diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index b3e45c3c34a..c39fa09a8a5 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -115,3 +115,13 @@ eabd76036824e6cdf2d145aa26b88993 b00f898b6afb085b52edf91cc7604aac 277a9acff14579c00cfc353e6f0fd6d5 522b82eaffebb2967bf05b47d036d542 +5bfb281162000bc06fb8845f130a5aca +d74b5416a0881c73da004fef45c81706 +5d80fd7b4c8ab58ae8ef3a165bcbb3eb +d95db5063ae1a2be65850c446dbb1ad9 +3e0c248244d5e75272200afcebb2723c +adddf53b2b55256cd2f6f97062acf70f +46e235bd34275c5684ca5c93de0e1788 +bb61ade7ebb7473f221ce36d67d277fb +5a01da8e91b3f73de98d354c27bba3ed +769890ec644884ddab6af48c3525d56e diff --git a/data/cves.db b/data/cves.db index d2cdc6e45fd..af6e61dc536 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index adf91261b94..3b7192003b2 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 5bfb281162000bc06fb8845f130a5aca + CVE-2023-43135 + 2023-09-20 22:15:00 + There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. + 详情 + + + + d74b5416a0881c73da004fef45c81706 + CVE-2023-39675 + 2023-09-20 22:15:00 + SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. + 详情 + + + + 5d80fd7b4c8ab58ae8ef3a165bcbb3eb + CVE-2023-37279 + 2023-09-20 22:15:00 + Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue. + 详情 + + + + d95db5063ae1a2be65850c446dbb1ad9 + CVE-2023-36234 + 2023-09-20 22:15:00 + Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. + 详情 + + + + 3e0c248244d5e75272200afcebb2723c + CVE-2023-36109 + 2023-09-20 22:15:00 + Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. + 详情 + + + + adddf53b2b55256cd2f6f97062acf70f + CVE-2023-34575 + 2023-09-20 22:15:00 + SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. + 详情 + + + + 46e235bd34275c5684ca5c93de0e1788 + CVE-2023-42322 + 2023-09-20 21:15:00 + Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. + 详情 + + + + bb61ade7ebb7473f221ce36d67d277fb + CVE-2023-42321 + 2023-09-20 21:15:00 + Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. + 详情 + + + + 5a01da8e91b3f73de98d354c27bba3ed + CVE-2023-39677 + 2023-09-20 21:15:00 + MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php. + 详情 + + + + 769890ec644884ddab6af48c3525d56e + CVE-2023-38876 + 2023-09-20 21:15:00 + A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'. + 详情 + + 5ddec74e1ec8fdf4a0c3a243f85acb01 CVE-2023-43377 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 0ecfbc2303e306322b0fad8ce1484d38 - CVE-2023-5030 - 2023-09-17 22:15:47 - A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLAN_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239872. - 详情 - - - - 65557e54573bb0fe6fd55b20b0cf6590 - CVE-2023-5029 - 2023-09-17 22:15:46 - A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871. - 详情 - - - - 6fa54b05a836af5e43d6d59b01193459 - CVE-2023-5027 - 2023-09-17 17:15:44 - A vulnerability classified as critical was found in SourceCodester Simple Membership System 1.0. Affected by this vulnerability is an unknown functionality of the file club_validator.php. The manipulation of the argument club leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239869 was assigned to this vulnerability. - 详情 - - - - 91b7935c2bbd506f8011d3226455faed - CVE-2023-5028 - 2023-09-17 11:15:07 - A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-239870 is the identifier assigned to this vulnerability. - 详情 - - - - 7bb623226ec3e2fc8ca56b00d2047011 - CVE-2023-5026 - 2023-09-17 10:15:07 - A vulnerability classified as problematic has been found in Tongda OA 11.10. Affected is an unknown function of the file /general/ipanel/menu_code.php?MENU_TYPE=FAV. The manipulation of the argument OA_SUB_WINDOW leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239868. - 详情 - - - - ae8e5e6a2b1158c355ae0b637eb57dbf - CVE-2023-5025 - 2023-09-17 07:15:10 - A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability. - 详情 - - - - 686a2aaadc1c9219d4899269a9ac3562 - CVE-2023-5024 - 2023-09-17 07:15:10 - A vulnerability was found in Planno 23.04.04. It has been classified as problematic. This affects an unknown part of the component Comment Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239865 was assigned to this vulnerability. - 详情 - - - - 880c45cb900ff32d101c49fb87536634 - CVE-2023-5023 - 2023-09-17 07:15:09 - A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239864. - 详情 - - - - 19c9f48348443624c320525d30175aaa - CVE-2023-5022 - 2023-09-17 06:15:07 - A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863. - 详情 - - - - c239442185948f47094cac55e5ba21d6 - CVE-2023-5021 - 2023-09-17 05:15:10 - A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It is possible to launch the attack remotely. VDB-239862 is the identifier assigned to this vulnerability. - 详情 - -