Updated by Github Bot

EXP-Tools · Apr 13, 2024 · 9d4c61c · 9d4c61c
1 parent cc99183
commit 9d4c61c
Show file tree

Hide file tree

Showing 4 changed files with 101 additions and 81 deletions.
diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat
@@ -111,3 +111,13 @@ e8c7132832b8c0457c9738cf22d54c39
 e2356450a8e3cea869f4ab9f384576f0
 5c646c0ff6db3301cd6604c10c94f479
 b8ac67ce43f7aed557d15eb9505552c9
+aa51b0f30e2c3691d842a8e2c66f4957
+6086b68aa48d324f3bbc4c53c2c723e7
+2b560c06437b96f3df4c593464e68589
+84e83374ff34c49bf7e90751a458c780
+643fddbc522c3912e57856e31dffa5ed
+895f1645c8892e4ee85005154416a193
+cc96f68cf2bfcf578d886579d983567f
+4550e052219e884aaa2d000778b46ec9
+c6fc0f1e11b594ee91e2af7ff115c3b6
+f8aa964dcb4956c9baacad51d77f32bc
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -114,3 +114,13 @@ f055ab7fbcada08b35fbb3cfaa461b47
 d6e69687d570799e00c72934be69ee83
 2294de2743ac043fbc4fa1e30c6c20f7
 19243d5e8ea0ce74eb09c5fc33114ec8
+ff20f9e131b02fcf47f054144fd32463
+4ccfcb06f80909959f881e16781b18bf
+835c1d006d96d491862095cc05b3d57f
+63babce91580538085ca1cf65a58d9af
+886a5a065150997c6a1672b5ef4e8f4b
+4e583a2247233ca8c909462f2a208012
+fa25e69baf68c9828ef342387ff593c6
+96f091e6f1eaaf18d3b11f8f9c7cd66c
+d060e0fe962b3d81454627d10fba89a5
+31ed67f1094c4ca8d945e256f6166b2c
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-04-13 03:20:07 -->
+<!-- RELEASE TIME : 2024-04-13 23:25:31 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>ff20f9e131b02fcf47f054144fd32463</td>
+       <td>CVE-2024-3739</td>
+       <td>2024-04-13 19:15:53 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3739">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4ccfcb06f80909959f881e16781b18bf</td>
+       <td>CVE-2024-3738</td>
+       <td>2024-04-13 18:15:07 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3738">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>835c1d006d96d491862095cc05b3d57f</td>
+       <td>CVE-2024-3737</td>
+       <td>2024-04-13 17:15:50 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3737">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>63babce91580538085ca1cf65a58d9af</td>
+       <td>CVE-2024-32487</td>
+       <td>2024-04-13 15:15:52 <img src="imgs/new.gif" /></td>
+       <td>less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32487">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>886a5a065150997c6a1672b5ef4e8f4b</td>
+       <td>CVE-2024-3736</td>
+       <td>2024-04-13 14:15:07 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3736">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4e583a2247233ca8c909462f2a208012</td>
+       <td>CVE-2024-3735</td>
+       <td>2024-04-13 13:15:46 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3735">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fa25e69baf68c9828ef342387ff593c6</td>
+       <td>CVE-2024-3721</td>
+       <td>2024-04-13 12:15:12 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3721">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>96f091e6f1eaaf18d3b11f8f9c7cd66c</td>
+       <td>CVE-2024-3720</td>
+       <td>2024-04-13 12:15:11 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260572.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3720">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d060e0fe962b3d81454627d10fba89a5</td>
+       <td>CVE-2024-26817</td>
+       <td>2024-04-13 12:15:11 <img src="imgs/new.gif" /></td>
+       <td>In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26817">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>31ed67f1094c4ca8d945e256f6166b2c</td>
+       <td>CVE-2024-3719</td>
+       <td>2024-04-13 11:15:46 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260571.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3719">详情</a></td>
+      </tr>
+
       <tr>
        <td>4fb231048c1f9f7ab953622d4993218e</td>
        <td>CVE-2024-3698</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32108">详情</a></td>
       </tr>
 
-      <tr>
-       <td>5b04a3e27db944229f192131fe1caf90</td>
-       <td>CVE-2024-31944</td>
-       <td>2024-04-10 18:15:08</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31944">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>cdbe7700995e9888a647e8c1ae7d9e5d</td>
-       <td>CVE-2024-31943</td>
-       <td>2024-04-10 18:15:08</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31943">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>fc6d41a82e26c8569cb87356890f3624</td>
-       <td>CVE-2024-31461</td>
-       <td>2024-04-10 18:15:07</td>
-       <td>Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31461">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6cca780c86ce5fa125cd1ce5392903e1</td>
-       <td>CVE-2024-31242</td>
-       <td>2024-04-10 18:15:07</td>
-       <td>Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31242">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b43b364de3a6ebb5359192440d49ef1e</td>
-       <td>CVE-2024-31230</td>
-       <td>2024-04-10 18:15:07</td>
-       <td>Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31230">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3a56c25d315675184cadfedd77c1ea2e</td>
-       <td>CVE-2024-31214</td>
-       <td>2024-04-10 18:15:07</td>
-       <td>Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it's not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31214">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3f471ecf5f8dd2e5b932d7c9366e7b60</td>
-       <td>CVE-2024-3570</td>
-       <td>2024-04-10 17:15:58</td>
-       <td>A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to perform actions on behalf of the user, such as creating a new admin account or changing the user's password, leading to a complete takeover of the AnythingLLM application. The vulnerability stems from the improper sanitization of user and ChatBot input, specifically through the use of `dangerouslySetInnerHTML`. Successful exploitation requires convincing an admin to add a malicious LocalAI ChatBot to their AnythingLLM instance.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3570">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c6c2b4de3819a8a9e164ce228bf5af3d</td>
-       <td>CVE-2024-3569</td>
-       <td>2024-04-10 17:15:58</td>
-       <td>A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3569">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>da3606d440a3a32031edd55a2aaf4665</td>
-       <td>CVE-2024-3568</td>
-       <td>2024-04-10 17:15:58</td>
-       <td>The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3568">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6514fc5e7e0ac13c0aa1d2fe4b25f166</td>
-       <td>CVE-2024-3388</td>
-       <td>2024-04-10 17:15:57</td>
-       <td>A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3388">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>