From 8a163b9bb13607fc09e5c78c72d8f63c880d069e Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Fri, 8 Mar 2024 07:24:57 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 +++ data/cves.db | Bin 46481408 -> 46489600 bytes docs/index.html | 162 ++++++++++++++++++------------------- 3 files changed, 91 insertions(+), 81 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index b9e72c31e5d..a1db090a982 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -178,3 +178,13 @@ e6a55f3d471e165d5315fad8e7121dbf 8bc662c4fe8bc31a4ea175160d885279 c8be9c868a87e971805c84a37edd3641 9f0523fed1f182ffe7f7a34b01cd0d72 +7c6e04ba0395f0c422c9a82b8a92cdc4 +6167b027b24f8c5a5f2352a5b8463319 +4ec36acad042cdeab89908bb2f8454c6 +bd7aaf80be8221bb44d4ce10993e4662 +d23033babc2b5858785714891b4b3047 +3357acad6c5a0cf612ff4bb1a264dbba +22596440abc068e743867023bd60a72a +641478d1c36094ea083a4cc299fff4b9 +b6904d65b01672cdff3000821bef896b +df38e9c0681f8b7afca895a826be8b83 diff --git a/data/cves.db b/data/cves.db index 09b08ca99c4f5486261e3ef2d83dda3c384d26c5..f9d734dc18073a469aad1df17ffe98d5d01a20ee 100644 GIT binary patch delta 5557 zcmciEdw3Mp-3M@Hk{|>U2nY&6GF$|rB+Ty2?#@QJ#sm=pQ3w|i_|5LlhDefyB!GA$ zA$(0xk)Yz@g-lT69R-n#D29t#+tLhMWcI0_h4# zg>-{-honK$Aw3{HAsLWfklv89A$=fyA?HBOh4h2;hh#zqK+b~T69^@j(#gNgEF_5v4 zaggzl36OlqC6EG0A!H)tQphC8Wsu2`DUc$_RLC?)G30W{6_DwW8ITglOvo(AY{(qQ zm5{lRt040r^C1f$%*Td=AYn)Z;y|L1QpiF`8RTlnB1k!;0#XTyK^8-nK&l|skQ&HR z$TG-s$Tg4^kZU2=L9U0~0J#ye5>gAPgRFwoLsmloxe3w$X@snS+zhz|aw}vl_(1Zjr2kQT^h$o-H9AP+)XArC_`kT%FZ$bQHH z$U(@9ke47YLw*2x1@c44k03vW9D@7=@>9sqAcrAGAU}t^3i$=(mylmUehv8z_)R)eobEzNor%W0^=g~mQB8>*oU>ZV0>3kYS!)XL%(*<-PjiemP zrBS4lhrDEvNj~yZfGi499$iEi(`Xt)V`&_XrwNo#mrwx}(nPwHCedXynWj(?O{Hm6 zOqbIYG@WKp3C*NgG@Itol{A;GqIoo*7EmI8n?e+(2ssp`Qd&r5bTuuaa;l(8iqT?P zLRC~vHMEqL(Q>+mR?xL{9bHd1(2cZ`YN?J^Q9Z3D&`s1pjkJbtrd#M%T1&UlI%=Zz zbUWQachUyBi{iAA?xuU_Ub>GqQ8T&JLYwJ+dVn6JR(gmYrbp;edW;^YCuj>jNl(#M z+D1>)c6x?(&`#P#yXjflL(kFkw3l9>Hrhw~=>Q$17wIK>nSMa8&=2WH^kX_iKcSz} z&*(56p`X*M^b7hW{fd4~zoDb_TY8O-(d%@a-k=k7l72_Or#I;j^hf#=y+v=+JM?FI zm)@iI=`ZwG`hY&9ztKnZclwzALI0#r=u`TPKBq6}U-YH2MpQ0;QYnd&DTO-IS=5EP zQYv+$?vzI9)Ps6b2KA!ebT;*&zH|S;BBZlVTiq&0Li-9oq0 zTDpzaQ4_7F+vyIvlQz&@6sL`JH{C<`(tWgvn#rXW+D!M;1N0!Z(nItxJwlJtWAr#Z zL0jladWyEvHhP-2(=)V#cB*@2m-^rvU7k!H(<$+?*Vg^SE_HTNQgT6ZJY!t#(e5Kl z&|1wSGte4aH|5P;D$DLfc{Wk@B+7G%@_eG~O_UcBr7cnRCCdIpIgls^)wU^bzNqe= zoR*?Abm~!@zCHEsl-HGA8BKGRDLIXovxU^6oZ$^~jfS}kOebvk?XVruO>a2j*dZ$z z)U8m+8?{WI8Q(T2($C%c>N9Gx`%#{u_HwrlUZG?U3B^{FMIsArZT!-jScP5VL~@Fp z>gt>#yV5RoDxAui9QWk5zG|>@g;No7s@xCW&s0Y?zf-83=gKi%S(4=Q>uyFV6w__l zG)tY|!_3i*9Np4%Z=T1O=Zl|=ewpPqJ)NOs{+~9cH|$YsJzlS6tO=mCGLb{$c%yOr z0>8%}2+1LlI741_d%V@}25D5Dn-3-~f5%fj%u<7-NgSO=j zS$2?9C|-B8=4wlqJa z`7xjTB{O+Xqap? zOtuZf7f5Uuey$Nc9QAv=(Wn^;d2FxWjD+HLarCP}c#Ll!M7QQmYLh#xuukdi_84_Q z>EiZWmZtP^Z`nRT)!a{bv^CwxEjBoAPy4tHcXL*uqV+n{!TpB~WVYNwnqVV%+|Uc32F z+8Is2Z6BwrW$v`jlhm&6V`&GKUT*Q{k1B)RrlX?fy0t5-)lB#BBX!E6WNw)Dd0 zO8S4l&2C2T(Q4NB)!Mw%cLUEF?goq7W63favlfIR0o#sRddRW7UQZ}wnh`VXc=TY< za7_P(lVx9}QuV~`XV}Ffhx)2vH+IJ$rK_vIwueuhrY*BokK1A`S5w^4i3Gy8h`OeL?cC7w%Z(`LarB-%Id#8J0YFkF_40T>|o7PiP zlRJ;BpN`gLiFLDTuCZ#a9f=y26HF|8Pt*zp>}c4wf+Mn2Wun3k#PH=X!