From 64f850a2c8c3255b77c592df5033a9e54fb3eefa Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Thu, 10 Oct 2024 21:23:26 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 +++ data/cves.db | Bin 49602560 -> 49610752 bytes docs/index.html | 162 ++++++++++++++++++------------------- 3 files changed, 91 insertions(+), 81 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 26b51bd5554..275178e0070 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -148,3 +148,13 @@ f53bb28287e6047e747a03d247e65973 e118c55d332902b96be360221d288ebe a527326d291d1c4543a041fe01037b2a a3cd5d3170d5bb34afedb2701802eded +dfa4a6190fd7db71398cbe165104799f +5fecda3a6c9b0e5493bce57bffda2d26 +3899d9438f12e23dcacb9dbd3038087c +546d5a035e17cd43f49f54a53aa1448a +72b79308071b93914bd1d8d76f6fdfb2 +348e467c14b334a11dfab9319ecdef70 +0cfb2ae586379312325c5bd7bbcfce4f +814b7b2cb8616b2f1c8ae7e7dfafee15 +6934ba7568a466d8f213c3b93eb948b1 +8856413412be45dffb014938d9fa924d diff --git a/data/cves.db b/data/cves.db index 484502a77a907e6f905f288affe355e2d4d8ae3d..f0435d6f670b5cc355e11394d14ecaffdfe4cf15 100644 GIT binary patch delta 5109 zcmd7UX>=4-76)*uk|u$KB$%*BSUM~sOF~yy^%fUEP(%WP5l~!md#Mf)k`7r=L^Le_ zAfgadjEeHW9dQ9%P!Izupn^yMC4wj*E{F>V&gkfj^KZbJ(N8lTKg>D(d*}4)s(bFe z_3FK@S--PgP0g-$b=i)rX3hGIT;S}lWla}|2GJo2kVJ?B(j1ZmNrtq5w1lKUQX#D% zX^?bC2BbCQ3`iy<3(^MC7SayV9&#q610);L5z-0L8PWyfgycZFLb^e^LwZ2Yg7k!( z4e15x4e0~v3(1A#LHa>l5Ch_dm=Fu%fp{T4h#wMwmU;#6CtILGDr+k4w(e0fK)=NAk~n`kn15g zK&C)$giM9p1epf88FCAx1~MHo12Pjb3j#R1$h(m3kVeQ3$WF*E$a|3YA-f?>kPjexAbTMnLiRyE zf_x0w4>AqZ2=Xc9Gsx$VFCd2@UqX&RzJh!W`3CYWDBk}dg(yrBvMEZ%G@eT6I+{Qesg%knM&&e#DyWjGsG26z z^>hPGp&Mx`-9*#qX1axHXgbZHnKX+)wKSVq@LAJRVhh(4zMbbt=hCv=EDrO)Vd`hpJAmvn@_qOa*2`j(E;G5U^< z(+T>X{z8AHALvK=8~sE-)8FYI^ouq}biV$iQvxNDgPKzkB~uG(Nhy>{ttgGsDT7+m z8I(y`)P~wpJ8Dm7QU}VWj?{@dQx|el4t1q&)SY_JS=5uxre4&W`cPlWr9A3KE;7hX zCRyYmFZsw%0m`Ry=v+FF&Zqt~fCkb9G>8V%g>(@Op^IrKT|&dCfQHiux|BxJD7uUa z>2exPV`wa0L08f^x{9u*Yv@`kqImy<6rwOi$fhV2(|9VO>u3T^q*5xQ7?sl`s-Q}$ zqH3B<*V7F&g>Iy&bQ4XZo9Py+q3JY(X3{JI)zWObmFCcGG?#9tJ7^xwr#f0dchX&S zH!Y-lsGjbn`{;gJL=Vt|w3rkvp{4W?Jxq_#qx2X(PEXJ>dXkpYQ}i@FL(kF*T1l(u zIeMO6pciR1y+kk58d^)Q&^mgR8fZOjpx5YidV@C7CfZDI(p&U4ZK1974sD}%X*)I2 z4%$h(=skL$c2g65KznE}eMtN0Bl?*3(*Zh2pU@%tls==+=?gkcU+U}Ri2lg@^RrrLpEXM#leR2PYc(kKu9QP9Iy-J|$Z+=2wrRPu zGa0qz@Z6rYoy^)!MW#Oxhy*OtA2r;z+l+*R;ZPtFikL3b@A9k04_?)?wSZcgl&d?_ z3#Js5+C`P+!D8EK}(&xFcYwQAg_=~YV74ek6>IXmJx zd(^gl`}DSdAjH4(Hv+zZ3j@*AJf8ooVdku1MUiOG3VMxzD;n`dLO#O`_`@OF@OliF zUZOgCqy2mOW>@`c>t zkl$-~L++>%_6KdB?PGtUwymb`T%%_@EX!vYYTz>)^-XD~3$XGHPrl1KIk`ct7}r7T zrdBN4qbIs}=}ZkxsqtRVNHJ%m6uH9DkUMC5{9e-+Fb%iq_Jlp5h%XchN5i%<<{sBO zw)cAcg`*0bL(8tS!