diff --git a/cache/NVD.dat b/cache/NVD.dat index d2a80cbee4f..2d52249e2de 100644 --- a/cache/NVD.dat +++ b/cache/NVD.dat @@ -172,3 +172,13 @@ f81410852cf82a139403ba1fc63cf243 6129a269aceb76d38f840431b1d9a20a 0f239882ed6dbae6e0529e01dec8c648 0486cbb05c34f3a4fd8fce5e5401d44d +a66088352c52a7edcfa7a8332841740f +d8dae8102674ea962818f8d36572be58 +965244ebe85adfde78781d463b69419d +81b935f928b2b997b6fc9cc58f2db370 +fc4f7dfa657e3f5bf049777fc61cb976 +401c41411354b1b74ceb3821a722ef06 +641189385f33bb1b91751ea0043b6275 +122e8a08fbae0b948c74ba348ea9b038 +1d8d4e2f26089891b78362dd762a8558 +d3d952f6dc8655117121015f600086a5 diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 24dbd4ec740..9dfe0ad8a5f 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -190,3 +190,13 @@ b7cd828c20f2ec48441517a5d9cb9539 7126c63f2dfe3b0a76d3e6d332caccaf 33d427c1dd782d342c194fc5cf16636d 8196d85b4375094ccc4503f1b70c83e1 +b420af749341f0985c0391242f2a7eee +0359e809ed760bf1cfd6e2e873743fb9 +d212ffc62a6f1938e7ffc645aa73dba8 +5d4f2ee95f09a75eda98ea36d49f182d +2c37d65c6b60767f73f3c47c62d1f07f +ada2ce153991a9d03f0562fd7049ff32 +95be21550cfa0a19a596719816369000 +9321f8c5f9a9ddfda5fb6b9adfe7027f +77ed8050318a06c4b5f767d2cb9f0882 +98b89c0aeaeb24b9e9e7f5575c163282 diff --git a/data/cves.db b/data/cves.db index 0b664583759..3304cf87815 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index d94add17b29..a51f40015db 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -363,10 +363,90 @@

眈眈探求 | 详情 + + b420af749341f0985c0391242f2a7eee + CVE-2015-10125 + 2023-10-05 23:15:00 + A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability. + 详情 + + + + 0359e809ed760bf1cfd6e2e873743fb9 + CVE-2023-45243 + 2023-10-05 22:15:00 + Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. + 详情 + + + + d212ffc62a6f1938e7ffc645aa73dba8 + CVE-2023-45242 + 2023-10-05 22:15:00 + Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. + 详情 + + + + 5d4f2ee95f09a75eda98ea36d49f182d + CVE-2023-45241 + 2023-10-05 22:15:00 + Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. + 详情 + + + + 2c37d65c6b60767f73f3c47c62d1f07f + CVE-2023-45240 + 2023-10-05 22:15:00 + Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. + 详情 + + + + ada2ce153991a9d03f0562fd7049ff32 + CVE-2023-44214 + 2023-10-05 22:15:00 + Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. + 详情 + + + + 95be21550cfa0a19a596719816369000 + CVE-2023-44213 + 2023-10-05 22:15:00 + Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 35739. + 详情 + + + + 9321f8c5f9a9ddfda5fb6b9adfe7027f + CVE-2023-44212 + 2023-10-05 22:15:00 + Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477. + 详情 + + + + 77ed8050318a06c4b5f767d2cb9f0882 + CVE-2023-44211 + 2023-10-05 22:15:00 + Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31637. + 详情 + + + + 98b89c0aeaeb24b9e9e7f5575c163282 + CVE-2023-43343 + 2023-10-05 22:15:00 + Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component. + 详情 + + 9ca9792c98ad62b48e370e1aa295fd84 CVE-2023-44390 - 2023-10-05 14:15:00 + 2023-10-05 14:15:00 HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version). 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2023-10-05 14:15:00 A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. 详情 @@ -382,7 +462,7 @@

