From 7f508c308734d22db857e84447c320efe859ecee Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Mon, 6 May 2024 07:23:40 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Nsfocus.dat | 15 ++ cache/Tenable (Nessus).dat | 10 + data/cves.db | Bin 47374336 -> 47382528 bytes docs/index.html | 408 ++++++++++++++++++------------------- 4 files changed, 229 insertions(+), 204 deletions(-) diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat index 0e9e3776df2..93c95fcab38 100644 --- a/cache/Nsfocus.dat +++ b/cache/Nsfocus.dat @@ -153,3 +153,18 @@ cdf22a4762a00b817b34982257e1611a d8c2187333424069680d896e5e9ca3e3 152510ee40988d3c5b0ecfe958967ad3 63936b54f826345e37697c2a78d9d27a +cb59eb70d7428377f8783d5397287f1f +068fe3709b3bf2768f9a03fe6538dbdc +446eabb6eb998bd1baf511e13aac574d +19407191d4cffe6df8d09277d071fc5b +112685263d2c3b142bbb4bd479db6941 +40876afc3f52fd027a6debc0fb444919 +ebc1a3a69c0ec73e9639c98287562c19 +99ecdf638254481e548aaa3853147afb +6fef2b83d3b8226b4076df446427cb23 +536d14266d7592f2938bd141d5acd298 +e5d5ae3301e97bd9db6048ee8a9f9b1b +0ce299f0bc6ac86723e0ecff4e08e817 +e650ba3da06dcb5ced4aba5744679baf +cb3ed5920eeacfef0f3cdec6b0dda487 +888b6ce799c73abbf66f927267164418 diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 28a440c7d8d..66053d62765 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -122,3 +122,13 @@ d43a7635a07e7d333585d0738dc300fe c36c5f3ab5c1f39bfa19caa675010301 21c9f7c337ff541d7e2fc92a89dfb471 5a052594ee52aa6cdd21db8de39c800a +a17cc9c6a507e5918bd1cbcd0f975cfd +f55f8b1ade4f73e4ad136e03c255fdd9 +cb7430efbbc16c0c4f1e71f7d2f2e910 +1702b5d377f89cd6202d232063f0a7f0 +ea01733ce09667fe17089c86319b132a +d9695d1d87eda1178e0471a00551c451 +56059de2c13e85066a934b40bd15c8d0 +b1b9a644388df6faac1056112348b5c3 +ff40b24a628cf6c9dfba323cd6ad9113 +83f92f9a231d6605dcfb8ae470bc73f2 diff --git a/data/cves.db b/data/cves.db index ef4948cec064f8d9df1a784edd68bae0e8ea1838..af272b4435b90f7820d48e55dbdf26b264741673 100644 GIT binary patch delta 6564 zcmb`~cX(8F)(3FrCIJEg2}lWbkX{0}7dnLA6BJa$oLfm~37G^$L^8-BqM~9UR;~(m zK~P3SK|n-7I+ktf!Zz346>y8IyO#GmBd?SI@4Jut$A{-(V9xoS^Q%+2V_&n%%Kgpm zZk2JcR;^rdWprTVV4RpDOafCHQ#w-yQ*EX?Om&$und&jsXUbw~z|@fGGNwjM*-VX@ znlN3?)Rd_iQ*)*kOgT&~nOZTmW@^LKmZ=?6l&L+_6-*tNIx=-)>de%IsVh@ArtVBV zn0hkhGWBBW%_K5OOfr+gq%vttI+MXzN9f&>x%0VRD%~CZ8!_n$A?jRLnGkX(rPwrrAt$m`a#RndUN;F~yk5nJSp(G0kVX zfoTELjZ6!fZem)*bTiXprb?zb(-Njzn3ggz(=w(irdyeoGu_5?JJTIZE12$Nx{K*< zrj<_vnI2(!lxa0n$n+S~<4jL5tzlZr^d!?$OiwdC z!