVE-2024-3052</td>
+       <td>2024-04-26 22:15:08 <img src="imgs/new.gif" /></td>
+       <td>Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3052">详情</a></td>
+      </tr>
+
       <tr>
        <td>9e95c83848c0c8eaab3691d3162c11e5</td>
        <td>CVE-2024-33664</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4141">详情</a></td>
       </tr>
 
-      <tr>
-       <td>c4f42f50cb20a189a9d3a6d63affc7f7</td>
-       <td>CVE-2024-4093</td>
-       <td>2024-04-24 01:15:49</td>
-       <td>A vulnerability, which was classified as critical, was found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file view_application.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261822 is the identifier assigned to this vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4093">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f049ed359656e4e3680f60c27e0342fb</td>
-       <td>CVE-2024-4075</td>
-       <td>2024-04-23 23:15:49</td>
-       <td>A vulnerability classified as problematic has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file login.php. The manipulation of the argument txtAddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261801 was assigned to this vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4075">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f2a74e88fe079dfd3da34375264be37e</td>
-       <td>CVE-2024-4074</td>
-       <td>2024-04-23 23:15:49</td>
-       <td>A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file prodInfo.php. The manipulation of the argument prodId leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261800.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4074">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>679081a1f4a307a7db3fb96bf23967c7</td>
-       <td>CVE-2024-4073</td>
-       <td>2024-04-23 23:15:49</td>
-       <td>A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file prodList.php. The manipulation of the argument prodType leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261799.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4073">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>5e269ee38b0fe8b082603254602fe56d</td>
-       <td>CVE-2024-4072</td>
-       <td>2024-04-23 23:15:49</td>
-       <td>A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. It has been classified as problematic. Affected is an unknown function of the file search.php. The manipulation of the argument txtSearch leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-261798 is the identifier assigned to this vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4072">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>46f5b5da2a7a3953efe6aa21c1586969</td>
-       <td>CVE-2024-4071</td>
-       <td>2024-04-23 22:15:07</td>
-       <td>A vulnerability was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This issue affects some unknown processing of the file prodInfo.php. The manipulation of the argument prodId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-261797 was assigned to this vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4071">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>dd085a1fb8a511c140a3a06e95554a4a</td>
-       <td>CVE-2024-4070</td>
-       <td>2024-04-23 22:15:07</td>
-       <td>A vulnerability has been found in Kashipara Online Furniture Shopping Ecommerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file prodList.php. The manipulation of the argument prodType leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-261796.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4070">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>272bff879aaa3496118eec16a1589f82</td>
-       <td>CVE-2024-4069</td>
-       <td>2024-04-23 22:15:07</td>
-       <td>A vulnerability, which was classified as critical, was found in Kashipara Online Furniture Shopping Ecommerce Website 1.0. This affects an unknown part of the file search.php. The manipulation of the argument txtSearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261795.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4069">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b4276f8e76a4b5f796add6232ecad276</td>
-       <td>CVE-2024-31616</td>
-       <td>2024-04-23 22:15:07</td>
-       <td>An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the common_quick_config.lua file.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31616">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>0412f7e086f1a77f801f7543c17d0e67</td>
-       <td>CVE-2024-30886</td>
-       <td>2024-04-23 22:15:07</td>
-       <td>A stored cross-site scripting (XSS) vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30886">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>