&N1*vV7;oB_X?_OdYG8uC-C~8ot%jlSjlR2c3h47uGNRVt!jS zVCrEl^Soc@@|__&8mq9Ko;+9HfA;!Rs-8a-J>&P$Rb&5;^xlTWbmN^&iB~zZwK=nO zk!ksD%j*lXp{8jC4TCKVvD^S(6g#RKmu%Iui{j-Etgad#>FcZ-UlFS=9`BrNS5&fI zrz_9Q^Y(Q{N+Qm(Se3J~IvOnrm)K=h6Q?*Uf@P6dX~~VYv%1o*a1I?@>8y%5%PZ{3 z{M{LjO`KQ~k5O5l^TT(U%C%~Tp4_FvE-tC8;?*Z_DGQd`mAtZgV#HZl9*afmuladw zyTsyPNtvn}^1Rk&!oSw$>3;p+r8&RDR6V=CX3_2rYK7yt?#Oe`4x_1M{0Y>Snzf}x zK6i-g%jM@1Wa9&T5D_EdkNCV%Z!{8B$6RlpdZ&XuFVy=eDNENnsI>zc^{gak;S{#2 zRBh+C95s0KBCWgHziES>q881$N*l2F&6~7}-*2RC)%wH~&HA4r{AN$``{J8_i<9}E z-26S3H{uDpOpk5&!V$}iT7js?3VO_7(6FrfQFCrMGco>>s|`z2^lY_c|9Gus`fqpD zJau5Vrgd9-eV)oFGc?EVOKGPv))s4-e=yd+i%RD~ z;g4@TdW$EUrEY7{(0cuB?LK|At9)Sdq}t^wD21tZBX8Tx zGE)eZ$LzdE++ z*s0|?Ds-;qQA>u`=^akjx}o}Ut+yKa#2P&*p&(ZLA7wgNWP=)%%ekEYZa$X7{B+Q&iq9G delta 2872 zcmWmGW0xLS6hz_VjcwbuHL-0c727r|wr$%^I<{?gY>a0zv-`ude?YBu?z+Q=-%K$4 z=#2!^l7x#KDpZbY(^D1?9eIST&{n_-V}-TCS>de+Rzxe371@enMYWZZ z+lphwwc=Uvtprv=E0LAhN@69ol3B^E6jn+rm6h5`W2LpyS?R3|Rz@q6mD$Q-Wwo+d z*{vK_PAiv{+sb3*wenf{tpZj-tB_ULDqo8dgoKmQ~xTW7W0lS@o?3Rzs_i)!1rcHMN>q%`Nt6VYRecS*@)$ zR$Hr`)!yo0b+kHJovkibSF4-V-RfcWw0c>+tv*&?tDn{18ek2y23doxA=Xf9m^IuQ zVU4s#S)(mmW2~{(IBUE$!J24IvL;(otf|&CYq~YVnrY3lW?OTtxz;>uzO}$wXf3i9 zTT85^)-r3kwZd9yt+G~IYpk`_I%~bP!P;nTvNl^=tgY5IYrD0>+G*{wc3XR_z1BW! zzjeSmXdSW+TSu%Q>!@|iI&Ph?PFkm|)7Ba5taZ*hZ(Xo1T9>TL))nijb#6n3dTzb2f~}X$CO6 z`f7c%zFR-6U#;J)->pBaKdry4zpa0)f32U^f8!N;vO*((FbIoq2#*Meh)9TxD2R$^ zh>jSDiCBn@IEagQh>rwFh(t(?BuI*6NRAXpiBw39G)RkdNRJH2h)l?gEXay%$c`My ziCoByJjjcD$d3Xjh(aigA}ESt_yxsL0wqxjrBMcDQ4Zx%0TodRl~Dy%Q4Q5m12s_# zwNVFkQ4jUe01eRyjnM>6(G1NIvVRM-L@TsL8?;3`v_}VYL??7c7j#88bVm>LL@)G4 zAM`~(^v3`U#2^gD5DdjI495tJ#3+o0F$QBX4&yNa6EO*sF$GgG4bw3LGcgOZF$Z%o z5A(4A3$X}`u>?!849l?sE3pczu?B0g4(qW28?gzSu?1VP4coB;JFyG9u?Ksx5BqTd z2XP38aRfm)ieosA6F7-eIE^zni*q=S3%H0&xQr{fifg!z8@P#ExQ#owi+i|_2Y84_ zc#J1_if4F^7YN2nyuxd|!CSn;dwjr0e8OjZ!B>34cl^Mw_zl0~5B!P0@HhU!zxav& zLXTH~^G5(-5EkJO9uW``kq{YC5Eao79Wf9Su@D<^5Et zqYTQT9Ll2tDxwl9qYA2`8mglPYN8fuqYmn#9_ph38ln*zqY0X#8JZ(x{}yP8R%nej zXp44ej}GXFPUws-=!$OWjvnZVUg(WJ=!<^nj{z8nK^Tl77>Z#Sju9A%Q5X$l48~#{ z#$y5|ViG1}3Z`Njreg+XVism&4(4JW=3@aCVi6W&36^3RmSY80Vii_n4c1~E)?))U zViPuF3$|h#wqpl&Vi$H}5B6do_TvB!;t&qw2!e1F$8a1ca1y6*8fS18=Wreua1obq z8CP%>*Ki#-a1*z18+ULQ_i!H%@DPvi7*FsN&+r^C5R8|2h1Yn4w|EygtoMOcQzP~a z_dHa{=QSwmwD*DFKv3+ILjqR=b4xspns#dN?DqlkAtWC|@+l;rL-HjgUqkXOB;Nx; x!Lxq^QWlO8K1y(?818LZK1jXWYzY%tC&h90Dh7SsU@FS2k?EhVhRqX%( diff --git a/docs/index.html