Updated by Github Bot

EXP-Tools · Jan 29, 2024 · 4c146e8 · 4c146e8
1 parent 9b80d55
commit 4c146e8
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -147,3 +147,13 @@ e986d395598d19401395104eeca1519e
 1a5ec28c571dc836fcd613294741ef8d
 c892f9951b643d8e1468bf299d61ea00
 324a25d0aba2a4858ffab49072b254b7
+473a1433857f362acf47dd779c9eea40
+8dc731d746b0a5c9f8a6f265cef31abf
+f031ddb163829ab6182756b9ef11e114
+d04e550809d196640d93dfc3c62c969e
+6078898299e83d53addbfd8900192204
+472c47915972b39591a8f931fa09fae1
+6f71fe2dbe5298650f81774d0edf835b
+c1917799c3c0a8ab58846b1fdede1aa8
+ca3c24e063902fc549f20c2788ab76a1
+1e6db803faa5b3ba5945979f199a482f
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-01-29 10:28:25 -->
+<!-- RELEASE TIME : 2024-01-29 19:18:28 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>473a1433857f362acf47dd779c9eea40</td>
+       <td>CVE-2024-23828</td>
+       <td>2024-01-29 17:15:10 <img src="imgs/new.gif" /></td>
+       <td>Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This vulnerability has been patched in version 2.0.0.beta.12.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23828">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8dc731d746b0a5c9f8a6f265cef31abf</td>
+       <td>CVE-2024-1011</td>
+       <td>2024-01-29 17:15:10 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1011">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f031ddb163829ab6182756b9ef11e114</td>
+       <td>CVE-2024-1010</td>
+       <td>2024-01-29 17:15:09 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1010">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d04e550809d196640d93dfc3c62c969e</td>
+       <td>CVE-2024-1009</td>
+       <td>2024-01-29 17:15:09 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1009">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6078898299e83d53addbfd8900192204</td>
+       <td>CVE-2024-0788</td>
+       <td>2024-01-29 17:15:09 <img src="imgs/new.gif" /></td>
+       <td>SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0788">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>472c47915972b39591a8f931fa09fae1</td>
+       <td>CVE-2023-40551</td>
+       <td>2024-01-29 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40551">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6f71fe2dbe5298650f81774d0edf835b</td>
+       <td>CVE-2023-40550</td>
+       <td>2024-01-29 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40550">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c1917799c3c0a8ab58846b1fdede1aa8</td>
+       <td>CVE-2023-40549</td>
+       <td>2024-01-29 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40549">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ca3c24e063902fc549f20c2788ab76a1</td>
+       <td>CVE-2023-40546</td>
+       <td>2024-01-29 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create the new variable, it tries to print an error message to the user; however, the number of parameters used by the logging function doesn't match the format string used by it, leading to a crash under certain circumstances.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40546">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>1e6db803faa5b3ba5945979f199a482f</td>
+       <td>CVE-2023-1705</td>
+       <td>2024-01-29 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>Missing Authorization vulnerability in Forcepoint F|One SmartEdge Agent on Windows (bgAutoinstaller service modules) allows Privilege Escalation, Functionality Bypass.This issue affects F|One SmartEdge Agent: before 1.7.0.230330-554.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-1705">详情</a></td>
+      </tr>
+
       <tr>
        <td>9d8120d1e371fdb99039595e693d0e9e</td>
        <td>CVE-2023-6200</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0930">详情</a></td>
       </tr>
 
-      <tr>
-       <td>8044db14b7ba1a2af6e6762bf80da4f6</td>
-       <td>CVE-2024-0929</td>
-       <td>2024-01-26 16:15:22</td>
-       <td>A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0929">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>7a58d2179f0d312e159264e1185f81e8</td>
-       <td>CVE-2024-0928</td>
-       <td>2024-01-26 16:15:21</td>
-       <td>A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0928">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1838af6091f9d767a2df04c959aa84eb</td>
-       <td>CVE-2024-22551</td>
-       <td>2024-01-26 15:15:09</td>
-       <td>WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22551">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8665a5c5e99ca87c3b94ae0e6b4e728f</td>
-       <td>CVE-2024-22550</td>
-       <td>2024-01-26 15:15:09</td>
-       <td>An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22550">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9064397a38bcd2314f52a05f6421fa12</td>
-       <td>CVE-2024-0927</td>
-       <td>2024-01-26 15:15:09</td>
-       <td>A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0927">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e5cc7ec2bbba3d0392583e514b875ebd</td>
-       <td>CVE-2024-0926</td>
-       <td>2024-01-26 15:15:08</td>
-       <td>A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0926">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>528b759e97d234c322a4c853cd945b81</td>
-       <td>CVE-2024-0925</td>
-       <td>2024-01-26 15:15:08</td>
-       <td>A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0925">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>fe33c8da43483ddb0ceb6eedf10b88e9</td>
-       <td>CVE-2024-0924</td>
-       <td>2024-01-26 15:15:08</td>
-       <td>A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0924">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9089b2ba0eb72b3e5a56e3352bd4b6db</td>
-       <td>CVE-2023-33760</td>
-       <td>2024-01-25 08:15:08</td>
-       <td>SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue can allow attackers to eavesdrop on communications via a man-in-the-middle attack.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-33760">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d03311c34d865b00d28ae17aba6bb8df</td>
-       <td>CVE-2023-33759</td>
-       <td>2024-01-25 08:15:08</td>
-       <td>SpliceCom Maximiser Soft PBX v1.5 and before does not restrict excessive authentication attempts, allowing attackers to bypass authentication via a brute force attack.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-33759">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>