Updated by Github Bot

EXP-Tools · Sep 22, 2023 · 9a81a7d · 9a81a7d
1 parent ac2cddd
commit 9a81a7d
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -135,3 +135,13 @@ f463a55fd8c986743d78c035e143b461
 71fb4e65038bc255edaf07dbec76bac5
 76bf447ee9f0afb2854c3a8ff53ccddb
 ab04749c9f3ddc0445a3f44a7398b9f9
+4be0e0b7dcbfa7985ab1e337bfafa4a2
+85e83fef12d37bec604f1f22ae863236
+02bd6c0b4a2f4cab127191f125adc7ea
+b094359a59d899b3026cedd328a6b4fb
+d61674902f7df9f3dcab43faf5c7e158
+b04cdb0f097c48d1eac2cbd53fe0d572
+8f1f92b6da330becdfc35a3f40969131
+7638136db8294d06fabb612b6f7e5ef5
+38d91b20db9454630cde5e699f0f1e1d
+a2a5785871a2aa0d27582585e383c5db
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2023-09-22 09:23:04 -->
+<!-- RELEASE TIME : 2023-09-22 12:40:17 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>4be0e0b7dcbfa7985ab1e337bfafa4a2</td>
+       <td>CVE-2023-23364</td>
+       <td>2023-09-22 04:15:00 <img src="imgs/new.gif" /></td>
+       <td>A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-23364">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>85e83fef12d37bec604f1f22ae863236</td>
+       <td>CVE-2023-23363</td>
+       <td>2023-09-22 04:15:00 <img src="imgs/new.gif" /></td>
+       <td>A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-23363">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>02bd6c0b4a2f4cab127191f125adc7ea</td>
+       <td>CVE-2023-23362</td>
+       <td>2023-09-22 04:15:00 <img src="imgs/new.gif" /></td>
+       <td>An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-23362">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b094359a59d899b3026cedd328a6b4fb</td>
+       <td>CVE-2023-31719</td>
+       <td>2023-09-22 00:15:00 <img src="imgs/new.gif" /></td>
+       <td>FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-31719">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d61674902f7df9f3dcab43faf5c7e158</td>
+       <td>CVE-2023-31718</td>
+       <td>2023-09-22 00:15:00 <img src="imgs/new.gif" /></td>
+       <td>FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-31718">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b04cdb0f097c48d1eac2cbd53fe0d572</td>
+       <td>CVE-2023-31717</td>
+       <td>2023-09-22 00:15:00 <img src="imgs/new.gif" /></td>
+       <td>A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-31717">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8f1f92b6da330becdfc35a3f40969131</td>
+       <td>CVE-2023-31716</td>
+       <td>2023-09-22 00:15:00 <img src="imgs/new.gif" /></td>
+       <td>FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-31716">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>7638136db8294d06fabb612b6f7e5ef5</td>
+       <td>CVE-2023-5068</td>
+       <td>2023-09-21 23:15:00 <img src="imgs/new.gif" /></td>
+       <td>Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5068">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>38d91b20db9454630cde5e699f0f1e1d</td>
+       <td>CVE-2023-4504</td>
+       <td>2023-09-21 23:15:00 <img src="imgs/new.gif" /></td>
+       <td>Due to failure in validating the length provided by an attacker-crafted PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4504">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a2a5785871a2aa0d27582585e383c5db</td>
+       <td>CVE-2023-43128</td>
+       <td>2023-09-21 23:15:00 <img src="imgs/new.gif" /></td>
+       <td>D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43128">详情</a></td>
+      </tr>
+
       <tr>
        <td>a41132e7a4615dffb9b1f344ad988e2f</td>
        <td>CVE-2023-42807</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-38876">详情</a></td>
       </tr>
 
-      <tr>
-       <td>5ddec74e1ec8fdf4a0c3a243f85acb01</td>
-       <td>CVE-2023-43377</td>
-       <td>2023-09-20 19:15:00</td>
-       <td>A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43377">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8d232916fa611389b5fbe6408ea2d019</td>
-       <td>CVE-2023-43376</td>
-       <td>2023-09-20 19:15:00</td>
-       <td>A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43376">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c429f67fc28b9c6ee2d952515cfca94e</td>
-       <td>CVE-2023-43375</td>
-       <td>2023-09-20 19:15:00</td>
-       <td>Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43375">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4c82fe0696154d0fa062de50317cbb70</td>
-       <td>CVE-2023-43374</td>
-       <td>2023-09-20 19:15:00</td>
-       <td>Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43374">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>06a60af972e4e4076a1e6197e407acdd</td>
-       <td>CVE-2023-43373</td>
-       <td>2023-09-20 19:15:00</td>
-       <td>Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43373">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>36fea47ad554c845ad86105dfda6d4bb</td>
-       <td>CVE-2023-43371</td>
-       <td>2023-09-20 19:15:00</td>
-       <td>Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43371">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>eabd76036824e6cdf2d145aa26b88993</td>
-       <td>CVE-2023-40368</td>
-       <td>2023-09-20 19:15:00</td>
-       <td>IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40368">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b00f898b6afb085b52edf91cc7604aac</td>
-       <td>CVE-2023-39041</td>
-       <td>2023-09-20 19:15:00</td>
-       <td>An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-39041">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>277a9acff14579c00cfc353e6f0fd6d5</td>
-       <td>CVE-2023-40619</td>
-       <td>2023-09-20 18:15:00</td>
-       <td>phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40619">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>522b82eaffebb2967bf05b47d036d542</td>
-       <td>CVE-2023-40618</td>
-       <td>2023-09-20 18:15:00</td>
-       <td>A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40618">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>