diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 2c72b83f293..51ce1df2f7f 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -145,3 +145,13 @@ b04cdb0f097c48d1eac2cbd53fe0d572 7638136db8294d06fabb612b6f7e5ef5 38d91b20db9454630cde5e699f0f1e1d a2a5785871a2aa0d27582585e383c5db +f075b0d36fb37b3bf9df72be90ccd8b2 +71d29572d22b90aca64e607709688ff2 +951fee3e47ca6d659477dfbe36b1ab4a +6850dfd4b5938b1f0e0cceafa5138060 +d70d1ee0b74600ed401dd2808901256d +479509c6cec2ebe99c21465cc2e109d7 +217d19479cdd4cebcf6aba90e3666556 +b431992ad614cc5b635566a93079f335 +32523e76dfb35ff3717db01e92fe3f86 +d90f474764947fd9018f2701b1edede4 diff --git a/data/cves.db b/data/cves.db index 8ea07a4641b..a9341eab4c5 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 90d74606529..f0dbee17b56 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -38,7 +38,7 @@

眈眈探求 | + 2023-09-21 08:28:11 CVE-2023-4998:GitLab 身份认证绕过漏洞通告 详情 @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + f075b0d36fb37b3bf9df72be90ccd8b2 + CVE-2023-5134 + 2023-09-23 08:15:00 + The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta. + 详情 + + + + 71d29572d22b90aca64e607709688ff2 + CVE-2023-5125 + 2023-09-23 05:15:00 + The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + 951fee3e47ca6d659477dfbe36b1ab4a + CVE-2023-43470 + 2023-09-23 00:15:00 + SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component. + 详情 + + + + 6850dfd4b5938b1f0e0cceafa5138060 + CVE-2023-43469 + 2023-09-23 00:15:00 + SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component. + 详情 + + + + d70d1ee0b74600ed401dd2808901256d + CVE-2023-43468 + 2023-09-23 00:15:00 + SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component. + 详情 + + + + 479509c6cec2ebe99c21465cc2e109d7 + CVE-2023-43338 + 2023-09-23 00:15:00 + Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. + 详情 + + + + 217d19479cdd4cebcf6aba90e3666556 + CVE-2023-43130 + 2023-09-22 23:15:00 + D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. + 详情 + + + + b431992ad614cc5b635566a93079f335 + CVE-2023-43129 + 2023-09-22 23:15:00 + D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. + 详情 + + + + 32523e76dfb35ff3717db01e92fe3f86 + CVE-2023-40989 + 2023-09-22 20:15:00 + SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. + 详情 + + + + d90f474764947fd9018f2701b1edede4 + CVE-2023-43270 + 2023-09-22 19:15:00 + dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. + 详情 + + 4be0e0b7dcbfa7985ab1e337bfafa4a2 CVE-2023-23364 @@ -342,7 +422,7 @@

眈眈探求 | + 2023-09-21 23:15:00 Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process. 详情 @@ -350,7 +430,7 @@

眈眈探求 | + 2023-09-21 23:15:00 Due to failure in validating the length provided by an attacker-crafted PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. 详情 @@ -358,7 +438,7 @@

眈眈探求 | + 2023-09-21 23:15:00 D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters. 详情 @@ -366,7 +446,7 @@

眈眈探求 | + 2023-09-21 17:15:00 Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app. 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2023-09-21 17:15:00 Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants. 详情 @@ -382,7 +462,7 @@

眈眈探求 | + 2023-09-21 17:15:00 quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases. 详情 @@ -390,7 +470,7 @@

眈眈探求 | + 2023-09-21 17:15:00 Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the "Add Documents, Images, and Files" permission is only assigned to trusted roles. By default, only the Manager has this permission. 详情 @@ -398,7 +478,7 @@

眈眈探求 | + 2023-09-21 17:15:00 SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method. 详情 @@ -406,7 +486,7 @@

眈眈探求 | + 2023-09-21 16:15:00 Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system. An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames. The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values. The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue. 详情 @@ -414,7 +494,7 @@

眈眈探求 | + 2023-09-21 15:15:00 plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache). 详情 @@ -422,7 +502,7 @@

眈眈探求 | + 2023-09-21 15:15:00 plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds. 详情 @@ -430,7 +510,7 @@

眈眈探求 | + 2023-09-21 15:15:00 DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds. 详情 @@ -438,91 +518,11 @@

