Updated by Github Bot

EXP-Tools · Oct 10, 2024 · 64f850a · 64f850a
1 parent 44050cc
commit 64f850a
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -148,3 +148,13 @@ f53bb28287e6047e747a03d247e65973
 e118c55d332902b96be360221d288ebe
 a527326d291d1c4543a041fe01037b2a
 a3cd5d3170d5bb34afedb2701802eded
+dfa4a6190fd7db71398cbe165104799f
+5fecda3a6c9b0e5493bce57bffda2d26
+3899d9438f12e23dcacb9dbd3038087c
+546d5a035e17cd43f49f54a53aa1448a
+72b79308071b93914bd1d8d76f6fdfb2
+348e467c14b334a11dfab9319ecdef70
+0cfb2ae586379312325c5bd7bbcfce4f
+814b7b2cb8616b2f1c8ae7e7dfafee15
+6934ba7568a466d8f213c3b93eb948b1
+8856413412be45dffb014938d9fa924d
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-10-10 09:25:40 -->
+<!-- RELEASE TIME : 2024-10-10 21:23:24 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>dfa4a6190fd7db71398cbe165104799f</td>
+       <td>CVE-2024-9792</td>
+       <td>2024-10-10 15:15:15 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9792">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>5fecda3a6c9b0e5493bce57bffda2d26</td>
+       <td>CVE-2024-9790</td>
+       <td>2024-10-10 15:15:15 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9790">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3899d9438f12e23dcacb9dbd3038087c</td>
+       <td>CVE-2024-9789</td>
+       <td>2024-10-10 14:15:06 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9789">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>546d5a035e17cd43f49f54a53aa1448a</td>
+       <td>CVE-2024-9788</td>
+       <td>2024-10-10 14:15:06 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9788">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>72b79308071b93914bd1d8d76f6fdfb2</td>
+       <td>CVE-2024-9787</td>
+       <td>2024-10-10 14:15:06 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9787">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>348e467c14b334a11dfab9319ecdef70</td>
+       <td>CVE-2024-9312</td>
+       <td>2024-10-10 14:15:05 <img src="imgs/new.gif" /></td>
+       <td>Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9312">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>0cfb2ae586379312325c5bd7bbcfce4f</td>
+       <td>CVE-2024-4658</td>
+       <td>2024-10-10 14:15:05 <img src="imgs/new.gif" /></td>
+       <td>SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4658">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>814b7b2cb8616b2f1c8ae7e7dfafee15</td>
+       <td>CVE-2024-44711</td>
+       <td>2024-10-10 14:15:04 <img src="imgs/new.gif" /></td>
+       <td>Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-44711">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6934ba7568a466d8f213c3b93eb948b1</td>
+       <td>CVE-2024-9786</td>
+       <td>2024-10-10 13:15:14 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9786">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8856413412be45dffb014938d9fa924d</td>
+       <td>CVE-2024-9785</td>
+       <td>2024-10-10 13:15:14 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9785">详情</a></td>
+      </tr>
+
       <tr>
        <td>4b0e3d6ba62b645859b02ee236ddfed6</td>
        <td>CVE-2024-9675</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8629">详情</a></td>
       </tr>
 
-      <tr>
-       <td>00397b8d0b784bec2f7739c9abc957d3</td>
-       <td>CVE-2024-9292</td>
-       <td>2024-10-08 05:36:26</td>
-       <td>The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9292">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e5516ecd8eb79b0735f1cc00a04a371c</td>
-       <td>CVE-2024-21533</td>
-       <td>2024-10-08 05:15:14</td>
-       <td>All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21533">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3d59d92ee4520119046e314fe5accedc</td>
-       <td>CVE-2024-21532</td>
-       <td>2024-10-08 05:15:13</td>
-       <td>All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21532">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>16bbd5e5f272ab160e2d52e3faa9b2f1</td>
-       <td>CVE-2024-9026</td>
-       <td>2024-10-08 04:15:11</td>
-       <td>In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9026">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>356e6c84caaa4947b19331fbecca8a42</td>
-       <td>CVE-2024-8927</td>
-       <td>2024-10-08 04:15:10</td>
-       <td>In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8927">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6d3c04d2f425744017138518788e0f23</td>
-       <td>CVE-2024-8926</td>
-       <td>2024-10-08 04:15:10</td>
-       <td>In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8926">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>601619e02f703d4b4c8b3e7cbbbf705f</td>
-       <td>CVE-2024-8925</td>
-       <td>2024-10-08 04:15:09</td>
-       <td>In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8925">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ecc7a17d4e840dad5ddbf4ab2e6d3606</td>
-       <td>CVE-2024-47594</td>
-       <td>2024-10-08 04:15:09</td>
-       <td>SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47594">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>df44c380b56a5ac18326ead6ecedb463</td>
-       <td>CVE-2024-45382</td>
-       <td>2024-10-08 04:15:08</td>
-       <td>in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45382">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f7b47b35fa6960b6468cacdf31bd5ec3</td>
-       <td>CVE-2024-45282</td>
-       <td>2024-10-08 04:15:08</td>
-       <td>Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45282">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>