Updated by Github Bot

EXP-Tools · Sep 26, 2023 · ac16689 · ac16689
1 parent db52788
commit ac16689
Show file tree

Hide file tree

Showing 3 changed files with 104 additions and 94 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -170,3 +170,13 @@ b2f60dc31292aa9f5768b2d439fda37a
 a0c275e58017500731ab01a930a918f1
 c1a94b28efbdab10aaddc13f2e04db9d
 78cf826dd92e31873c6a55c7bbf111f6
+044fab7c833f1af6ac82268c278d7418
+9099f6faf65efa1b0b03d8856001729c
+914c423b3981184918f21f7130d3b2dd
+abf3a808aa2d555cfc40ce6e4d098844
+2242db6a2a4918e7444006e4fc535290
+56215f4021883131f7443ce65cde8be9
+943f14db45f1a466c986b6657361354e
+b2d4f556197b32b1f590cd3be68fe722
+d1d35ab76cc6395d9356736c419bb8e3
+2bd870293df7cb86364e3875365c397d
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2023-09-25 14:27:27 -->
+<!-- RELEASE TIME : 2023-09-26 03:23:03 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>044fab7c833f1af6ac82268c278d7418</td>
+       <td>CVE-2023-43278</td>
+       <td>2023-09-25 23:15:00 <img src="imgs/new.gif" /></td>
+       <td>A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43278">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>9099f6faf65efa1b0b03d8856001729c</td>
+       <td>CVE-2023-38907</td>
+       <td>2023-09-25 23:15:00 <img src="imgs/new.gif" /></td>
+       <td>An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-38907">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>914c423b3981184918f21f7130d3b2dd</td>
+       <td>CVE-2023-43326</td>
+       <td>2023-09-25 22:15:00 <img src="imgs/new.gif" /></td>
+       <td>mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the change email function.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43326">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>abf3a808aa2d555cfc40ce6e4d098844</td>
+       <td>CVE-2023-4258</td>
+       <td>2023-09-25 22:15:00 <img src="imgs/new.gif" /></td>
+       <td>In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4258">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2242db6a2a4918e7444006e4fc535290</td>
+       <td>CVE-2023-5129</td>
+       <td>2023-09-25 21:15:00 <img src="imgs/new.gif" /></td>
+       <td>With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5129">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>56215f4021883131f7443ce65cde8be9</td>
+       <td>CVE-2023-43457</td>
+       <td>2023-09-25 21:15:00 <img src="imgs/new.gif" /></td>
+       <td>An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43457">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>943f14db45f1a466c986b6657361354e</td>
+       <td>CVE-2023-43132</td>
+       <td>2023-09-25 21:15:00 <img src="imgs/new.gif" /></td>
+       <td>szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43132">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b2d4f556197b32b1f590cd3be68fe722</td>
+       <td>CVE-2023-42753</td>
+       <td>2023-09-25 21:15:00 <img src="imgs/new.gif" /></td>
+       <td>An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-42753">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d1d35ab76cc6395d9356736c419bb8e3</td>
+       <td>CVE-2023-42426</td>
+       <td>2023-09-25 21:15:00 <img src="imgs/new.gif" /></td>
+       <td>Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-42426">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2bd870293df7cb86364e3875365c397d</td>
+       <td>CVE-2023-43644</td>
+       <td>2023-09-25 20:15:00 <img src="imgs/new.gif" /></td>
+       <td>Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43644">详情</a></td>
+      </tr>
+
       <tr>
        <td>adef21e65acb244b2799e2385716c9bb</td>
        <td>CVE-2023-39408</td>
@@ -366,31 +446,31 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>d32dfc62286f6b938d5550a5589c03f6</td>
        <td>CVE-2023-1636</td>
-       <td>2023-09-24 01:15:00 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 01:15:00</td>
        <td>A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-1636">详情</a></td>
       </tr>
 
       <tr>
        <td>d229a7b2b7b6b05f41c942379c1ff4ba</td>
        <td>CVE-2023-1633</td>
-       <td>2023-09-24 01:15:00 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 01:15:00</td>
        <td>A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-1633">详情</a></td>
       </tr>
 
       <tr>
        <td>7498bb8cf4748b8a3119620f2f638258</td>
        <td>CVE-2023-1625</td>
-       <td>2023-09-24 01:15:00 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 01:15:00</td>
        <td>An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-1625">详情</a></td>
       </tr>
 
       <tr>
        <td>202bb0781cf63935eec6506b9a66e2f5</td>
        <td>CVE-2023-1260</td>
-       <td>2023-09-24 01:15:00 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 01:15:00</td>
        <td>An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-1260">详情</a></td>
       </tr>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43468">详情</a></td>
       </tr>
 
