Updated by Github Bot

EXP-Tools · Sep 29, 2023 · 463a352 · 463a352
1 parent 4721a9d
commit 463a352
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/NVD.dat b/cache/NVD.dat
@@ -127,3 +127,13 @@ c9b755d9f9ddbb0fd8f420c630920222
 50632a4d89f102ff4fb7d135ede42249
 65f7a1d63bc7b89a3525598825bf0470
 4bb11a54a9622af003b091644b566cdb
+507a0f6f3264cdbec430bd2d2275a1a1
+199fd12c50a689f6d41da15691227515
+61daef1fcfe13a63c435d20e9eb84958
+75be3cfd6041283db50bbd38e92696dd
+bb3033f090249d3003c94e5ea7af1bd0
+8ff69bd38008665d2d98e872a87e6c57
+2cb9c69a0d04f560ae7892899fa0497b
+de2bef3c7bf693403c7394276cd63215
+6c24c15da493c723bbac6d81c3f16dd8
+3e75410c4926e75933e0789ac50e7783
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2023-09-29 18:28:22 -->
+<!-- RELEASE TIME : 2023-09-29 20:23:25 -->
 <html lang="zh-cn">
 
  <head>
@@ -2275,6 +2275,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5161">详情</a></td>
       </tr>
 
+      <tr>
+       <td>507a0f6f3264cdbec430bd2d2275a1a1</td>
+       <td>CVE-2023-44042</td>
+       <td>2023-09-27 15:19:35 </td>
+       <td>A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44042">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>199fd12c50a689f6d41da15691227515</td>
+       <td>CVE-2023-44023</td>
+       <td>2023-09-27 15:19:35 </td>
+       <td>Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44023">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>61daef1fcfe13a63c435d20e9eb84958</td>
+       <td>CVE-2023-44022</td>
+       <td>2023-09-27 15:19:35 </td>
+       <td>Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44022">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>75be3cfd6041283db50bbd38e92696dd</td>
+       <td>CVE-2023-44021</td>
+       <td>2023-09-27 15:19:35 </td>
+       <td>Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44021">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>bb3033f090249d3003c94e5ea7af1bd0</td>
+       <td>CVE-2023-44020</td>
+       <td>2023-09-27 15:19:35 </td>
+       <td>Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44020">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8ff69bd38008665d2d98e872a87e6c57</td>
+       <td>CVE-2023-44019</td>
+       <td>2023-09-27 15:19:35 </td>
+       <td>Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44019">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2cb9c69a0d04f560ae7892899fa0497b</td>
+       <td>CVE-2023-44018</td>
+       <td>2023-09-27 15:19:35 </td>
+       <td>Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44018">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>de2bef3c7bf693403c7394276cd63215</td>
+       <td>CVE-2023-44017</td>
+       <td>2023-09-27 15:19:35 </td>
+       <td>Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44017">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6c24c15da493c723bbac6d81c3f16dd8</td>
+       <td>CVE-2023-44016</td>
+       <td>2023-09-27 15:19:35 </td>
+       <td>Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44016">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3e75410c4926e75933e0789ac50e7783</td>
+       <td>CVE-2023-44015</td>
+       <td>2023-09-27 15:19:34 </td>
+       <td>Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function.</td>
+       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44015">详情</a></td>
+      </tr>
+
       <tr>
        <td>d180a520e938734ec2a15357cc3952dc</td>
        <td>CVE-2023-5129</td>
@@ -2387,86 +2467,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5147">详情</a></td>
       </tr>
 
-      <tr>
-       <td>083cd1afd9bfb8473e74b45b2c2fcfcc</td>
-       <td>CVE-2023-5134</td>
-       <td>2023-09-23 08:15:10 </td>
-       <td>The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5134">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b9d8a8407aa45fc540dfc495b16f71d0</td>
-       <td>CVE-2023-5125</td>
-       <td>2023-09-23 05:15:31 </td>
-       <td>The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5125">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>420062f419187effc2e771cb2657311d</td>
-       <td>CVE-2023-5002</td>
-       <td>2023-09-22 14:15:47 </td>
-       <td>A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5002">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a97ea477c346e6ecb082f8ffcaa76da8</td>
-       <td>CVE-2023-5068</td>
-       <td>2023-09-21 23:15:13 </td>
-       <td>Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5068">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c4c8e6fad1208c422fb884063dc408dc</td>
-       <td>CVE-2023-5104</td>
-       <td>2023-09-21 09:15:10 </td>
-       <td>Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5104">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>55154e097ca9cd9178e1cedd8fe4e00b</td>
-       <td>CVE-2023-5074</td>
-       <td>2023-09-20 16:15:12 </td>
-       <td>Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5074">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>5b6d7eb859ebe5065c9fa2568539c343</td>
-       <td>CVE-2023-5042</td>
-       <td>2023-09-20 12:15:12 </td>
-       <td>Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5042">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>be01985caf3d13a706450396ccdce1b6</td>
-       <td>CVE-2023-5084</td>
-       <td>2023-09-20 10:15:15 </td>
-       <td>Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5084">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>50632a4d89f102ff4fb7d135ede42249</td>
-       <td>CVE-2023-4853</td>
-       <td>2023-09-20 10:15:14 </td>
-       <td>A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4853">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1d49a765844dd4af56f01d5405420162</td>
-       <td>CVE-2023-5063</td>
-       <td>2023-09-20 03:15:14 </td>
-       <td>The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5063">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>