diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 77f73c360c8..2e533d5751e 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -111,3 +111,13 @@ e5dc3ecb0abfad6b49eca8db5476b556 b9145be13a08a325d7bdab4079c01da6 57b5bbb4520b0c4df7072b10558dc8c9 f5ae0cd73bc59a023eb7b0a0faa5b3d0 +db7b3a081ca3f10d03d3a63346493552 +99144a98657f2c5933c14b9f8b78fb75 +6091912286b6ef18028b4297cc30ebb1 +dd5dfe631179401fe985da6a4617cacf +801d2b5710bf51e261e22003ae120898 +e0e45694ade204e60b229d73321cfbe9 +f7ffa179db033bc31f364f46d7a73f78 +0af963f8c39ca5652e6928b99e8af797 +7590a906921f2148f5cb3113fc37aebf +cf391ce4c4a09740e68400db21db1b34 diff --git a/data/cves.db b/data/cves.db index 488f9a104da..18e437a332e 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index c6c57555a23..51bd966ecb1 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + db7b3a081ca3f10d03d3a63346493552 + CVE-2023-28616 + 2023-12-26 04:15:07 + An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. It affects user accounts for which the password has an equals sign or space character. The serverd process logs such passwords in cleartext, and potentially sends these logs to the Syslog component. + 详情 + + + + 99144a98657f2c5933c14b9f8b78fb75 + CVE-2023-27150 + 2023-12-26 04:15:07 + openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. + 详情 + + + + 6091912286b6ef18028b4297cc30ebb1 + CVE-2023-7111 + 2023-12-26 03:15:09 + A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Affected is an unknown function of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249006 is the identifier assigned to this vulnerability. + 详情 + + + + dd5dfe631179401fe985da6a4617cacf + CVE-2023-38321 + 2023-12-25 09:15:07 + OpenNDS, as used in Sierra Wireless ALEOS before 4.17.0.12 and other products, allows remote attackers to cause a denial of service (NULL pointer dereference, daemon crash, and Captive Portal outage) via a GET request to /opennds_auth/ that lacks a custom query string parameter and client-token. + 详情 + + + + 801d2b5710bf51e261e22003ae120898 + CVE-2023-49954 + 2023-12-25 08:15:07 + The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address. + 详情 + + + + e0e45694ade204e60b229d73321cfbe9 + CVE-2023-49944 + 2023-12-25 08:15:07 + The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating the decrypted shared key in process memory. The threat is mitigated by the Agent Protection feature. + 详情 + + + + f7ffa179db033bc31f364f46d7a73f78 + CVE-2023-49226 + 2023-12-25 08:15:07 + An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root. + 详情 + + + + 0af963f8c39ca5652e6928b99e8af797 + CVE-2023-48652 + 2023-12-25 08:15:07 + Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated. + 详情 + + + + 7590a906921f2148f5cb3113fc37aebf + CVE-2023-38826 + 2023-12-25 08:15:07 + A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString. + 详情 + + + + cf391ce4c4a09740e68400db21db1b34 + CVE-2023-36486 + 2023-12-25 08:15:07 + The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. + 详情 + + 12eeb28f9825c317799e26619ba03627 CVE-2023-51771 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - fc8b77142f0dc7e758ed5cdffb16e001 - CVE-2023-7090 - 2023-12-23 23:15:07 - A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. - 详情 - - - - ddc16d8025c6e6b91e538bc6bf3246e9 - CVE-2023-49594 - 2023-12-23 20:15:38 - An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. An user login to Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability. - 详情 - - - - beceb7c0d2d3b597435b1f50f1d77670 - CVE-2016-15036 - 2023-12-23 20:15:37 - ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. - 详情 - - - - 80d0a2bfbcab164eb3dda5e24ed93ce3 - CVE-2014-125108 - 2023-12-23 17:15:07 - A vulnerability was found in w3c online-spellchecker-py up to 20140130. It has been rated as problematic. This issue affects some unknown processing of the file spellchecker. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The identifier of the patch is d6c21fd8187c5db2a50425ff80694149e75d722e. It is recommended to apply a patch to fix this issue. The identifier VDB-248849 was assigned to this vulnerability. - 详情 - - - - 3af0800bfa44a02440f0c78d85d85f43 - CVE-2023-7008 - 2023-12-23 13:15:07 - A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records. - 详情 - - - - 1dec5c4182838e0654d76697c4beec74 - CVE-2023-6744 - 2023-12-23 10:15:10 - The Divi theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'et_pb_text' shortcode in all versions up to, and including, 4.23.1 due to insufficient input sanitization and output escaping on user supplied custom field data. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - c2466620c1d423832cf68db56232fed1 - CVE-2020-36769 - 2023-12-23 10:15:08 - The Widget Settings Importer/Exporter Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp_ajax_import_widget_dataparameter AJAX action in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - c023145efa0a5f2872914781aa0670b6 - CVE-2023-5962 - 2023-12-23 09:15:08 - A weak cryptographic algorithm vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. This vulnerability can help an attacker compromise the confidentiality of sensitive data. This vulnerability may lead an attacker to get unexpected authorization. - 详情 - - - - 62c5372d9ebe004725894d61c09330b2 - CVE-2023-5961 - 2023-12-23 09:15:07 - A Cross-Site Request Forgery (CSRF) vulnerability has been identified in ioLogik E1200 Series firmware versions v3.3 and prior. An attacker can exploit this vulnerability to trick a client into making an unintentional request to the web server, which will be treated as an authentic request. This vulnerability may lead an attacker to perform operations on behalf of the victimized user. - 详情 - - - - 24e25211d78ec83bc589e04f7425ee7a - CVE-2023-7002 - 2023-12-23 02:15:45 - The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system. - 详情 - -