-      <tr>
-       <td>479509c6cec2ebe99c21465cc2e109d7</td>
-       <td>CVE-2023-43338</td>
-       <td>2023-09-23 00:15:00</td>
-       <td>Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43338">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>217d19479cdd4cebcf6aba90e3666556</td>
-       <td>CVE-2023-43130</td>
-       <td>2023-09-22 23:15:00</td>
-       <td>D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43130">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b431992ad614cc5b635566a93079f335</td>
-       <td>CVE-2023-43129</td>
-       <td>2023-09-22 23:15:00</td>
-       <td>D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43129">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>32523e76dfb35ff3717db01e92fe3f86</td>
-       <td>CVE-2023-40989</td>
-       <td>2023-09-22 20:15:00</td>
-       <td>SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40989">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d90f474764947fd9018f2701b1edede4</td>
-       <td>CVE-2023-43270</td>
-       <td>2023-09-22 19:15:00</td>
-       <td>dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43270">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4be0e0b7dcbfa7985ab1e337bfafa4a2</td>
-       <td>CVE-2023-23364</td>
-       <td>2023-09-22 04:15:00</td>
-       <td>A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-23364">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>85e83fef12d37bec604f1f22ae863236</td>
-       <td>CVE-2023-23363</td>
-       <td>2023-09-22 04:15:00</td>
-       <td>A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-23363">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>02bd6c0b4a2f4cab127191f125adc7ea</td>
-       <td>CVE-2023-23362</td>
-       <td>2023-09-22 04:15:00</td>
-       <td>An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-23362">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b094359a59d899b3026cedd328a6b4fb</td>
-       <td>CVE-2023-31719</td>
-       <td>2023-09-22 00:15:00</td>
-       <td>FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-31719">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d61674902f7df9f3dcab43faf5c7e158</td>
-       <td>CVE-2023-31718</td>
-       <td>2023-09-22 00:15:00</td>
-       <td>FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-31718">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>
@@ -1798,71 +1798,71 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>74b0eb03f50864f3dd44180a489beced</td>
        <td>CVE-2023-41484</td>
-       <td>2023-09-24 20:05:55 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 20:05:55</td>
        <td>CIMG CIMG Vulnerability</td>
        <td><a target="_blank" href="https://redqueen.tj-un.com/IntelDetails.html?id=9a5ef54171fa437db3104263812d3697">详情</a></td>
       </tr>
 
       <tr>
        <td>8ac005f0435dc113a83e211f9805ecbe</td>
        <td>CVE-2023-43309</td>
-       <td>2023-09-24 20:05:55 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 20:05:55</td>
        <td>WEBMIN WEBMIN Vulnerability</td>
        <td><a target="_blank" href="https://redqueen.tj-un.com/IntelDetails.html?id=1840121775524e739be04f07e52b60b3">详情</a></td>
       </tr>
 
       <tr>
        <td>2fedecb3896fb2864b8d097bb90f045c</td>
        <td>CVE-2023-43566</td>
-       <td>2023-09-24 20:05:54 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 20:05:54</td>
        <td>JETBRAINS TEAMCITY Vulnerability</td>
        <td><a target="_blank" href="https://redqueen.tj-un.com/IntelDetails.html?id=e628b7b8ffed46dfb3d9271b8d905fa1">详情</a></td>
       </tr>
 
       <tr>
        <td>2cd39763fd442006789448e2b0b5de02</td>
        <td>CVE-2023-40932</td>
-       <td>2023-09-24 20:05:54 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 20:05:54</td>
        <td>NAGIOS NAGIOS_XI Vulnerability</td>
        <td><a target="_blank" href="https://redqueen.tj-un.com/IntelDetails.html?id=a385c116b7464c43a1ffeeb858b3fc2a">详情</a></td>
       </tr>
 
       <tr>
        <td>dea0e1ee0c25a268db1c23ed28fcb070</td>
        <td>CVE-2023-40933</td>
-       <td>2023-09-24 20:05:54 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 20:05:54</td>
        <td>NAGIOS NAGIOS_XI Vulnerability</td>
        <td><a target="_blank" href="https://redqueen.tj-un.com/IntelDetails.html?id=8a5909f63bfe43c5af25d24fcbf59f43">详情</a></td>
       </tr>
 
       <tr>
        <td>245db4f0aae4a90e41300dc1de227919</td>
        <td>CVE-2023-42793</td>
-       <td>2023-09-24 20:05:54 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 20:05:54</td>
        <td>JETBRAINS TEAMCITY Vulnerability</td>
        <td><a target="_blank" href="https://redqueen.tj-un.com/IntelDetails.html?id=838ba8a6fa29451bbf07639a20887b1c">详情</a></td>
       </tr>
 
       <tr>
        <td>b8dbf0441b6e52fa431ef5b6cb4e18d1</td>
        <td>CVE-2023-40619</td>
-       <td>2023-09-24 20:05:54 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 20:05:54</td>
        <td>PHPPGADMIN_PROJECT PHPPGADMIN Vulnerability</td>
        <td><a target="_blank" href="https://redqueen.tj-un.com/IntelDetails.html?id=3c445cba02914861a5b7a00133125fef">详情</a></td>
       </tr>
 
       <tr>
        <td>35a3d1f49cf06fd87a8a834247540a30</td>
        <td>CVE-2023-40931</td>
-       <td>2023-09-24 20:05:54 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 20:05:54</td>
        <td>NAGIOS NAGIOS_XI Vulnerability</td>
        <td><a target="_blank" href="https://redqueen.tj-un.com/IntelDetails.html?id=091353305c8f4a269ea54ff4e38b06c7">详情</a></td>
       </tr>
 
       <tr>
        <td>fa51e75b98e96e6c3c62b5e2be58af62</td>
        <td>CVE-2023-40934</td>
-       <td>2023-09-24 20:04:54 <img src="imgs/new.gif" /></td>
+       <td>2023-09-24 20:04:54</td>
        <td>NAGIOS NAGIOS_XI Vulnerability</td>
        <td><a target="_blank" href="https://redqueen.tj-un.com/IntelDetails.html?id=ddfdb79224474726a373b9483c7cd6a9">详情</a></td>
       </tr>