From e2ceee9691b189c73e45e4bbefed45bd7fedb52b Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Tue, 15 Oct 2024 09:25:40 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Nsfocus.dat | 15 +++ data/cves.db | Bin 49668096 -> 49672192 bytes docs/index.html | 258 +++++++++++++++++++++++----------------------- 3 files changed, 144 insertions(+), 129 deletions(-) diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat index 8188182740a..58c3b88f2b3 100644 --- a/cache/Nsfocus.dat +++ b/cache/Nsfocus.dat @@ -158,3 +158,18 @@ ccfbb651bbd7839937f1371292aeff1e a353077bb5a317d0faac63594e1e3935 afb235f0d7e2d53d27a7fba2dd0f0af1 812b59306381706e8cf4f8ed1b4de2c0 +0f79ed38b341e499206c0863a9883493 +c0afe9242fe2ca1fa31658937a00c634 +88abd1c0bb60a355488f4e90efdebb72 +364242b1271f7b29a17a517dda80141d +51103e1cab4c4630b57fbe8f72261c1d +b82d4bb2ae59faaba835927ee9f110ca +ca8fa9434720e447f167e7f4dd931d94 +2e160cf06fd8749a059e2284c102914d +ecefabeb750e2e5a51cfb9c6d684c511 +573dcda375ff8f361a90e59dd7148e6e +a6b8b7fcda84e803d5ca6d0cc52d27d8 +ae4892edfb3b65f6c83e0cbbe7f4e646 +270e6383d722c89948c2247245359e2b +80f9027c242d7c9a67dc3db2abe8b2cb +138790472c2290c7a925d1a03073c0b4 diff --git a/data/cves.db b/data/cves.db index 2832e6ad36b2506e131eafdeeef77bf281c09c45..16525d200990392284c673671ce732b18587d158 100644 GIT binary patch delta 4580 zcma*pXLJ>~2%<)&?aqu1X;K74sttK&XJ#P=l9&V)D~moVHb4bb z)Wwb!3yO*u>>W{5Tq{;o?26s%{V$$dj2`d(@OwY(*|YzB+w9I+yRqAxO&hx{=uy0= zS+o9A7nTnwT9g%)B9(+nbCnh<#VRdTTB)>FDN!j^X`|9srA(!rN_&;7zuDm$v|q*AW3v&t?iyQ=h7*-fR7N?(=TRr;yyp|YpS zUMdwTd#m(UF;q+yOT|`kRFWzw6<5Vm@m2Ow*;i#hmHkx?P#K_dpvpj%K`Mh)hNuix zIY?!g%5aqtDkD`6RvD!-T4jvNAu3~44pkYaGG1kZ%0!h(Dw9tX6qIWsS;% zDvc^@RUT4#SmhCwM^zqEd0gcQl_yo6Qh8eC8I@;Mo>N(;^1RA=l^0ZARN0{NlFG{} zuc&NPc~vE^@|w!)DsQN~sq&V}+bWw>-cfm1nV4#8L)ig6f^37CjUn2f`4IF7)PI0{p6G^V1k{sGbm5g|qf(=Z*CI0jXiftjdA z4Qg>L>QIjc%))Uv9w%TnPQ*z#8K>Y>oQ65bVlGa{8Bm;wvv4-%;T)Wc^Kd>czYj7>D!}YiU%W)%a!p*n^x8gRe!0osL zcj7Lr#ND_Dt8g#w!~Ix|2e1YYq7iHH5FW-OcodJ}aXf)1@f4oMGk6xyVI7{wdc1%a zu>mjPWxRrocoliPhS%{1-o#sY8=LSB-o<-(A0OaDY{p0U7@uGZKE-GF9ADr|e1)&^ z4Zg)ze24Gx1AfF$_!+<8SNsFN70r_b*B=QqM++3AC0e01N>GY6Xp1tmLwjt84(NzZ z=!`Dtif-5*-LV6DpeK4^N9=@h?2KKoD|%x$^g&rjwkRWp2E|32G8O-ti$tIj~DPFHsB?^j90J`uOg4v@H*bWn|KRv zV-w!NyLb=p;{$w%&G-l(@Ks^>x-fiG7`{z3)-BqaxNx5?CCvsmYx7a- zS6cRLJ~y#0v3Jo~&E9I3>%b4(9tUK*^3knFckegeE}NJ%O~a1OFi1P0ld_F;(#@n} zFXLKP$_&kD^XkUUOLK!K4Xv;Y%c*dTT!