}KiEb4<@Oy}-1NX+6`6OdFUsGQGs~GSeoe1k)=_o0(o^+QRf2)9XxInYJ;#!L*%e z2h&cbH<@-Zy~VVf>20QWnD#L3WqOxsAJcxO155{*4lx~OI>L06={=_RnLc3pkm+Yk zKWF*{(=VBR#q<%=$4s9v{hH|*({ZNXF#VS4cTB%$`UBIaOn+qhjOkBIe`fj%)8|Yl zm`*aCV)}yVuS|bq`a9DEBG>Fn!DP9n<&ADYAkhAV3%g0Ue+tbb`*% z1-e2v=ng%gC*(pe=nW!BAcF!bXrO}uCRor1`a(bG4+CHz41&Qh1oB`g41?h?0!G3p z7!6}!ER2KkFaah)J`}(txDu{{$uI@3hHKzjmLA!!z(K zJO|Ii3$PB>!;7#1Ho{BrGHikbyaJoyRoDWr!RxRUw!s^)9d^J@coTNPTd*76hIe2O z?1gt>AMA$%a1ai`VK@Ru;XQaCK7bG5XYh0Q1^g0z1s}o3@Cp1Hj=^#G4g3~<2fv3u zz^Cv>_zeC8e}=!n=Wqf}!YTLy{tADCzr#P^OZX>z1z*Fz;NS2Kd<);f_mSl!VEcmr zX^;*XP#fw%UC4xbP#?0O0W^fmpb=z4V`u`GLsMu5&7lS4Kuc%^t)UIHg?12y_HYGs zfR4}!Izt!e3f-VP^njj_3%#H>h#-Ls3aFrg4hEQDK_BP~{h&V#fPpXw2E!1@gP|}C zhQkOL38P>%jDfK*4#vX-mD1SFWd+B!z!qT2jD??2p)z<;89o&Av^|;!xOLu*20tU z6g&;jz_aiiJP$9xI#>@c!Uos~FTu;O2@>!MY=&213%mxe!&cY^Z@_lg0XyMM*adIF zZg?BsfjzJn-i3Xz9}d7lI0T1gGr`oI=br{mgO3X?Kpw1 z2bOHex*_SRDw&_YzWvjO!@SAEa%E9gb0tgB!W%bj62_-%xuPCM_Z$|w4OK-oK8zCs zQc)E|bsfd`G)oqJ-*y8(5Cg^ad{=iw&$Ct2I6tbX%i+of6+*LCgFP==UJ}i-%gUp9 z6|wS?+0g>uD=zch@^E4n{zrII{X;_Iv$E%@q89JSiT-s_Qw+&{T@xK!@oZ7|Tt{<# zPqiIeGgMVKEXNLNB-hk%?0ZXuuGL~%|AuwcT=7h42(HJ+aH1bdYY@K%(M8vnEh`Wm zSGQeLH)O>ZeK!bHUo?GFI$he7k}_{%nIDTqr<8{A2geDmawe6y#rCYubDUUd-yidLUgw21v-mGW5p#-SgEq=BbkncB0Hwy zDUK=2x`VoPFTkv+vf($+oVy@~sFIXSVEk_a-*F{dv31MEGB6b1 z(iO|KOxZLvU3Mkw{83w0_zec#@*?r`R7s9^;)I@zUx5NJC5CPXt`cZ+;EA$f>mG87 zfupLbb%FS%7LHlwMy?32-nB_+aaM1}s*)1#zzHoGdM-jslB}DWtSg@EDh}q^aU9k0 zR3o{fELA#x=%%RuIJ@D5gWpD)*T|8tN@~0XC)8w)smUA`rctsaPsJYbF`uR<;(ReY zd>Xh~js6?fnY9`nJjHjy_TRlAv_5wdJXO--I1823+NqQ5lB)YSy>#EPtmG2KHrFJ{ zmlWG}vGcw2OR+TR$5NtWOQx4ZCl!^-i{MeGFLHj;UKeo z#}GY3l}*Jk0@J`w(G<(TN(-bKhniu?X9}D+%U;l{sJuo+X*l4wkND`QuqExX2Dp0C zYss~;YSpcqUawYl_J)EEJ*y_+!l^edx686=%Cc#Nk|D~D=B3hGuBYRu@?=F8btMq( zu>G^6BP}!3Tve08x%-QRu3`Am9wD<1CNX!29Se^yRnP{Yc8^98wnu|K~z zn(dd{PMDuDBGN5=dYSEo?Tb8NV-sDGWU<$o(=aM3VRZd|p=nt8VM82VKP7k?f`{1) z*GD=lsqyMn3pg<(S!h+7Qk7QdI)#pdkf#hSo8XnF--wN|z-7B<8OV)Y3 z#lefzSvr2U&@(*zeoW}zdS0qfT!lq`Sz*kcWtS}|ES@v3q}cVPFyG&b5TAT7JklXN zrhOS%k{a9>d%uo!t9SY?`u~*v6Z366xmy?`p(LX!#)-kHIbWnKTT~cmT3|Yo?fGhe z<4v_aNzr{#ab^62SG}?6nw<1x55xFpMSIsrZxfb&69_{tzfdQ_ zLugg6@YLRjkRIkc2Zh@N%+AVXQp7mZ05$w#)h?mKe=mOi2QNh?t9a6&X0vJ`CkCaa zKSQa?D6}QRbuC=*nrQf%B_&T3*Ks{Dunf%&cLrO8Rsu@SpHU%Pu;j3E<^Z8fSoyvn zm=~OV4{N@7R!j*uZp@B!NuOOZr#!URcEpMq^y10L%GBal&RP7IXuwa+mRfN39_)q| zsdiY&v!Hflb*+Y9Wevz&Rr^Hx$nA|zb&A{($z@zkqtK{sOLLW_xwfg`v4~SoRwPf? zMa^>q$FzOb!1KsZs*gW#OHM--FGo=`M$L)N^cRc@OOG}ZKI>y@IKND(Z*){FR^dlS z4eb*hJa*zF@$~2CRIc=qv_7JBPJp(T4p5z~-`+_*otfKnVq|K}-IS%>Y&_LOM^?V=2hZ3nw8}~j**rUA_i#f+BVk)|;G!(57aDl-^Z#q$r^B?m zM40f{-u;m-;h-tIg>)%7491;3A~pUV%F-S-9(b0Gx4B}Pc-REE;3QGgahEHq>1g53 z%(sQsb@9Dq!