b/docs/index.html index d2b48677a19..06fd71535c1 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + dfa4a6190fd7db71398cbe165104799f + CVE-2024-9792 + 2024-10-10 15:15:15 + A vulnerability classified as problematic has been found in D-Link DSL-2750U R5B017. This affects an unknown part of the component Port Forwarding Page. The manipulation of the argument PortMappingDescription leads to cross site scripting. It is possible to initiate the attack remotely. + 详情 + + + + 5fecda3a6c9b0e5493bce57bffda2d26 + CVE-2024-9790 + 2024-10-10 15:15:15 + A vulnerability was found in LyLme_spage 1.9.5. It has been classified as critical. Affected is an unknown function of the file /admin/sou.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 3899d9438f12e23dcacb9dbd3038087c + CVE-2024-9789 + 2024-10-10 14:15:06 + A vulnerability was found in LyLme_spage 1.9.5 and classified as critical. This issue affects some unknown processing of the file /admin/apply.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 546d5a035e17cd43f49f54a53aa1448a + CVE-2024-9788 + 2024-10-10 14:15:06 + A vulnerability has been found in LyLme_spage 1.9.5 and classified as critical. This vulnerability affects unknown code of the file /admin/tag.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 72b79308071b93914bd1d8d76f6fdfb2 + CVE-2024-9787 + 2024-10-10 14:15:06 + A vulnerability, which was classified as problematic, was found in Contemporary Control System BASrouter BACnet BASRT-B 2.7.2. This affects an unknown part of the component UDP Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 348e467c14b334a11dfab9319ecdef70 + CVE-2024-9312 + 2024-10-10 14:15:05 + Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. + 详情 + + + + 0cfb2ae586379312325c5bd7bbcfce4f + CVE-2024-4658 + 2024-10-10 14:15:05 + SQL Injection: Hibernate vulnerability in TE Informatics Nova CMS allows SQL Injection.This issue affects Nova CMS: before 5.0. + 详情 + + + + 814b7b2cb8616b2f1c8ae7e7dfafee15 + CVE-2024-44711 + 2024-10-10 14:15:04 + Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. + 详情 + + + + 6934ba7568a466d8f213c3b93eb948b1 + CVE-2024-9786 + 2024-10-10 13:15:14 + A vulnerability, which was classified as critical, has been found in D-Link DIR-619L B1 2.06. Affected by this issue is the function formSetLog of the file /goform/formSetLog. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + 详情 + + + + 8856413412be45dffb014938d9fa924d + CVE-2024-9785 + 2024-10-10 13:15:14 + A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. Affected by this vulnerability is the function formSetDDNS of the file /goform/formSetDDNS. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + 详情 + + 4b0e3d6ba62b645859b02ee236ddfed6 CVE-2024-9675 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 00397b8d0b784bec2f7739c9abc957d3 - CVE-2024-9292 - 2024-10-08 05:36:26 - The Bridge Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - e5516ecd8eb79b0735f1cc00a04a371c - CVE-2024-21533 - 2024-10-08 05:15:14 - All versions of the package ggit are vulnerable to Arbitrary Argument Injection via the clone() API, which allows specifying the remote URL to clone and the file on disk to clone to. The library does not sanitize for user input or validate a given URL scheme, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options. - 详情 - - - - 3d59d92ee4520119046e314fe5accedc - CVE-2024-21532 - 2024-10-08 05:15:13 - All versions of the package ggit are vulnerable to Command Injection via the fetchTags(branch) API, which allows user input to specify the branch to be fetched and then concatenates this string along with a git command which is then passed to the unsafe exec() Node.js child process API. - 详情 - - - - 16bbd5e5f272ab160e2d52e3faa9b2f1 - CVE-2024-9026 - 2024-10-08 04:15:11 - In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. - 详情 - - - - 356e6c84caaa4947b19331fbecca8a42 - CVE-2024-8927 - 2024-10-08 04:15:10 - In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. - 详情 - - - - 6d3c04d2f425744017138518788e0f23 - CVE-2024-8926 - 2024-10-08 04:15:10 - In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. - 详情 - - - - 601619e02f703d4b4c8b3e7cbbbf705f - CVE-2024-8925 - 2024-10-08 04:15:09 - In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. - 详情 - - - - ecc7a17d4e840dad5ddbf4ab2e6d3606 - CVE-2024-47594 - 2024-10-08 04:15:09 - SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised. - 详情 - - - - df44c380b56a5ac18326ead6ecedb463 - CVE-2024-45382 - 2024-10-08 04:15:08 - in OpenHarmony v4.1.0 and prior versions allow a local attacker cause DOS through out-of-bounds write. - 详情 - - - - f7b47b35fa6960b6468cacdf31bd5ec3 - CVE-2024-45282 - 2024-10-08 04:15:08 - Fields which are in 'read only' state in Bank Statement Draft in Manage Bank Statements application, could be modified by MERGE method. The property of an OData entity representing assumably immutable method is not protected against external modifications leading to integrity violations. Confidentiality and Availability are not impacted. - 详情 - -