Updated by Github Bot

EXP-Tools · Feb 15, 2024 · 4851fde · 4851fde
1 parent 0e99ffc
commit 4851fde
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 13 deletions.
diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat
@@ -129,3 +129,12 @@ c8a5ff171b0773398d860e24109a9fef
 0574e4592040996fa5e91bdbdab29d7f
 e605f60687bee1291f4f4998e6d7f44f
 0ba51ed8561edcf6a0a7f6b84de49ffd
+049ac80ae5e191353215d3ae8b81b3ae
+f15e0d1d4da6925f3063850f2278faa8
+58d6e4df6e25ce5e0ed779b3ecb016c1
+a8add1fdae06df2a868253bd83d1ccae
+828de3844bcf895f2f09fde1d7881527
+f79fcade520a056e99af54d1cc1e8ed2
+fa405654999d64b1d6bad63c83624e82
+0f0202f17db3a0fda74ce0f023ab7382
+ebba115a6e766b22573574dffac87729
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-02-14 23:24:36 -->
+<!-- RELEASE TIME : 2024-02-15 03:25:15 -->
 <html lang="zh-cn">
 
  <head>
@@ -350,95 +350,95 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>a22c2163dbd162788d7bea243b3cd700</td>
        <td>CVE-2024-25121</td>
-       <td>2024-02-13 23:15:09 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 23:15:09</td>
        <td>TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25121">详情</a></td>
       </tr>
 
       <tr>
        <td>2f3b51165c82fc11a3fafaff0cbc3732</td>
        <td>CVE-2024-25120</td>
-       <td>2024-02-13 23:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 23:15:08</td>
        <td>TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25120">详情</a></td>
       </tr>
 
       <tr>
        <td>932602bf23ed6be6fa7cd58444930af1</td>
        <td>CVE-2023-6815</td>
-       <td>2024-02-13 07:15:46 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 07:15:46</td>
        <td>Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6815">详情</a></td>
       </tr>
 
       <tr>
        <td>42df8328796113c645b60c784cbbaf87</td>
        <td>CVE-2024-25914</td>
-       <td>2024-02-13 05:15:09 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 05:15:09</td>
        <td>Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25914">详情</a></td>
       </tr>
 
       <tr>
        <td>ed5cca03f52b4cfb895ff92a9211bad3</td>
        <td>CVE-2024-21491</td>
-       <td>2024-02-13 05:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 05:15:08</td>
        <td>Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21491">详情</a></td>
       </tr>
 
       <tr>
        <td>954baa39956472e2e4f25604d4de7005</td>
        <td>CVE-2023-52431</td>
-       <td>2024-02-13 05:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 05:15:08</td>
        <td>The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled).</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-52431">详情</a></td>
       </tr>
 
       <tr>
        <td>3d503e6f01e58b930dbdd8267b9ccafa</td>
        <td>CVE-2022-48623</td>
-       <td>2024-02-13 05:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 05:15:08</td>
        <td>The Cpanel::JSON::XS package before 4.33 for Perl performs out-of-bounds accesses in a way that allows attackers to obtain sensitive information or cause a denial of service.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2022-48623">详情</a></td>
       </tr>
 
       <tr>
        <td>7b1de36105bcebb60b0301f47e2b21aa</td>
        <td>CVE-2024-25643</td>
-       <td>2024-02-13 04:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 04:15:08</td>
        <td>The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25643">详情</a></td>
       </tr>
 
       <tr>
        <td>c82f8b94754d3c8405cad1cc1c24367c</td>
        <td>CVE-2024-24741</td>
-       <td>2024-02-13 04:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 04:15:08</td>
        <td>SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24741">详情</a></td>
       </tr>
 
       <tr>
        <td>f2f1e142d82a127a8a75009515df0d81</td>
        <td>CVE-2024-22129</td>
-       <td>2024-02-13 04:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 04:15:08</td>
        <td>SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22129">详情</a></td>
       </tr>
 
       <tr>
        <td>4e8a6504adf3b01184d90663573b87cd</td>
        <td>CVE-2024-22024</td>
-       <td>2024-02-13 04:15:07 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 04:15:07</td>
        <td>An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22024">详情</a></td>
       </tr>
 
       <tr>
        <td>fedcff969fe657533267a92fe0fa8bc9</td>
        <td>CVE-2024-25642</td>
-       <td>2024-02-13 03:15:09 <img src="imgs/new.gif" /></td>
+       <td>2024-02-13 03:15:09</td>
        <td>Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25642">详情</a></td>
       </tr>