+$|i#q4Vj$U5WCAVVe)PC@%3wzM=%B7DZm6uDRz9JoCb#gHiA7y=n^yjzJ#kyx&hDc57KO=G(e}I`9hsq# zPN$5(P9`1C%Q&%b#F;2gr(LVbHvRv4I>z&2A!&$r#cFv67WG%fjtX@t{*`nY0dO??$J ztgjAg>l=cGcu9xz)^sU#D*lihwk?^=_Sbx(goVu((=;-!A4j&AwjDEeeBUxsq2ZrTsa_^jdPEoI>tJ!i}Fx5DB!`8&9ZF`h) zN=r-DHfukv-MV%I%C0FZX*<2m3vK$8o?No3L+!gOny)hE4E(NmP}bG_c6`Bp*-m^x z)An57a9k_2EZ+#-z_*f-8E{5in@wrDD30ly$=pMWmlpL{GPhyB?n@d6&g__LZ1ab0 z&egK*EyTC7yJ^0CVfhP(%ri2+VYwk25V@frq}(X9qqG%pl+#w2Zn6}PnKI2G6{9Mv ztICIr7+2w?j8Wy|hE5t-e$a?H#GNE#qgr-n{LDJ@xZsUeKg;$5U(e0xkj9_ zJv-vggr4s^9`j|^PSQ^LvGrGRm}$5Idf4#Ze}0 zr&GyHD)j8w2-E4<<*28eRFkQvtYmWV^jSgm^jU+a2Mxo||%ui-}YQAk@s#6QGRN70snUKrt#GYYC$uLMoMi?fo$Z{jENz5@k%Ntl*J0q7} zKD($>ZtIW@l-3rrgH220{ZzJ#=GzoXhf+$qc0|T@lbMW{u~TNiwN3g_^8OE2ylmn9&fG*EiI0Z>P2ud6Xx7D1P53vH8s+=h&YEvsXdFT#47^O>J2q$0h#kkxm?^h# zETYJ_&B$+h|7?z~GbG?}l#iJ-F1N65b)r|(%^JJyxnLABt^SosdsgJ6xoqrDCJ54j b$GNxMIQBFAxP-x<*3Ng5|0DDJ`Gm9R=$rL59c8LO;S&MI$Juqs-Wtjbmu ztEyGas&3V=YFf3d+EyK_u2s*fZ#A$QT8*s6RuikK)y!&cwXoQyrPa!6ZMCu5TJ5a% zRtKx2)ye8?b+Niy-K_3b538ru%j#|QvHDv5tp3&jYoImA8f*=*hFZg{U#uW&xHZBW zX^paMjkd;EW36%4cx!?+(VApUwx(FY)>LbnHQkzF&9r7&v#mMSTx*^+-&$ZTv=&*5 zttHk{Ynip&T4AlUR#~g9HP%{doweTDU~RNES(~jb)>dnqwcXlb?X-4TyRALeUTdGV z-#TC&v<_K^ts~Y^>zH-iI$@o(PFbg|GuBz_oORy1U|qB>S(mLV)>Z48b=|sQ-L!65 zx2-$YUF)88-+Ev@v>sWHttZw~>zVc3dSSh^URkfLH`ZJ0o%P=OV12YcS)Z*h)>rGB z_1*em{j`3yezShJ{;>YE{<8kI{;~eG{u`&zlN1^Ogh5z@LwH0$L_|VlL_t(ULv+MI zOvFNL#6eudLwqDaLL@?BBtcRnLvo}*N~A(+q(NGwLwaODMr1-}WIt^6hToGLvfTqNt8lqltEdPLwQs{MN~p%R6$i#Lv_?ZP1Hhd)InX; zLwz(rLo`BTG(l4|Lvyr1$o?(S3a!xwZP54({R}?&AR-;t?L> z37+B^p5p~x;uT)w4c_7%-s1y4;uAjO3%=qTzT*de;#d5J-|+|j#9#Ou|KMNz7kZom zoIe5xgRlsP@Q8qjh=j<9f~bgw=!k)sh=tgQgSd!?_(*_+NQA^lf}}`>f~u&7>ZpO5sD;|7gSx1P`e=ZLXoSXSf~IJO=4gSC{ad0HTB8lxq8-|! z13ID;I-?7^q8qxS2YR9xdZQ2eq96KW00v?Z24e_@ViDtg zfQgud$(Vv*OvN-z#|+HGEX>9n%*8y+#{w+GA}q!dEX6V`#|o^(Dy+sDti?L4#|CV~ zCTzwQY{fQg#}4eoF6_o0?8QFp#{nF~AsogL9K|sl#|fOoDV)X`oW(hu#|2!(C0xc8 zT*Wn9#|_-XE!@T(+{HcI#{)dXBRs|vJjF9S#|yl~E4;=Vyv4h~LA?*Gm=bYBxL%<` zp4Y=sgWm_jhS?okH5HgzGwhT;Gv5cuhmd>>$)}Kf4#}60d=1IBkbDoxkHFzRGk*qx o3r7hXW<;ncZzA3bpES(wSiv=W26pERDisKQc*OOefnibq2M9D#S^xk5 diff --git a/docs/index.html b/docs/index.html index d749d130543..a7bff483786 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -366,7 +366,7 @@