@TO9wS(s2hJtBAG<^Pm6UoYmmD}YN)yG$yT4R_RZW-0OKrN}yFH*}T zV`5$|6*Jsev`y$DC%bDU%Nl;BEDg)Y@_am*6yMZDUAHYo#TyV?Pjk)ciTxw{r1D>ANW4c zd7cv&cRwQT^1XDvQ{~(yj8)fXjQT*TUD&8RyC`-Rl}-j)v}_k+E$EJ$Es`9v+7$7 ztXQj|)yQgWHL;pn&8+5D3#+Bo%4%)3vD#YgtoBw1tE1J)>TGqfx?0_=?p6UU~7mq)EZ_Dw?!5YWI&2-Wj#|g8%4Wrx@cXpg4Sj0ignexW?i>#SU0U()@|#Kb=SIQ-M1cC53NVmV=K{m zVm-BY)-Tqt)^FDD)=TRT>rd-1>u>8H>tE|X>s7o$7AXV)Bt$q8N&! z1WF=JvyKxI-xVVpewqeJ9^-C|DNcD-spqA=!gCofPol3~( zfsq)6(HMiV7>DtgfQgud$(Vwvn1<pfzIEe(D z!fBkrS)9XpT);(KLJ*g61y^wm*Kq?kaSOL`2X}D~_wfJ^@d%HRh$nc8XLti|;w`+5 zcknLW!*jfk5AY#A!pHaopW-uojxX>fzQWh|2H)a4e2*9S0YBm={ET1lD}KZ8c!@vo zC;r0U_y_;uKfDTwSAh8=fTT!<5%~$kqMcR1rf-KY{-rr z$cbFYjXcPUNaRC)6hJ`~LSYm^Q4~XQlt4*Dp%hA^49cP$%A*1*q7o{j3aX+Ss-p&K zq86f28!@PZx~PZxXnMZw7yZy5127PSFc?EH6vHqaBQO%9FdAbp7UM7;6EG2zFd0)Y71J;sahQRb zn1$Ie=3p-7As+Lw01L4Qi?IYtu?)+x0xPi!tFZ=au@3980UNOio3RC3u?^d?13R$` zyRip*u@C!k00(ghhj9c)aSX?C0wMCT`(2 z?%*!&;XWSVAs*pz;Gz-(JEw=eOc|Zz^{EVo$0Y_{gak8gZ5$F6x~65B@El8G;u8bG pnD{4wYYjpJ;ju~5WD5^wNMAjqQnFxVkVZqqvPXcF?{txP|2|xe< diff --git a/docs/index.html b/docs/index.html index cefcb99fc9c..c77e06a23d9 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + a17cc9c6a507e5918bd1cbcd0f975cfd + CVE-2024-4519 + 2024-05-06 04:15:07 + A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/teacher_salary_details3.php. The manipulation of the argument month leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263123. + 详情 + + + + f55f8b1ade4f73e4ad136e03c255fdd9 + CVE-2024-4518 + 2024-05-06 04:15:07 + A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view/teacher_salary_invoice.php. The manipulation of the argument desc leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263122 is the identifier assigned to this vulnerability. + 详情 + + + + cb7430efbbc16c0c4f1e71f7d2f2e910 + CVE-2024-4517 + 2024-05-06 03:15:10 + A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /view/teacher_salary_invoice1.php. The manipulation of the argument date leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263121 was assigned to this vulnerability. + 详情 + + + + 1702b5d377f89cd6202d232063f0a7f0 + CVE-2024-4516 + 2024-05-06 03:15:10 + A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /view/timetable.php. The manipulation of the argument grade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263120. + 详情 + + + + ea01733ce09667fe17089c86319b132a + CVE-2024-34538 + 2024-05-06 03:15:10 + Mateso PasswordSafe through 8.13.9.26689 has Weak Cryptography. + 详情 + + + + d9695d1d87eda1178e0471a00551c451 + CVE-2024-20064 + 2024-05-06 03:15:09 + In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08572601; Issue ID: MSV-1229. + 详情 + + + + 56059de2c13e85066a934b40bd15c8d0 + CVE-2024-20060 + 2024-05-06 03:15:09 + In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541754. + 详情 + + + + b1b9a644388df6faac1056112348b5c3 + CVE-2024-20059 + 2024-05-06 