Updated by Github Bot

EXP-Tools · Jan 2, 2025 · 52bab3f · 52bab3f
1 parent b475bb9
commit 52bab3f
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 33 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -175,3 +175,7 @@ f10ab1c4583f1ef8ae9cccb6b2c77ec8
 e4df652ba160c5b0ad5e5a082b90e546
 a3b73d5aa86921b64b39ed126c0d9be9
 d8d42997602769499342c9bd95f9de6e
+aede7fe13f06f706a298a45f5e0b2725
+e260a21f3fe53cdce8d2071fb94fe84f
+19275921bfa6af21968f16e303f0d7ae
+915f75bdc6c11912a00271d3340a0d20
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2025-01-02 03:27:51 -->
+<!-- RELEASE TIME : 2025-01-02 06:32:37 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,38 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>aede7fe13f06f706a298a45f5e0b2725</td>
+       <td>CVE-2025-22214</td>
+       <td>2025-01-02 04:15:06 <img src="imgs/new.gif" /></td>
+       <td>Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-22214">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>e260a21f3fe53cdce8d2071fb94fe84f</td>
+       <td>CVE-2024-56829</td>
+       <td>2025-01-02 04:15:05 <img src="imgs/new.gif" /></td>
+       <td>Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56829">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>19275921bfa6af21968f16e303f0d7ae</td>
+       <td>CVE-2025-0168</td>
+       <td>2025-01-01 14:15:23 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /_parse/_feedback_system.php. The manipulation of the argument person leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0168">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>915f75bdc6c11912a00271d3340a0d20</td>
+       <td>CVE-2024-11846</td>
+       <td>2025-01-01 06:15:23 <img src="imgs/new.gif" /></td>
+       <td>The does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11846">详情</a></td>
+      </tr>
+
       <tr>
        <td>3a90a772514a1e9c5b18017b660afe2a</td>
        <td>CVE-2024-56021</td>
@@ -491,38 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13029">详情</a></td>
       </tr>
 
-      <tr>
-       <td>e07499f1d7af68cb81536ec240e5ad2a</td>
-       <td>CVE-2024-13028</td>
-       <td>2024-12-29 23:15:06</td>
-       <td>A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13028">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>5cd41072d32fe793e83f8b1ed83048cb</td>
-       <td>CVE-2024-13025</td>
-       <td>2024-12-29 23:15:05</td>
-       <td>A vulnerability was found in Codezips College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Front-end/faculty.php. The manipulation of the argument book_name/book_author leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13025">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c06e13e6f35a75502de6098c34ed930c</td>
-       <td>CVE-2024-13024</td>
-       <td>2024-12-29 21:15:06</td>
-       <td>A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /campaign.php. The manipulation of the argument cname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13024">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9ae627d0718c86c9ff2ff9d54b822bd2</td>
-       <td>CVE-2024-13023</td>
-       <td>2024-12-29 21:15:06</td>
-       <td>A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/search-maid.php of the component Search Maid Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-13023">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>