眈眈探求 | + 2023-10-05 13:15:00 A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. 详情 @@ -390,7 +470,7 @@

眈眈探求 | + 2023-10-05 11:15:00 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID. 详情 @@ -398,7 +478,7 @@

眈眈探求 | + 2023-10-05 05:15:00 ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable. 详情 @@ -406,7 +486,7 @@

眈眈探求 | + 2023-10-05 01:15:00 An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user. 详情 @@ -414,7 +494,7 @@

眈眈探求 | + 2023-10-05 01:15:00 An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe. 详情 @@ -422,7 +502,7 @@

眈眈探求 | + 2023-10-05 01:15:00 An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM. 详情 @@ -430,7 +510,7 @@

眈眈探求 | + 2023-10-05 01:15:00 An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. 详情 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - b7fd6fc4c3e8c4948273869e8c66879a - CVE-2023-5113 - 2023-10-04 15:15:00 - Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. - 详情 - - - - 5e7f36df37204fe37d07f6b5ada9e266 - CVE-2023-4380 - 2023-10-04 15:15:00 - A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability. - 详情 - - - - 6fab12144981d37256ca2c221445242d - CVE-2023-4237 - 2023-10-04 15:15:00 - A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. - 详情 - - - - 2f5f19fb8937462d8e15e0fbd9ffdad6 - CVE-2023-40559 - 2023-10-04 15:15:00 - Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions. - 详情 - - - - 7f08bbd3f0fe27840639e9fc057e1340 - CVE-2023-3971 - 2023-10-04 15:15:00 - An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise. - 详情 - - - - 72d552c7c785386775e75ec09fdcb0f3 - CVE-2023-3665 - 2023-10-04 15:15:00 - A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. - 详情 - - - - 77b1d4a5ec2a1bd182ea1262212b1379 - CVE-2023-5374 - 2023-10-04 14:15:00 - A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241255. - 详情 - - - - d406ddaaaac5ed03e6306153aa849528 - CVE-2023-4567 - 2023-10-04 14:15:00 - ** REJECT ** Issue has been found to be non-reproducible, therefore not a viable flaw. - 详情 - - - - 1c6fb3ce0e4b5c62ee1e7d8e47331e77 - CVE-2023-40684 - 2023-10-04 14:15:00 - IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019. - 详情 - - - - 22b9dc196821fc9c0e322316be8e10d1 - CVE-2023-40561 - 2023-10-04 14:15:00 - Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions. - 详情 - - @@ -1766,7 +1766,7 @@

眈眈探求 | + 2023-10-05 20:09:02 SMARTY SMARTY Vulnerability 详情 @@ -1774,7 +1774,7 @@

眈眈探求 | + 2023-10-05 20:09:02 PHPMYFAQ PHPMYFAQ Vulnerability 详情 @@ -1782,7 +1782,7 @@

眈眈探求 | + 2023-10-05 20:09:02 PHPMYFAQ PHPMYFAQ Vulnerability 详情 @@ -1790,7 +1790,7 @@

眈眈探求 | + 2023-10-05 20:08:50 DOLIBARR DOLIBARR_ERP\/CRM Vulnerability 详情 @@ -1798,7 +1798,7 @@

眈眈探求 | + 2023-10-05 20:08:50 PHPMYFAQ PHPMYFAQ Vulnerability 详情 @@ -1806,7 +1806,7 @@

眈眈探求 | + 2023-10-05 20:08:50 GOOGLE ANDROID Vulnerability 详情 @@ -1814,7 +1814,7 @@

眈眈探求 | + 2023-10-05 20:08:50 PHPMYFAQ PHPMYFAQ Vulnerability 详情 @@ -1822,7 +1822,7 @@

眈眈探求 | + 2023-10-05 20:08:49 MICROWEBER MICROWEBER Vulnerability 详情 @@ -1830,7 +1830,7 @@

眈眈探求 | + 2023-10-05 20:08:49 PHPMYFAQ PHPMYFAQ Vulnerability 详情 @@ -1838,7 +1838,7 @@

