Updated by Github Bot

EXP-Tools · Mar 19, 2024 · 54d5ba3 · 54d5ba3
1 parent b3e5550
commit 54d5ba3
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -155,3 +155,13 @@ b312fdaf4f3df6e68eb9dd29171281fa
 ca953f99528fb922a6ef219baff2088c
 1532decf35f30119bee0f8163daaa652
 28d180bda17470bfd63ecbef13d96658
+adeb0e0c00576ea167cf0aef811fae9e
+a746525e89bccb7f57cadbaa391f79c4
+79fca2c6630cdf911e14019478d8b4f2
+beca12c5a9388bb6286949713d477a68
+815f1b2e9d29598fb2e6d23d915b56aa
+464760fb94218f2fe851d4cb7c20ae82
+349a5938c7d72779a73b4d0566806fcc
+53a28dda0f35a24ae3cc51bc6b0a28fc
+a918ce8713690f1f3d00f005aeee251e
+fdd01d7f9b5a5415d5db81a87fdc7409
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-03-19 07:22:17 -->
+<!-- RELEASE TIME : 2024-03-19 22:26:05 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>adeb0e0c00576ea167cf0aef811fae9e</td>
+       <td>CVE-2024-29027</td>
+       <td>2024-03-19 19:15:06 <img src="imgs/new.gif" /></td>
+       <td>Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29027">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a746525e89bccb7f57cadbaa391f79c4</td>
+       <td>CVE-2024-28303</td>
+       <td>2024-03-19 19:15:06 <img src="imgs/new.gif" /></td>
+       <td>Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28303">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>79fca2c6630cdf911e14019478d8b4f2</td>
+       <td>CVE-2024-29094</td>
+       <td>2024-03-19 17:15:12 <img src="imgs/new.gif" /></td>
+       <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Google Analytics 4 ): from n/a through 1.1.7.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29094">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>beca12c5a9388bb6286949713d477a68</td>
+       <td>CVE-2024-2545</td>
+       <td>2024-03-19 17:15:12 <img src="imgs/new.gif" /></td>
+       <td>Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1730. Reason: This candidate is a duplicate of CVE-2024-1730. Notes: All CVE users should reference CVE-2024-1730 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2545">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>815f1b2e9d29598fb2e6d23d915b56aa</td>
+       <td>CVE-2024-2442</td>
+       <td>2024-03-19 17:15:12 <img src="imgs/new.gif" /></td>
+       <td>Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2442">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>464760fb94218f2fe851d4cb7c20ae82</td>
+       <td>CVE-2024-2307</td>
+       <td>2024-03-19 17:15:12 <img src="imgs/new.gif" /></td>
+       <td>A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2307">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>349a5938c7d72779a73b4d0566806fcc</td>
+       <td>CVE-2024-29093</td>
+       <td>2024-03-19 17:15:11 <img src="imgs/new.gif" /></td>
+       <td>Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29093">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>53a28dda0f35a24ae3cc51bc6b0a28fc</td>
+       <td>CVE-2024-29092</td>
+       <td>2024-03-19 17:15:11 <img src="imgs/new.gif" /></td>
+       <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29092">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a918ce8713690f1f3d00f005aeee251e</td>
+       <td>CVE-2024-29091</td>
+       <td>2024-03-19 17:15:11 <img src="imgs/new.gif" /></td>
+       <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dnesscarkey WP Armour – Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour – Honeypot Anti Spam: from n/a through 2.1.13.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29091">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fdd01d7f9b5a5415d5db81a87fdc7409</td>
+       <td>CVE-2024-29089</td>
+       <td>2024-03-19 17:15:10 <img src="imgs/new.gif" /></td>
+       <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29089">详情</a></td>
+      </tr>
+
       <tr>
        <td>9edd1fc06e462f55fa51190da1c08de4</td>
        <td>CVE-2024-26125</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2590">详情</a></td>
       </tr>
 
-      <tr>
-       <td>de38eadf3f428a11f8dcb87a3f91b375</td>
-       <td>CVE-2021-47157</td>
-       <td>2024-03-18 05:15:06 <img src="imgs/new.gif" /></td>
-       <td>The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2021-47157">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>05fa1c815f1bdc15126c4104a4719152</td>
-       <td>CVE-2021-47156</td>
-       <td>2024-03-18 05:15:06 <img src="imgs/new.gif" /></td>
-       <td>The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2021-47156">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b62c36b103b401ee5e516be331b8c765</td>
-       <td>CVE-2021-47155</td>
-       <td>2024-03-18 05:15:06 <img src="imgs/new.gif" /></td>
-       <td>The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2021-47155">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>0e564e93560dd868f2941c891b0fc1d0</td>
-       <td>CVE-2021-47154</td>
-       <td>2024-03-18 05:15:06 <img src="imgs/new.gif" /></td>
-       <td>The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2021-47154">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8509d1c26cb8a6400bffbb07c2b563d1</td>
-       <td>CVE-2018-25099</td>
-       <td>2024-03-18 05:15:06 <img src="imgs/new.gif" /></td>
-       <td>In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2018-25099">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>08a7bd9b21a0086546208d94e37a25f8</td>
-       <td>CVE-2024-28745</td>
-       <td>2024-03-18 04:15:09 <img src="imgs/new.gif" /></td>
-       <td>Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28745">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c96d254e874bf118528f3fc1e51212de</td>
-       <td>CVE-2024-27757</td>
-       <td>2024-03-18 04:15:09 <img src="imgs/new.gif" /></td>
-       <td>flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-27757">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>baa5d39b9995d2f0df7da75d3fcab711</td>
-       <td>CVE-2024-2581</td>
-       <td>2024-03-18 03:15:06 <img src="imgs/new.gif" /></td>
-       <td>A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2581">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>831ece73886792578f79b0d05b291316</td>
-       <td>CVE-2024-2577</td>
-       <td>2024-03-18 03:15:06 <img src="imgs/new.gif" /></td>
-       <td>A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2577">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>07448a35e1b99671d77204e6ee1ce710</td>
-       <td>CVE-2024-24539</td>
-       <td>2024-03-18 03:15:06 <img src="imgs/new.gif" /></td>
-       <td>FusionPBX before 5.2.0 does not validate a session.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24539">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>