Updated by Github Bot

EXP-Tools · Feb 17, 2024 · 8755336 · 8755336
1 parent 7299f9d
commit 8755336
Show file tree

Hide file tree

Showing 3 changed files with 92 additions and 82 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -108,3 +108,13 @@ d1bfee929a23cf2ece3a7993813cec56
 909d302aba10cbd9780b93203f2fa1f3
 f9999686045b837373b3ea9157837116
 b7831d3ab4efc3db55ce206998468ce1
+09ca8eade47c4e19ce5994cb68293cc9
+5e092470d91476d1c667e2616a3ee4ce
+f1e49f17867951bb1cb00f017dddff7e
+5e0ecea1fc8c55d101eb1ab772e825f3
+275ce562ec386f129bec821dfe6102ac
+002c531670d545c0b3dfc59a58882af7
+2b8700549de218ee23e3b63b052f42a0
+2b51cef4b6153b4165ff8742272eb902
+4d55c97a364e59bd41e8fc711dfde5d5
+67f58b2e636db49d7ef8686f7a709a34
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-02-16 23:21:42 -->
+<!-- RELEASE TIME : 2024-02-17 01:21:39 -->
 <html lang="zh-cn">
 
  <head>
@@ -363,10 +363,90 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25320">详情</a></td>
       </tr>
 
+      <tr>
+       <td>09ca8eade47c4e19ce5994cb68293cc9</td>
+       <td>CVE-2024-22426</td>
+       <td>2024-02-16 12:15:08 <img src="imgs/new.gif" /></td>
+       <td>Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22426">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>5e092470d91476d1c667e2616a3ee4ce</td>
+       <td>CVE-2024-22425</td>
+       <td>2024-02-16 12:15:07 <img src="imgs/new.gif" /></td>
+       <td>Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22425">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f1e49f17867951bb1cb00f017dddff7e</td>
+       <td>CVE-2023-45860</td>
+       <td>2024-02-16 10:15:08 <img src="imgs/new.gif" /></td>
+       <td>In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-45860">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>5e0ecea1fc8c55d101eb1ab772e825f3</td>
+       <td>CVE-2024-25466</td>
+       <td>2024-02-16 09:15:08 <img src="imgs/new.gif" /></td>
+       <td>Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25466">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>275ce562ec386f129bec821dfe6102ac</td>
+       <td>CVE-2024-24377</td>
+       <td>2024-02-16 09:15:08 <img src="imgs/new.gif" /></td>
+       <td>An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24377">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>002c531670d545c0b3dfc59a58882af7</td>
+       <td>CVE-2024-22854</td>
+       <td>2024-02-16 09:15:08 <img src="imgs/new.gif" /></td>
+       <td>DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22854">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2b8700549de218ee23e3b63b052f42a0</td>
+       <td>CVE-2023-51931</td>
+       <td>2024-02-16 09:15:08 <img src="imgs/new.gif" /></td>
+       <td>An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-51931">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2b51cef4b6153b4165ff8742272eb902</td>
+       <td>CVE-2023-49508</td>
+       <td>2024-02-16 08:15:39 <img src="imgs/new.gif" /></td>
+       <td>Directory Traversal vulnerability in YetiForceCompany YetiForceCRM versions 6.4.0 and before allows a remote authenticated attacker to obtain sensitive information via the license parameter in the LibraryLicense.php component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-49508">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4d55c97a364e59bd41e8fc711dfde5d5</td>
+       <td>CVE-2023-6451</td>
+       <td>2024-02-16 04:15:08 <img src="imgs/new.gif" /></td>
+       <td>Publicly known cryptographic machine key in AlayaCare's Procura Portal before 9.0.1.2 allows attackers to forge their own authentication cookies and bypass the application's authentication mechanisms.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6451">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>67f58b2e636db49d7ef8686f7a709a34</td>
+       <td>CVE-2024-25415</td>
+       <td>2024-02-16 02:15:51 <img src="imgs/new.gif" /></td>
+       <td>A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25415">详情</a></td>
+      </tr>
+
       <tr>
        <td>f4b6c8602f534398ec169444ba866ec5</td>
        <td>CVE-2024-25620</td>
-       <td>2024-02-15 00:15:45 <img src="imgs/new.gif" /></td>
+       <td>2024-02-15 00:15:45</td>
        <td>Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25620">详情</a></td>
       </tr>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-48733">详情</a></td>
       </tr>
 
-      <tr>
-       <td>b157568ce295c7ffe141841db512006e</td>
-       <td>CVE-2024-24699</td>
-       <td>2024-02-14 00:15:48</td>
-       <td>Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24699">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>67d46592f36a6e6aa3aced6fc5f07048</td>
-       <td>CVE-2024-24698</td>
-       <td>2024-02-14 00:15:47</td>
-       <td>Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24698">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>57758f8416a1b377f1f8f5f646e0e3f6</td>
-       <td>CVE-2024-24697</td>
-       <td>2024-02-14 00:15:47</td>
-       <td>Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24697">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4fc2439a64a0a50e76e2cc186fbf3afd</td>
-       <td>CVE-2024-24696</td>
-       <td>2024-02-14 00:15:47</td>
-       <td>Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24696">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6b92a41a529d56ba3e2842980d26ab8d</td>
-       <td>CVE-2024-24695</td>
-       <td>2024-02-14 00:15:47</td>
-       <td>Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24695">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b978aa2c7f93500b0858e8985947e982</td>
-       <td>CVE-2024-24691</td>
-       <td>2024-02-14 00:15:47</td>
-       <td>Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24691">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a5b36580f654adcc45697c56348de1e0</td>
-       <td>CVE-2024-24690</td>
-       <td>2024-02-14 00:15:47</td>
-       <td>Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24690">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>61522674efeb1056d52e655cc279622c</td>
-       <td>CVE-2024-1485</td>
-       <td>2024-02-14 00:15:46</td>
-       <td>A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1485">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a22c2163dbd162788d7bea243b3cd700</td>
-       <td>CVE-2024-25121</td>
-       <td>2024-02-13 23:15:09</td>
-       <td>TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25121">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2f3b51165c82fc11a3fafaff0cbc3732</td>
-       <td>CVE-2024-25120</td>
-       <td>2024-02-13 23:15:08</td>
-       <td>TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25120">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>