Updated by Github Bot

EXP-Tools · Feb 18, 2024 · 56caeee · 56caeee
1 parent f67aa34
commit 56caeee
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 21 deletions.
diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat
@@ -169,3 +169,10 @@ b19bec7a5c29e3910395bea9d969b65e
 b0126f618babc0db9d49affc4f0402e6
 062d83f0bdcac326f9f0d6e0fb792479
 45ace596682cd06aa2bd138fffff27e6
+bbf7d0441c4084da50f7c425c23fdf23
+aa51b0f30e2c3691d842a8e2c66f4957
+8b0b86cfaa16f5aa491403f2d594d49b
+234e3ede3825ca75fc7cb1b82dae2126
+e24ecac437560894960719bec987fa36
+243f283c71aec82dc1a05267198311de
+33a678af0904489922e4074e1f63a578
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-02-17 23:21:23 -->
+<!-- RELEASE TIME : 2024-02-18 23:22:13 -->
 <html lang="zh-cn">
 
  <head>
@@ -286,159 +286,159 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>53c6301f0b16a3aa4a5ee955344de741</td>
        <td>CVE-2024-21915</td>
-       <td>2024-02-16 19:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 19:15:08</td>
        <td>A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21915">详情</a></td>
       </tr>
 
       <tr>
        <td>574016161377ae9ae1592699188687af</td>
        <td>CVE-2024-1591</td>
-       <td>2024-02-16 19:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 19:15:08</td>
        <td>Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1591">详情</a></td>
       </tr>
 
       <tr>
        <td>00e0ec8936dea0b4a966b587ff45428d</td>
        <td>CVE-2024-0015</td>
-       <td>2024-02-16 19:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 19:15:08</td>
        <td>In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0015">详情</a></td>
       </tr>
 
       <tr>
        <td>70578916122a5d2d34fb945f0a99dc68</td>
        <td>CVE-2023-40085</td>
-       <td>2024-02-16 19:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 19:15:08</td>
        <td>In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40085">详情</a></td>
       </tr>
 
       <tr>
        <td>b912c9386d4340744f88103808ae773e</td>
        <td>CVE-2023-21165</td>
-       <td>2024-02-16 19:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 19:15:08</td>
        <td>In DevmemIntUnmapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-21165">详情</a></td>
       </tr>
 
       <tr>
        <td>47b8143ac434ef799ef39620e99cf8f6</td>
        <td>CVE-2024-1515</td>
-       <td>2024-02-16 18:15:07 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 18:15:07</td>
        <td>Rejected reason: Erroneous assignement</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1515">详情</a></td>
       </tr>
 
       <tr>
        <td>d1bfee929a23cf2ece3a7993813cec56</td>
        <td>CVE-2024-23591</td>
-       <td>2024-02-16 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 17:15:08</td>
        <td>ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23591">详情</a></td>
       </tr>
 
       <tr>
        <td>909d302aba10cbd9780b93203f2fa1f3</td>
        <td>CVE-2024-1444</td>
-       <td>2024-02-16 17:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 17:15:08</td>
        <td>Rejected reason: Erroneous assignment</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1444">详情</a></td>
       </tr>
 
       <tr>
        <td>f9999686045b837373b3ea9157837116</td>
        <td>CVE-2024-1342</td>
-       <td>2024-02-16 16:15:57 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 16:15:57</td>
        <td>A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1342">详情</a></td>
       </tr>
 
       <tr>
        <td>b7831d3ab4efc3db55ce206998468ce1</td>
        <td>CVE-2024-25320</td>
-       <td>2024-02-16 15:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 15:15:08</td>
        <td>Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25320">详情</a></td>
       </tr>
 
       <tr>
        <td>09ca8eade47c4e19ce5994cb68293cc9</td>
        <td>CVE-2024-22426</td>
-       <td>2024-02-16 12:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 12:15:08</td>
        <td>Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22426">详情</a></td>
       </tr>
 
       <tr>
        <td>5e092470d91476d1c667e2616a3ee4ce</td>
        <td>CVE-2024-22425</td>
-       <td>2024-02-16 12:15:07 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 12:15:07</td>
        <td>Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22425">详情</a></td>
       </tr>
 
       <tr>
        <td>f1e49f17867951bb1cb00f017dddff7e</td>
        <td>CVE-2023-45860</td>
-       <td>2024-02-16 10:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 10:15:08</td>
        <td>In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-45860">详情</a></td>
       </tr>
 
       <tr>
        <td>5e0ecea1fc8c55d101eb1ab772e825f3</td>
        <td>CVE-2024-25466</td>
-       <td>2024-02-16 09:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 09:15:08</td>
        <td>Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25466">详情</a></td>
       </tr>
 
       <tr>
        <td>275ce562ec386f129bec821dfe6102ac</td>
        <td>CVE-2024-24377</td>
-       <td>2024-02-16 09:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 09:15:08</td>
        <td>An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24377">详情</a></td>
       </tr>
 
       <tr>
        <td>002c531670d545c0b3dfc59a58882af7</td>
        <td>CVE-2024-22854</td>
-       <td>2024-02-16 09:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 09:15:08</td>
        <td>DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22854">详情</a></td>
       </tr>
 
       <tr>
        <td>2b8700549de218ee23e3b63b052f42a0</td>
        <td>CVE-2023-51931</td>
-       <td>2024-02-16 09:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 09:15:08</td>
        <td>An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-51931">详情</a></td>
       </tr>
 
       <tr>
        <td>2b51cef4b6153b4165ff8742272eb902</td>
        <td>CVE-2023-49508</td>
-       <td>2024-02-16 08:15:39 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 08:15:39</td>
        <td>Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-49508">详情</a></td>
       </tr>
 
       <tr>
        <td>4d55c97a364e59bd41e8fc711dfde5d5</td>
        <td>CVE-2023-6451</td>
-       <td>2024-02-16 04:15:08 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 04:15:08</td>
        <td>Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6451">详情</a></td>
       </tr>
 
       <tr>
        <td>67f58b2e636db49d7ef8686f7a709a34</td>
        <td>CVE-2024-25415</td>
-       <td>2024-02-16 02:15:51 <img src="imgs/new.gif" /></td>
+       <td>2024-02-16 02:15:51</td>
        <td>A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25415">详情</a></td>
       </tr>