Updated by Github Bot

EXP-Tools · Mar 29, 2024 · 7304bab · 7304bab
1 parent 1c89faf
commit 7304bab
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 19 deletions.
diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat
@@ -184,3 +184,18 @@ a922b2c7de692d79941e628db6b4d7f5
 050964d6373ff197b4908c1db3031af3
 dbcf756a3eb3244d57f16de8befcdb84
 507a7a2f2e430a8278d48370f074ee96
+0801fe221df23a2ee3acb50a0ae0caa1
+ae318434389a31d9460b94abdb3bcec6
+0267a45b40925f9ebc88a91ba8bb4e49
+cae326cd4089f9cfe5ab06c212ff2d86
+cddc2dd3fe2662e7f1ae27b1e6e006d1
+d0215d8bb376b8c212214d9fd6c72793
+eb62f26f2976517e26a246c4600ffcfa
+199b2909e2b49abadb3a216cd9303079
+e206dfe989a070a1552f49615f2e07bf
+1543b6b44cc18ddd8f158a647711d6f8
+b53d57e8aadcab53c1c9ea0b442643d1
+c24346163d04f890b913b82c54a10e14
+ae7ee41a459ae9f8dc5b00a326731679
+d3428d60f2f2642a00569f7497e0cb52
+1c80bf7b715200ffc51a9cb078fcdc93
diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat
@@ -130,3 +130,4 @@ e191ff9c800333d8f9447871dc4baf12
 7e5fdbfdc3b1edd8c9d0f499121aa492
 2b3aba82386cc921c94da59b66b311d2
 57c45164ac489c479f1a912479305228
+f1c7bb45161c38412c0ec04359cbc478
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-03-28 23:22:43 -->
+<!-- RELEASE TIME : 2024-03-29 03:23:19 -->
 <html lang="zh-cn">
 
  <head>
@@ -366,79 +366,79 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>33d0e57d9db3c6c3b559de307050207b</td>
        <td>CVE-2024-2992</td>
-       <td>2024-03-27 19:15:50 <img src="imgs/new.gif" /></td>
+       <td>2024-03-27 19:15:50</td>
        <td>A vulnerability was found in Tenda FH1203 2.0.1.6 and classified as critical. This issue affects the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2992">详情</a></td>
       </tr>
 
       <tr>
        <td>6e23175ff4cb5dd254deabc4209b8a8b</td>
        <td>CVE-2024-2991</td>
-       <td>2024-03-27 19:15:49 <img src="imgs/new.gif" /></td>
+       <td>2024-03-27 19:15:49</td>
        <td>A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2991">详情</a></td>
       </tr>
 
       <tr>
        <td>4d3518df25ba82e5e81b3e2583614491</td>
        <td>CVE-2024-2990</td>
-       <td>2024-03-27 19:15:49 <img src="imgs/new.gif" /></td>
+       <td>2024-03-27 19:15:49</td>
        <td>A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. This affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2990">详情</a></td>
       </tr>
 
       <tr>
        <td>f39c5ea69f65484f392135733c72be61</td>
        <td>CVE-2024-29888</td>
-       <td>2024-03-27 19:15:49 <img src="imgs/new.gif" /></td>
+       <td>2024-03-27 19:15:49</td>
        <td>Saleor is an e-commerce platform that serves high-volume companies. When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15`.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29888">详情</a></td>
       </tr>
 
       <tr>
        <td>333ec6180781ae141cb0c450577916ef</td>
        <td>CVE-2024-29887</td>
-       <td>2024-03-27 19:15:49 <img src="imgs/new.gif" /></td>
+       <td>2024-03-27 19:15:49</td>
        <td>Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29887">详情</a></td>
       </tr>
 
       <tr>
        <td>51c2259968bacc5c138fc00ab7eb2a5e</td>
        <td>CVE-2024-29886</td>
-       <td>2024-03-27 19:15:49 <img src="imgs/new.gif" /></td>
+       <td>2024-03-27 19:15:49</td>
        <td>Serverpod is an app and web server, built for the Flutter and Dart ecosystem. An issue was identified with the old password hash algorithm that made it susceptible to rainbow attacks if the database was compromised. This vulnerability is fixed by 1.2.6.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-29886">详情</a></td>
       </tr>
 
       <tr>
        <td>098236b02fe342fe9c0c9011594ef6bc</td>
        <td>CVE-2024-28860</td>
-       <td>2024-03-27 19:15:48 <img src="imgs/new.gif" /></td>
+       <td>2024-03-27 19:15:48</td>
        <td>Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28860">详情</a></td>
       </tr>
 
       <tr>
        <td>bd4dca8f999b64677a177f8803f429f9</td>
        <td>CVE-2024-28247</td>
-       <td>2024-03-27 19:15:48 <img src="imgs/new.gif" /></td>
+       <td>2024-03-27 19:15:48</td>
        <td>The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28247">详情</a></td>
       </tr>
 
       <tr>
        <td>89d273ccd2674ebfd9ea5ddb373a0418</td>
        <td>CVE-2024-28233</td>
-       <td>2024-03-27 19:15:48 <img src="imgs/new.gif" /></td>
+       <td>2024-03-27 19:15:48</td>
        <td>JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28233">详情</a></td>
       </tr>
 
       <tr>
        <td>47add91a5ff20c680211cb27fdd75af1</td>
        <td>CVE-2024-28085</td>
-       <td>2024-03-27 19:15:48 <img src="imgs/new.gif" /></td>
+       <td>2024-03-27 19:15:48</td>
        <td>wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28085">详情</a></td>
       </tr>
@@ -1971,6 +1971,14 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>0801fe221df23a2ee3acb50a0ae0caa1</td>
+       <td>CVE-2024-26128</td>
+       <td>2024-03-29 03:21:09 <img src="imgs/new.gif" /></td>
+       <td>baserCMS跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/92599">详情</a></td>
+      </tr>
+
       <tr>
        <td>7bff88e2b8d49434581ec1e06c85484f</td>
        <td>CVE-2023-44252</td>
@@ -2203,14 +2211,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/92517">详情</a></td>
       </tr>
 
-      <tr>
-       <td>260185a35570fc92a918018ae9c2e506</td>
-       <td></td>
-       <td>2024-03-28 03:22:45 <img src="imgs/new.gif" /></td>
-       <td>SourceCodester Free and Open Source Inventory Management System SQL注入漏洞（CVE-2024</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/92516">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>