03:15:09 + In da, there is a possible escalation of privilege due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541749; Issue ID: ALPS08541749. + 详情 + + + + ff40b24a628cf6c9dfba323cd6ad9113 + CVE-2024-20058 + 2024-05-06 03:15:09 + In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204. + 详情 + + + + 83f92f9a231d6605dcfb8ae470bc73f2 + CVE-2024-20057 + 2024-05-06 03:15:09 + In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08587881; Issue ID: ALPS08587881. + 详情 + + 9a64fd3ea990ec616bdbf594b16b0e6e CVE-2024-4493 @@ -366,7 +446,7 @@

眈眈探求 | + 2024-05-04 04:15:08 The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2024-05-04 04:15:08 The ConvertPlug plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cp_dismiss_notice() function in all versions up to, and including, 3.5.25. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary option values to true. 详情 @@ -382,7 +462,7 @@

眈眈探求 | + 2024-05-04 03:15:07 The Folders Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's First Name and Last Name in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - ac66cc99274caf3291f5817da9178d35 - CVE-2023-51633 - 2024-05-03 03:16:26 - Centreon sysName Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The specific flaw exists within the processing of the sysName OID in SNMP. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-20731. - 详情 - - - - a0798c0f796e7021600d2ef234f58ef0 - CVE-2023-51629 - 2024-05-03 03:16:26 - D-Link DCS-8300LHV2 ONVIF Hardcoded PIN Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the ONVIF API. The issue results from the use of a hardcoded PIN. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21492. - 详情 - - - - e80f987b9ff9b35392f2f8244d4f5d4d - CVE-2023-51628 - 2024-05-03 03:16:26 - D-Link DCS-8300LHV2 ONVIF SetHostName Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the SetHostName ONVIF call. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21322. - 详情 - - - - 46f29bd980de06a8ebc24878742c1242 - CVE-2023-51627 - 2024-05-03 03:16:25 - D-Link DCS-8300LHV2 ONVIF Duration Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the parsing of Duration XML elements. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21321. - 详情 - - - - 52ad7a82b62d8d60fdae38178d490699 - CVE-2023-51626 - 2024-05-03 03:16:25 - D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Username Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Authorization header by the RTSP server, which listens on TCP port 554. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21320. - 详情 - - - - 4431d98ea772b4629ef4c2e6b2166dac - CVE-2023-51625 - 2024-05-03 03:16:25 - D-Link DCS-8300LHV2 ONVIF SetSystemDateAndTime Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the ONVIF API, which listens on TCP port 80. When parsing the sch:TZ XML element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21319. - 详情 - - - - 3262c3282f459575e3730674dfa6ec08 - CVE-2023-51624 - 2024-05-03 03:16:25 - D-Link DCS-8300LHV2 RTSP ValidateAuthorizationHeader Nonce Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DCS-8300LHV2 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Authorization header by the RTSP server, which listens on TCP port 554. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20072. - 详情 - - - - 87b0a67caebeb6d322369e9ecb07da45 - CVE-2023-51623 - 2024-05-03 03:16:25 - D-Link DIR-X3260 prog.cgi SetAPClientSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21673. - 详情 - - - - 8bf9873653202197861eac6240c60a2b - CVE-2023-51622 - 2024-05-03 03:16:25 - D-Link DIR-X3260 prog.cgi SetTriggerPPPoEValidate Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21672. - 详情 - - - - 9e3eb4cfbdb6d13fe19bf78ace056fe0 - CVE-2023-51621 - 2024-05-03 03:16:24 - D-Link DIR-X3260 prog.cgi SetDeviceSettings Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of a user-supplied string before copying it to a fixed-size stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21670. - 详情 - - @@ -1971,6 +1971,126 @@

眈眈探求 | TITLE URL + + cb59eb70d7428377f8783d5397287f1f + CVE-2024-1772 + 2024-05-06 07:21:26 + WordPress Play.ht Plugin PHP对象注入漏洞 + 详情 + + + + 068fe3709b3bf2768f9a03fe6538dbdc + CVE-2024-1691 + 2024-05-06 07:21:26 + WordPress Otter Blocks Plugin跨站脚本漏洞 + 详情 + + + + 446eabb6eb998bd1baf511e13aac574d + CVE-2024-1951 + 2024-05-06 07:21:26 + WordPress Logo Showcase Ultimate Plugin PHP对象注入漏洞 + 详情 + + + + 19407191d4cffe6df8d09277d071fc5b + CVE-2024-1793 + 2024-05-06 07:21:26 + WordPress AWeber Plugin SQL注入漏洞 + 详情 + + + + 112685263d2c3b142bbb4bd479db6941 + CVE-2024-1806 + 2024-05-06 07:21:26 + WordPress Paid Membership Plugin跨站脚本漏洞 + 详情 + + + + 40876afc3f52fd027a6debc0fb444919 + CVE-2024-1985 + 2024-05-06 07:21:26 + WordPress Simple Membership Plugin跨站脚本漏洞 + 详情 + + + + ebc1a3a69c0ec73e9639c98287562c19 + CVE-2024-1996 + 2024-05-06 07:21:26 + WordPress Premium Addons PRO Plugin跨站脚本漏洞 + 详情 + + + + 99ecdf638254481e548aaa3853147afb + CVE-2024-1997 + 2024-05-06 07:21:26 + WordPress Premium Addons PRO Plugin跨站脚本漏洞 + 详情 + + + + 6fef2b83d3b8226b4076df446427cb23 + CVE-2024-1680 + 2024-05-06 07:21:26 + WordPress Premium Addons for Elementor Plugin跨站脚本漏洞 + 详情 + + + + 536d14266d7592f2938bd141d5acd298 + CVE-2024-1684 + 2024-05-06 07:21:26 + WordPress Otter Blocks Plugin跨站脚本漏洞 + 详情 + + + + e5d5ae3301e97bd9db6048ee8a9f9b1b + CVE-2024-1843 + 