Updated by Github Bot

cache/Tenable (Nessus).dat

@@ -195,3 +195,13 @@ e371ae8081153373622a4c1da83d8d91
 f8f1da40666898eb18ebe4c5141ab23d
 900d9e6d3666aca080748ba36315a761
 87e37904095afdc0884b3cf167044b9f
+643cadcd50c3db65cd22ded45fc42f9a
+33dfd5072f6bb5bd58a6299bec3c3f2e
+f19e8ddcf6b7a28b4afb92c429bbe958
+08e4275f34d0b8d962a124767473b84c
+648c67a292bb29e1d9f1b71f04abfcd7
+6277d29876d3637162226b27f4c18b4c
+d7d33a3715b2d9bbb1acde3408362f93
+f2f6ab2363d428fd219b1aadaebc1898
+ce12b02db88d7193821f4ede2b5ecd7a
+47d84daaa39b3dde5033fa84b2844a91

docs/index.html

@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2023-10-24 05:25:48 -->
+<!-- RELEASE TIME : 2023-10-24 07:21:20 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>643cadcd50c3db65cd22ded45fc42f9a</td>
+       <td>CVE-2023-46059</td>
+       <td>2023-10-24 00:15:00 <img src="imgs/new.gif" /></td>
+       <td>Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-46059">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>33dfd5072f6bb5bd58a6299bec3c3f2e</td>
+       <td>CVE-2023-46058</td>
+       <td>2023-10-24 00:15:00 <img src="imgs/new.gif" /></td>
+       <td>Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-46058">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f19e8ddcf6b7a28b4afb92c429bbe958</td>
+       <td>CVE-2023-33517</td>
+       <td>2023-10-23 23:15:00 <img src="imgs/new.gif" /></td>
+       <td>carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-33517">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>08e4275f34d0b8d962a124767473b84c</td>
+       <td>CVE-2023-5633</td>
+       <td>2023-10-23 22:15:00 <img src="imgs/new.gif" /></td>
+       <td>The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5633">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>648c67a292bb29e1d9f1b71f04abfcd7</td>
+       <td>CVE-2023-45998</td>
+       <td>2023-10-23 22:15:00 <img src="imgs/new.gif" /></td>
+       <td>kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-45998">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6277d29876d3637162226b27f4c18b4c</td>
+       <td>CVE-2023-44760</td>
+       <td>2023-10-23 22:15:00 <img src="imgs/new.gif" /></td>
+       <td>Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-44760">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d7d33a3715b2d9bbb1acde3408362f93</td>
+       <td>CVE-2023-43358</td>
+       <td>2023-10-23 22:15:00 <img src="imgs/new.gif" /></td>
+       <td>Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43358">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f2f6ab2363d428fd219b1aadaebc1898</td>
+       <td>CVE-2023-45966</td>
+       <td>2023-10-23 21:15:00 <img src="imgs/new.gif" /></td>
+       <td>umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-45966">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ce12b02db88d7193821f4ede2b5ecd7a</td>
+       <td>CVE-2023-37636</td>
+       <td>2023-10-23 21:15:00 <img src="imgs/new.gif" /></td>
+       <td>A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-37636">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>47d84daaa39b3dde5033fa84b2844a91</td>
+       <td>CVE-2023-37635</td>
+       <td>2023-10-23 21:15:00 <img src="imgs/new.gif" /></td>
+       <td>UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-37635">详情</a></td>
+      </tr>
+
       <tr>
        <td>6ecaeafd86bf9975c1d15338f667a414</td>
        <td>CVE-2023-5702</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4939">详情</a></td>
       </tr>
 
-      <tr>
-       <td>024f671d550c6e97850520c1a4e6e647</td>
-       <td>CVE-2023-4635</td>
-       <td>2023-10-21 08:15:00</td>
-       <td>The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4635">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>cb9f52d9148f723f91c93ca4d1660902</td>
-       <td>CVE-2023-5684</td>
-       <td>2023-10-21 07:15:00</td>
-       <td>A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5684">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b6cee551dc2d5006dbdd8d2d58947f71</td>
-       <td>CVE-2023-46055</td>
-       <td>2023-10-21 07:15:00</td>
-       <td>An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-46055">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>32d6b23ebdc33275879e8baf2be4e982</td>
-       <td>CVE-2023-46054</td>
-       <td>2023-10-21 07:15:00</td>
-       <td>Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-46054">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ec1668b969d68de3621c83c38ded272a</td>
-       <td>CVE-2023-5683</td>
-       <td>2023-10-21 05:16:00</td>
-       <td>A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5683">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2ac428bf06e0ed751c5ff8a996b034fa</td>
-       <td>CVE-2023-5132</td>
-       <td>2023-10-21 02:15:00</td>
-       <td>The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5132">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>bf391a626505ec6ba66f934a69d68c93</td>
-       <td>CVE-2023-46003</td>
-       <td>2023-10-21 01:15:00</td>
-       <td>I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-46003">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>7db987cd1bafc03a3fead4ab6a9ff767</td>
-       <td>CVE-2023-34046</td>
-       <td>2023-10-20 09:15:00</td>
-       <td>VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-34046">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>04b968802b7c8748fbd87b5a8b993d01</td>
-       <td>CVE-2023-34044</td>
-       <td>2023-10-20 09:15:00</td>
-       <td>VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-34044">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ce86dd2f453122cdf85c00f46f7a9681</td>
-       <td>CVE-2023-5656</td>
-       <td>2023-10-20 08:15:00</td>
-       <td>The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. This vulnerability is the same as CVE-2023-5533 but was reintroduced in version 4.9.2.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5656">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>