眈眈探求 | + 2023-09-21 14:15:00 Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". This issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will always return "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byte randomly generated key with this key (by takeing 16bytes from each, see "mergeKeys"). This makes the key a lot weaker. This issue does not persist in devices that were initialized on/after version 7.10, but devices that were initialized before that and updated to a newer version still have this issue. Roll an update that enforces the full 32bytes key usage. 详情 - - 5bfb281162000bc06fb8845f130a5aca - CVE-2023-43135 - 2023-09-20 22:15:00 - There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. - 详情 - - - - d74b5416a0881c73da004fef45c81706 - CVE-2023-39675 - 2023-09-20 22:15:00 - SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. - 详情 - - - - 5d80fd7b4c8ab58ae8ef3a165bcbb3eb - CVE-2023-37279 - 2023-09-20 22:15:00 - Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue. - 详情 - - - - d95db5063ae1a2be65850c446dbb1ad9 - CVE-2023-36234 - 2023-09-20 22:15:00 - Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. - 详情 - - - - 3e0c248244d5e75272200afcebb2723c - CVE-2023-36109 - 2023-09-20 22:15:00 - Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. - 详情 - - - - adddf53b2b55256cd2f6f97062acf70f - CVE-2023-34575 - 2023-09-20 22:15:00 - SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. - 详情 - - - - 46e235bd34275c5684ca5c93de0e1788 - CVE-2023-42322 - 2023-09-20 21:15:00 - Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. - 详情 - - - - bb61ade7ebb7473f221ce36d67d277fb - CVE-2023-42321 - 2023-09-20 21:15:00 - Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. - 详情 - - - - 5a01da8e91b3f73de98d354c27bba3ed - CVE-2023-39677 - 2023-09-20 21:15:00 - MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php. - 详情 - - - - 769890ec644884ddab6af48c3525d56e - CVE-2023-38876 - 2023-09-20 21:15:00 - A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'. - 详情 - - @@ -1798,7 +1798,7 @@

眈眈探求 | + 2023-09-21 20:08:48 FORTINET FORTISIEM Vulnerability 详情 @@ -1806,7 +1806,7 @@

眈眈探求 | + 2023-09-21 20:08:48 FORTINET FORTIADC Vulnerability 详情 @@ -1814,7 +1814,7 @@

眈眈探求 | + 2023-09-21 20:08:48 FORTINET FORTIPRESENCE Vulnerability 详情 @@ -1822,7 +1822,7 @@

眈眈探求 | + 2023-09-21 20:08:48 FORTINET Multiple product Vulnerability 详情 @@ -1830,7 +1830,7 @@

眈眈探求 | + 2023-09-21 20:08:48 FORTINET FORTICLIENT_ENDPOINT_MANAGEMENT_SERVER Vulnerability 详情 @@ -1838,7 +1838,7 @@

眈眈探求 | + 2023-09-21 20:08:48 FORTINET FORTITESTER Vulnerability 详情 @@ -1846,7 +1846,7 @@

眈眈探求 | + 2023-09-21 20:08:47 FORTINET FORTIAP-U Vulnerability 详情 @@ -1854,7 +1854,7 @@

眈眈探求 | + 2023-09-21 20:08:47 FORTINET FORTIWEB Vulnerability 详情 @@ -1862,7 +1862,7 @@

眈眈探求 | + 2023-09-21 20:08:47 FORTINET Multiple product Vulnerability 详情 @@ -1870,7 +1870,7 @@

眈眈探求 | + 2023-09-21 20:08:47 FORTINET FORTITESTER Vulnerability 详情 @@ -2094,7 +2094,7 @@

眈眈探求 | + 2023-09-21 07:19:04 WordPress EmbedPress Plugin授权错误漏洞 详情 @@ -2102,7 +2102,7 @@

眈眈探求 | + 2023-09-21 07:19:04 JPCERT Coordination Center Special Interest Group Network for Analysis and Liais 详情 @@ -2110,7 +2110,7 @@

眈眈探求 | + 2023-09-21 07:19:04 Adobe Acrobat多款产品越界写入漏洞 详情 @@ -2118,7 +2118,7 @@

眈眈探求 | + 2023-09-21 07:19:04 Adobe Acrobat多款产品内存错误引用漏洞 详情 @@ -2126,7 +2126,7 @@

眈眈探求 | + 2023-09-21 07:19:04 Zoom Client SDK拒绝服务漏洞 详情 @@ -2134,7 +2134,7 @@

眈眈探求 | + 2023-09-21 07:19:04 Linux Kernel内存错误引用漏洞 详情 @@ -2142,7 +2142,7 @@

眈眈探求 | + 2023-09-21 07:19:04 SAMSUNG Mobile越界写入漏洞 详情 @@ -2150,7 +2150,7 @@

眈眈探求 | + 2023-09-21 07:19:04 Ubiquiti UniFi整数溢出漏洞 详情 @@ -2158,7 +2158,7 @@

眈眈探求 | + 2023-09-21 07:19:04 SAMSUNG Galaxy Store授权错误漏洞 详情 @@ -2166,7 +2166,7 @@

眈眈探求 | + 2023-09-21 07:19:04 Adobe Acrobat多款产品内存错误引用漏洞 详情 @@ -2174,7 +2174,7 @@

眈眈探求 | + 2023-09-21 07:19:04 OPPO Store app远程代码执行漏洞 详情 @@ -2182,7 +2182,7 @@

眈眈探求 | + 2023-09-21 07:19:04 Ivanti Avalanche路径遍历漏洞 详情 @@ -2190,7 +2190,7 @@

眈眈探求 | + 2023-09-21 07:19:04 Nextcloud user_oidc加密错误漏洞 详情 @@ -2198,7 +2198,7 @@

眈眈探求 | + 2023-09-21 07:19:04 Adobe Acrobat多款产品越界读取漏洞 详情 @@ -2206,7 +2206,7 @@

眈眈探求 | + 2023-09-21 07:19:04 Intel PROSet/Wireless WiFi Software输入验证错误漏洞 详情 @@ -2230,7 +2230,7 @@

眈眈探求 | + 2023-09-21 09:15:10 Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. 详情