2024-05-06 07:21:26 + WordPress Auto Affiliate Links Plugin未经授权数据修改漏洞 + 详情 + + + + 0ce299f0bc6ac86723e0ecff4e08e817 + + 2024-05-06 07:21:26 + WordPress Wp Social Login and Register Social  Counter未经授权数据修改漏洞(CVE-2 + 详情 + + + + e650ba3da06dcb5ced4aba5744679baf + CVE-2024-1854 + 2024-05-06 07:21:26 + WordPress Essential Blocks Plugin跨站脚本漏洞 + 详情 + + + + cb3ed5920eeacfef0f3cdec6b0dda487 + CVE-2024-1862 + 2024-05-06 07:21:26 + WordPress WooCommerce Add to Cart Custom Redirect Plugin未授权数据修改漏洞 + 详情 + + + + 888b6ce799c73abbf66f927267164418 + CVE-2024-1935 + 2024-05-06 07:21:26 + WordPress Giveaways and Contests by RafflePress Plugin跨站脚本漏洞 + 详情 + + 5d4011ca3e542aa85f2fcf7b406e1375 CVE-2024-1237 @@ -2091,126 +2211,6 @@

眈眈探求 | 详情 - - ffec44b7c9b5c454820a34ea7e81d75b - CVE-2024-0897 - 2024-04-29 07:20:11 - WordPress Beaver Builder Plugin跨站脚本漏洞 - 详情 - - - - de900c571fcdae243929e25e28f0954b - CVE-2024-0681 - 2024-04-29 07:20:11 - WordPress Page Restriction WordPress Plugin信息泄露漏洞 - 详情 - - - - 516fe54989515b0ef3d280009280faff - CVE-2024-0830 - 2024-04-29 07:20:11 - WordPress Comments Extra Fields For Post,Pages and CPT跨站请求伪造漏洞 - 详情 - - - - fb829fb4be9e40c8717093e6d744e51b - CVE-2024-0871 - 2024-04-29 07:20:11 - WordPress Beaver Builder Plugin跨站脚本漏洞 - 详情 - - - - 23ad19b0d9a1f1e2b8fc9a36f974020c - CVE-2024-0326 - 2024-04-29 07:20:11 - WordPress Premium Addons for Elementor Plugin跨站脚本漏洞 - 详情 - - - - 9b5c752a63498554fc69f7d39240d962 - CVE-2024-0591 - 2024-04-29 07:20:11 - WordPress wpDataTables Plugin跨站脚本漏洞 - 详情 - - - - c8685b500771219df8138e15650719b9 - CVE-2023-7015 - 2024-04-29 07:20:11 - WordPress File Manager Pro Plugin跨站脚本漏洞 - 详情 - - - - ca35e15ca9dcb390a48b602cb6aef85e - CVE-2024-1071 - 2024-04-29 07:20:11 - WordPress Ultimate Member Plugin SQL注入漏洞 - 详情 - - - - a76fd9fd1b320ffb3a2ec5253cc8e13b - CVE-2024-0976 - 2024-04-29 07:20:11 - WordPress WP Event Manager Plugin跨站脚本漏洞 - 详情 - - - - cdf22a4762a00b817b34982257e1611a - CVE-2023-51698 - 2024-04-29 03:23:11 - MATE Desktop Atril 操作系统命令注入漏洞 - 详情 - - - - 05b8250fda511d5eb2bbaae002f809c8 - CVE-2024-0467 - 2024-04-29 03:23:11 - Employee Profile Management System跨站脚本漏洞 - 详情 - - - - 86672e745e4a1326778264bc68d88e61 - CVE-2010-10011 - 2024-04-29 03:23:11 - Acritum Femitter Server路径遍历漏洞 - 详情 - - - - d8c2187333424069680d896e5e9ca3e3 - CVE-2024-0466 - 2024-04-29 03:23:11 - Employee Profile Management System SQL注入漏洞 - 详情 - - - - 152510ee40988d3c5b0ecfe958967ad3 - CVE-2024-0465 - 2024-04-29 03:23:11 - Employee Profile Management System路径遍历漏洞(CVE-2024-0465 ) - 详情 - - - - 63936b54f826345e37697c2a78d9d27a - CVE-2024-0464 - 2024-04-29 03:23:11 - Online Faculty Clearance SQL注入漏洞 - 详情 - -