{W}*8Y38 zcJXMD%*y2j28$12*4E1eHL1mwnsSJST)=Z`GdL{@%utLpVfTQ zM5BhT>lP=S6Saczy0^FY>&S4TX?>U2KxVqYjwdZB! zdUCxTdChR_3N3NQX-UmFgQWh~jeJW6*6Iwj)+92h?`PEav;C&W3|J8lU)uDb>Danu z*k(BF4F;p!huxFud({DxeU=&gMgT?jB1f|;wOBOjRB`YX{BBpae>*i@0=b@!;dk7d z8L?RTAnq9rE3}TX=dO{`2m}k1T)x{EjJ^#903gQslkD delta 2673 zcmWmG<#!eY7>057j?s)B4WqleyJ2+KO?P*XxPj3%y1Q$@=+UWQ3kIQBs3^9e;`M&` zU4OuR&U4NaeJM5~IyyFDS@y7(i4qlWw>+{|$jh0sLacxlY9+S9tRz-aE18wtN@1n6 zQdz03a4U_K)=Fokw=!56txQ&gmD$Q-Wwo+d*{vK_PAiv{+lsXESb42{R(`91RnRJA z6}F04MXh31ajS$?(kf+@w#ry#t#Vd*tAbV0s$^BRs#sO6YF2fthE>z5W!1LoSaq#> zR(-31)zE5WHMW{qO|52DbE}0FWwo?gS*@)$R$Hr`)!yo0b+kHJovkibSF4-V-RfcW zwAiPY)!XW0^|kt0{jCAkKx>dS*cxIDwT4;4tr6BpYm_zG8e@&M##!U73D!hwk~P_y zVokNCS<|fpk&DIuctF_JAZtbvkTDz>>)*frGwa?mb9k32shpfZa5$mXR%sOtx zStqQM)+sCAI&Gb?&RXZJ^VS9HqLpA>vMyU!tgF^F>$-Krx@q0AZd-S(yVhIQ+txkn zzV(jvuJxYvzV(6iq4kmVvGu@uXnkURYJFyXZauOdTTiT~))&^7)-&rX>uc*9>s#wP z>$&y4^@H`J^}_ne`q_GE{bK!U{bv1c{bBuS{bl`ay|P|g|5*Q8|5+B~TKjP#R@W7UfVL6;KhCP#INF71dB3HBb|^P#bkn7xhpd4bTvc&=^h7 z6wS~aEf9s4Xoc2jgSKdg_UM3)=!DMbg0AR>?&yJ@2=3ntz0n7K(GUGG00S`ygE0g{ zF$}{o0wXaBqcH|!F%IJ~0TVF^lQ9KTF%8o(1JRg?S(uGEFy>+&<|76Run>!|7)!7e z%di|Puo9~fi`7_zwOEJs*no}Lgw5E3t=NX`*nyqch27YLz1WBSIDmsVgu^(3qd11+ zh{Fk-#3{t%G|u2G&fz>R;35)m372sNS8)y3aRWDT3%79xckve9#y#A}J9roG;eC97 z5AhK`#sfUWC-@Yf;d4B~V?4oAe1R|V3}4}Ee1mWC9iHQR{D2?v0zctryu>f~6~Ezk z{DD957yia8yv9HH7ysc+NQ?rUKLQ9vVuT?Hk|G(BBLz|-6;dM{X^ArwXt6h$!uCvhrpLGgi|kCPot+&oe6*-J?EBtFn7 zbWM8gf4(&8S$u$;4(3cSXM;Hx%=ut01amQ%gkUZOb2*qR!CVa_L_NC}IMpm^AUrNn fnpWWn>1t;T*&cc_^2PZu(ljg~uIBYXi;({TEW`e8 diff --git a/docs/index.html b/docs/index.html index 9799aba6194..7fa4cc9eff4 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 7c6e04ba0395f0c422c9a82b8a92cdc4 + CVE-2024-2285 + 2024-03-08 03:15:06 + A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/member_edit.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-256052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 6167b027b24f8c5a5f2352a5b8463319 + CVE-2024-2284 + 2024-03-08 03:15:06 + A vulnerability classified as problematic was found in boyiddha Automated-Mess-Management-System 1.0. Affected by this vulnerability is an unknown functionality of the file /member/chat.php of the component Chat Book. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256051. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 4ec36acad042cdeab89908bb2f8454c6 + CVE-2024-2283 + 2024-03-08 02:15:51 + A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + bd7aaf80be8221bb44d4ce10993e4662 + CVE-2024-2282 + 2024-03-08 02:15:51 + A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + d23033babc2b5858785714891b4b3047 + CVE-2024-2281 + 2024-03-08 02:15:51 + A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 3357acad6c5a0cf612ff4bb1a264dbba + CVE-2024-26313 + 2024-03-08 02:15:50 + Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.13.P3 HF1 (6.13.0.3.1) is also a fixed release. + 详情 + + + + 22596440abc068e743867023bd60a72a + CVE-2024-26309 + 2024-03-08 02:15:50 + Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL. + 详情 + + + + 641478d1c36094ea083a4cc299fff4b9 + CVE-2024-25849 + 2024-03-08 02:15:50 + In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` . + 详情 + + + + b6904d65b01672cdff3000821bef896b + CVE-2024-25848 + 2024-03-08 02:15:50 + In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions. + 详情 + + + + df38e9c0681f8b7afca895a826be8b83 + CVE-2024-25845 + 2024-03-08 02:15:50 + In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions. + 详情 + + 0537b98aec6bbb0bab47810d126902ad CVE-2023-47691 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - a12e6709f2372fba2bedeb76e6ee98f1 - CVE-2024-27289 - 2024-03-06 19:15:08 - pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder. - 详情 - - - - 1bde3a0016dbe1bffed80582b4a87f29 - CVE-2024-2173 - 2024-03-06 19:15:08 - Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) - 详情 - - - - 881f070e95c767cf158ee51c5fb3fecc - CVE-2024-27288 - 2024-03-06 19:15:07 - 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds. - 详情 - - - - fa72333eeec3853c565bbd783727f727 - CVE-2024-27287 - 2024-03-06 19:15:07 - ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves unsanitized data with `Content-Type: text/html; charset=UTF-8`, allowing a remote authenticated user to inject arbitrary web script and exfiltrate session cookies via Cross-Site scripting. It is possible for a malicious authenticated user to inject arbitrary Javascript in configuration files using a POST request to the /edit endpoint, the configuration parameter allows to specify the file to write. To trigger the XSS vulnerability, the victim must visit the page` /edit?configuration=[xss file]`. Abusing this vulnerability a malicious actor could perform operations on the dashboard on the behalf of a logged user, access sensitive information, create, edit and delete configuration files and flash firmware on managed boards. In addition to this, cookies are not correctly secured, allowing the exfiltration of session cookie values. Version 2024.2.2 contains a patch for this issue. - 详情 - - - - 98af55805385d19566f4abc70c0dd3e6 - CVE-2024-25111 - 2024-03-06 19:15:07 - Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue. - 详情 - - - - 76fe749e528b0e0ba03347d2879ef0d0 - CVE-2024-25858 - 2024-03-05 21:15:09 - In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands. - 详情 - - - - c7582ee4f5d6421d0d4b5f101909241c - CVE-2024-2179 - 2024-03-05 21:15:09 - Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting. - 详情 - - - - c01f995d91e3d4add2ffe5dcf5720d77 - CVE-2024-25616 - 2024-03-05 21:15:08 - Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. - 详情 - - - - 4c64d1c8ff764f6a383dc6c3838eecd1 - CVE-2024-25615 - 2024-03-05 21:15:08 - An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. - 详情 - - - - d2ba4c9f567c010245c39bd0260ab3e7 - CVE-2024-25614 - 2024-03-05 21:15:08 - There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. - 详情 - -