眈眈探求 | + 2023-10-05 20:08:49 HASHICORP VAULT Vulnerability 详情 @@ -2243,6 +2243,46 @@

眈眈探求 | 详情 + + 401c41411354b1b74ceb3821a722ef06 + CVE-2023-4497 + 2023-10-04 13:15:26 + Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp. + 详情 + + + + 641189385f33bb1b91751ea0043b6275 + CVE-2023-4496 + 2023-10-04 13:15:26 + Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter. + 详情 + + + + 122e8a08fbae0b948c74ba348ea9b038 + CVE-2023-4495 + 2023-10-04 13:15:26 + Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp. + 详情 + + + + 1d8d4e2f26089891b78362dd762a8558 + CVE-2023-4494 + 2023-10-04 13:15:26 + Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine. + 详情 + + + + d3d952f6dc8655117121015f600086a5 + CVE-2023-4493 + 2023-10-04 13:15:25 + Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact. + 详情 + + 310d0d3e9d94763c028edd46af7d0ac8 CVE-2023-4997 @@ -2283,6 +2323,22 @@

眈眈探求 | 详情 + + 81b935f928b2b997b6fc9cc58f2db370 + CVE-2023-44974 + 2023-10-03 21:15:10 + An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. + 详情 + + + + fc4f7dfa657e3f5bf049777fc61cb976 + CVE-2023-44973 + 2023-10-03 21:15:10 + An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. + 详情 + + 8c5369129e67d9df89ae6b2f5f63a82e CVE-2023-5255 @@ -2299,6 +2355,14 @@

眈眈探求 | 详情 + + d8dae8102674ea962818f8d36572be58 + CVE-2023-4564 + 2023-10-03 16:15:10 + This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel. + 详情 + + 0dbd62539f3b1621d56f1fd2fc9574ec CVE-2023-4886 @@ -2387,6 +2451,14 @@

眈眈探求 | 详情 + + a66088352c52a7edcfa7a8332841740f + CVE-2023-4659 + 2023-10-02 15:15:15 + Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication. + 详情 + + 1ddd7b203d4442582fb039d4e7a6a2e0 CVE-2023-5106 @@ -2395,78 +2467,6 @@

眈眈探求 | 详情 - - 6f5be1920d82e9d6dc530fa7ac54339d - CVE-2023-5329 - 2023-10-02 00:15:10 - A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability. - 详情 - - - - a169821774aed9156ba6a727d2ff6d59 - CVE-2023-5328 - 2023-10-02 00:15:10 - A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-241029 was assigned to this vulnerability. - 详情 - - - - 8b07a29a4c3b333bc2e2154b7f5a542d - CVE-2023-5327 - 2023-10-01 23:15:08 - A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/dir/. The manipulation of the argument full leads to path traversal. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241028. - 详情 - - - - 9d7536185eb3755e189185b4959f0aa1 - CVE-2023-5326 - 2023-10-01 23:15:08 - A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component WebConfig. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241027. - 详情 - - - - 00bc9214a7f397d1b56b0ae221964ade - CVE-2023-5324 - 2023-10-01 21:15:42 - A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerability affects unknown code of the component Ethernet Interface. The manipulation leads to denial of service. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241024. - 详情 - - - - af6e7926bf594213f7ce8ed5c4bc8b71 - CVE-2023-5322 - 2023-10-01 05:15:09 - ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/edit_manageadmin.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240992. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. - 详情 - - - - 84c2f3c275bcde2fcafb5767d71614f2 - CVE-2023-5323 - 2023-10-01 01:15:24 - Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. - 详情 - - - - ac55b54e3e5df1a2f230e428061a580a - CVE-2023-5112 - 2023-09-30 23:15:40 - Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. - 详情 - - - - a1d4daf3b0efd6abaa387a32952a21df - CVE-2023-5111 - 2023-09-30 23:15:40 - Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. - 详情 - -