眈眈探求 | + 2024-10-13 15:15:11 A vulnerability was found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this issue is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. 详情 @@ -374,7 +374,7 @@

眈眈探求 | + 2024-10-13 14:15:02 A vulnerability has been found in D-Link DIR-619L B1 2.06 and classified as critical. Affected by this vulnerability is the function formSetMuti of the file /goform/formSetMuti. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 详情 @@ -382,7 +382,7 @@

眈眈探求 | + 2024-10-13 13:15:10 A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime. 详情 @@ -390,7 +390,7 @@

眈眈探求 | + 2024-10-13 12:15:10 A vulnerability, which was classified as critical, was found in D-Link DIR-619L B1 2.06. Affected is the function formSetMACFilter of the file /goform/formSetMACFilter. The manipulation of the argument curTime leads to buffer overflow. The exploit has been disclosed to the public and may be used. 详情 @@ -398,7 +398,7 @@

眈眈探求 | + 2024-10-13 05:15:02 A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 详情 @@ -406,7 +406,7 @@

眈眈探求 | + 2024-10-13 04:15:02 A vulnerability, which was classified as problematic, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument Code leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. 详情 @@ -414,7 +414,7 @@

眈眈探求 | + 2024-10-13 03:15:02 A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. 详情 @@ -422,7 +422,7 @@

眈眈探求 | + 2024-10-13 02:15:15 A vulnerability classified as critical was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This vulnerability affects the function pictureUpload of the file /admin/File/pictureUpload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address. 详情 @@ -1979,6 +1979,126 @@

眈眈探求 | TITLE URL + + 0f79ed38b341e499206c0863a9883493 + CVE-2024-5901 + 2024-10-15 09:23:32 + WordPress SiteOrigin Widgets Bundle Plugin跨站脚本漏洞 + 详情 + + + + c0afe9242fe2ca1fa31658937a00c634 + CVE-2024-39010 + 2024-10-15 09:23:32 + chase-moskal snapstate原型污染漏洞 + 详情 + + + + 88abd1c0bb60a355488f4e90efdebb72 + CVE-2024-37281 + 2024-10-15 09:23:32 + Elastic Kibana不受控制的资源消耗漏洞 + 详情 + + + + 364242b1271f7b29a17a517dda80141d + CVE-2024-7127 + 2024-10-15 09:23:32 + Stackposts Social Marketing Tool跨站脚本漏洞 + 详情 + + + + 51103e1cab4c4630b57fbe8f72261c1d + CVE-2024-40827 + 2024-10-15 09:23:32 + Apple多款产品信息泄露漏洞 + 详情 + + + + b82d4bb2ae59faaba835927ee9f110ca + CVE-2024-39945 + 2024-10-15 09:23:32 + Dahua NVR输入验证错误漏洞 + 详情 + + + + ca8fa9434720e447f167e7f4dd931d94 + CVE-2024-39944 + 2024-10-15 09:23:32 + Dahua NVR输入验证错误漏洞 + 详情 + + + + 2e160cf06fd8749a059e2284c102914d + CVE-2024-39011 + 2024-10-15 09:23:32 + redoc原型污染漏洞 + 详情 + + + + ecefabeb750e2e5a51cfb9c6d684c511 + CVE-2024-39012 + 2024-10-15 09:23:32 + ais-ltd strategyen原型污染漏洞 + 详情 + + + + 573dcda375ff8f361a90e59dd7148e6e + CVE-2024-38983 + 2024-10-15 09:23:32 + mini-deep-assign原型污染漏洞 + 详情 + + + + a6b8b7fcda84e803d5ca6d0cc52d27d8 + CVE-2024-40828 + 2024-10-15 09:23:32 + Apple多款产品权限保留错误漏洞 + 详情 + + + + ae4892edfb3b65f6c83e0cbbe7f4e646 + CVE-2024-6255 + 2024-10-15 09:23:32 + ChuanhuChatGPT路径遍历漏洞 + 详情 + + + + 270e6383d722c89948c2247245359e2b + CVE-2024-41610 + 2024-10-15 09:23:32 + D-Link DIR-820LW REVB FIRMWARE硬编码凭据漏洞 + 详情 + + + + 80f9027c242d7c9a67dc3db2abe8b2cb + CVE-2024-41611 + 2024-10-15 09:23:32 + D-Link DIR-860L REVA FIRMWARE硬编码凭据漏洞 + 详情 + + + + 138790472c2290c7a925d1a03073c0b4 + CVE-2024-41915 + 2024-10-15 09:23:32 + Hewlett Packard Enterprise ClearPass Policy Manager SQL注入漏洞 + 详情 + + f974046c51a7a564f9323a044e4f0c70 CVE-2024-37858 @@ -2099,126 +2219,6 @@

