Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Mar 8, 2024
1 parent 3e3a0cd commit 8a163b9
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,3 +178,13 @@ e6a55f3d471e165d5315fad8e7121dbf
8bc662c4fe8bc31a4ea175160d885279
c8be9c868a87e971805c84a37edd3641
9f0523fed1f182ffe7f7a34b01cd0d72
7c6e04ba0395f0c422c9a82b8a92cdc4
6167b027b24f8c5a5f2352a5b8463319
4ec36acad042cdeab89908bb2f8454c6
bd7aaf80be8221bb44d4ce10993e4662
d23033babc2b5858785714891b4b3047
3357acad6c5a0cf612ff4bb1a264dbba
22596440abc068e743867023bd60a72a
641478d1c36094ea083a4cc299fff4b9
b6904d65b01672cdff3000821bef896b
df38e9c0681f8b7afca895a826be8b83
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-03-08 05:28:49 -->
<!-- RELEASE TIME : 2024-03-08 07:24:56 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>7c6e04ba0395f0c422c9a82b8a92cdc4</td>
<td>CVE-2024-2285</td>
<td>2024-03-08 03:15:06 <img src="imgs/new.gif" /></td>
<td>A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/member_edit.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-256052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2285">详情</a></td>
</tr>

<tr>
<td>6167b027b24f8c5a5f2352a5b8463319</td>
<td>CVE-2024-2284</td>
<td>2024-03-08 03:15:06 <img src="imgs/new.gif" /></td>
<td>A vulnerability classified as problematic was found in boyiddha Automated-Mess-Management-System 1.0. Affected by this vulnerability is an unknown functionality of the file /member/chat.php of the component Chat Book. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256051. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2284">详情</a></td>
</tr>

<tr>
<td>4ec36acad042cdeab89908bb2f8454c6</td>
<td>CVE-2024-2283</td>
<td>2024-03-08 02:15:51 <img src="imgs/new.gif" /></td>
<td>A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2283">详情</a></td>
</tr>

<tr>
<td>bd7aaf80be8221bb44d4ce10993e4662</td>
<td>CVE-2024-2282</td>
<td>2024-03-08 02:15:51 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2282">详情</a></td>
</tr>

<tr>
<td>d23033babc2b5858785714891b4b3047</td>
<td>CVE-2024-2281</td>
<td>2024-03-08 02:15:51 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2281">详情</a></td>
</tr>

<tr>
<td>3357acad6c5a0cf612ff4bb1a264dbba</td>
<td>CVE-2024-26313</td>
<td>2024-03-08 02:15:50 <img src="imgs/new.gif" /></td>
<td>Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.13.P3 HF1 (6.13.0.3.1) is also a fixed release.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26313">详情</a></td>
</tr>

<tr>
<td>22596440abc068e743867023bd60a72a</td>
<td>CVE-2024-26309</td>
<td>2024-03-08 02:15:50 <img src="imgs/new.gif" /></td>
<td>Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26309">详情</a></td>
</tr>

<tr>
<td>641478d1c36094ea083a4cc299fff4b9</td>
<td>CVE-2024-25849</td>
<td>2024-03-08 02:15:50 <img src="imgs/new.gif" /></td>
<td>In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25849">详情</a></td>
</tr>

<tr>
<td>b6904d65b01672cdff3000821bef896b</td>
<td>CVE-2024-25848</td>
<td>2024-03-08 02:15:50 <img src="imgs/new.gif" /></td>
<td>In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25848">详情</a></td>
</tr>

<tr>
<td>df38e9c0681f8b7afca895a826be8b83</td>
<td>CVE-2024-25845</td>
<td>2024-03-08 02:15:50 <img src="imgs/new.gif" /></td>
<td>In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25845">详情</a></td>
</tr>

<tr>
<td>0537b98aec6bbb0bab47810d126902ad</td>
<td>CVE-2023-47691</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-27302">详情</a></td>
</tr>

<tr>
<td>a12e6709f2372fba2bedeb76e6ee98f1</td>
<td>CVE-2024-27289</td>
<td>2024-03-06 19:15:08</td>
<td>pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-27289">详情</a></td>
</tr>

<tr>
<td>1bde3a0016dbe1bffed80582b4a87f29</td>
<td>CVE-2024-2173</td>
<td>2024-03-06 19:15:08</td>
<td>Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2173">详情</a></td>
</tr>

<tr>
<td>881f070e95c767cf158ee51c5fb3fecc</td>
<td>CVE-2024-27288</td>
<td>2024-03-06 19:15:07</td>
<td>1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-27288">详情</a></td>
</tr>

<tr>
<td>fa72333eeec3853c565bbd783727f727</td>
<td>CVE-2024-27287</td>
<td>2024-03-06 19:15:07</td>
<td>ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves unsanitized data with `Content-Type: text/html; charset=UTF-8`, allowing a remote authenticated user to inject arbitrary web script and exfiltrate session cookies via Cross-Site scripting. It is possible for a malicious authenticated user to inject arbitrary Javascript in configuration files using a POST request to the /edit endpoint, the configuration parameter allows to specify the file to write. To trigger the XSS vulnerability, the victim must visit the page` /edit?configuration=[xss file]`. Abusing this vulnerability a malicious actor could perform operations on the dashboard on the behalf of a logged user, access sensitive information, create, edit and delete configuration files and flash firmware on managed boards. In addition to this, cookies are not correctly secured, allowing the exfiltration of session cookie values. Version 2024.2.2 contains a patch for this issue.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-27287">详情</a></td>
</tr>

<tr>
<td>98af55805385d19566f4abc70c0dd3e6</td>
<td>CVE-2024-25111</td>
<td>2024-03-06 19:15:07</td>
<td>Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25111">详情</a></td>
</tr>

<tr>
<td>76fe749e528b0e0ba03347d2879ef0d0</td>
<td>CVE-2024-25858</td>
<td>2024-03-05 21:15:09</td>
<td>In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25858">详情</a></td>
</tr>

<tr>
<td>c7582ee4f5d6421d0d4b5f101909241c</td>
<td>CVE-2024-2179</td>
<td>2024-03-05 21:15:09</td>
<td>Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2179">详情</a></td>
</tr>

<tr>
<td>c01f995d91e3d4add2ffe5dcf5720d77</td>
<td>CVE-2024-25616</td>
<td>2024-03-05 21:15:08</td>
<td>Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25616">详情</a></td>
</tr>

<tr>
<td>4c64d1c8ff764f6a383dc6c3838eecd1</td>
<td>CVE-2024-25615</td>
<td>2024-03-05 21:15:08</td>
<td>An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25615">详情</a></td>
</tr>

<tr>
<td>d2ba4c9f567c010245c39bd0260ab3e7</td>
<td>CVE-2024-25614</td>
<td>2024-03-05 21:15:08</td>
<td>There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25614">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 8a163b9

Please sign in to comment.