眈眈探求 | 详情 - - a8221977bb56a2177eb286721c70a1ac - CVE-2024-7201 - 2024-10-12 12:38:53 - Simopro Technology WinMatrix3 Web package SQL注入漏洞 - 详情 - - - - 6086cece8fdff422e756065824d50788 - CVE-2024-5670 - 2024-10-12 12:38:53 - Softnext Mail SQR Expert and Mail Archiving Expert操作系统命令注入漏洞 - 详情 - - - - 927ac88b5f3fae9f490e5ba9addc538d - CVE-2024-42053 - 2024-10-12 12:38:53 - Splashtop Streamer for Windows默认权限错误漏洞 - 详情 - - - - 2be8c2cbb67a66e31f497be307cd3e07 - CVE-2024-42052 - 2024-10-12 12:38:53 - Splashtop Streamer for Windows权限管理错误漏洞 - 详情 - - - - 21ed7b6baef971485c77a475905581fd - CVE-2024-42051 - 2024-10-12 12:38:53 - Splashtop Streamer for Windows权限管理错误漏洞 - 详情 - - - - ffd440a4c366ad022a06f29d7ec93c9c - CVE-2024-42050 - 2024-10-12 12:38:53 - Splashtop Streamer for Windows权限管理错误漏洞 - 详情 - - - - 2fbede71c556afa408931f8bab996297 - CVE-2024-6520 - 2024-10-12 12:38:53 - WordPress Happy Addons for Elementor Plugin跨站脚本漏洞 - 详情 - - - - 2fd159234db806c80d8607fa8be19d46 - CVE-2024-7202 - 2024-10-12 12:38:53 - Simopro Technology WinMatrix3 Web package SQL注入漏洞 - 详情 - - - - 8b0034f5623be387cab3875d514a023c - CVE-2024-37381 - 2024-10-12 12:38:53 - Ivanti Endpoint Manager SQL注入漏洞 - 详情 - - - - 068bbcb4321b0f5f95496ced61e9c0ff - CVE-2024-41637 - 2024-10-12 12:38:53 - RaspAP命令注入漏洞 - 详情 - - - - b37cebfb4a4d77b48571bfceddbdee5f - CVE-2024-41139 - 2024-10-12 12:38:53 - SKYSEA Client View权限分配错误漏洞 - 详情 - - - - 5dc2a88ae2ded0963f831af5de5b69c4 - CVE-2024-41143 - 2024-10-12 12:38:53 - SKYSEA Client View来源验证错误漏洞 - 详情 - - - - ee851e213daf3c9e91ae689b5b397dfb - CVE-2024-41126 - 2024-10-12 12:38:53 - SKYSEA Client View路径遍历漏洞 - 详情 - - - - ada4d4565453aac21e40203a0d6aed34 - CVE-2024-41881 - 2024-10-12 12:38:53 - SDoP堆栈缓冲区溢出漏洞 - 详情 - - - - 9b951664ffe695ea7591b7c4cd4063f5 - CVE-2024-6124 - 2024-10-12 12:38:53 - M-Files Hubshare跨站脚本漏洞 - 详情 - -