Updated by Github Bot

EXP-Tools · Sep 28, 2023 · f2f7837 · f2f7837
1 parent 4f06a69
commit f2f7837
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -190,3 +190,13 @@ af0a8b9ddc2ec226d9c40e6b963d3123
 1fb752e8abf33c31bd2b0595be0341a3
 49ae44d682e1640ec6faa637950432db
 1276656175991a04dc30804d7d5d3d67
+bd49c458aa5676b74d77c59df667daca
+060ebb790e855bc37933e65b3c4dbc0d
+cbb5a81fac5dcc23349eeb2d9caa2405
+ee971b3d0f69b61d5149b437f2b8612c
+18397e39e33564abd5cb1943c029510a
+f078dc504f2d31eacf03b6ae6c8bc4c8
+298da2c147a6612880bd5bcdbe6fb472
+08c7e55b988aba1789f7660db3b84325
+707a20db56c7379d72b9e38f3058d554
+3aa345f401b30d30a53bb28432bb7d6a
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2023-09-28 14:27:21 -->
+<!-- RELEASE TIME : 2023-09-28 19:18:40 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>bd49c458aa5676b74d77c59df667daca</td>
+       <td>CVE-2023-43884</td>
+       <td>2023-09-28 15:15:00 <img src="imgs/new.gif" /></td>
+       <td>A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43884">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>060ebb790e855bc37933e65b3c4dbc0d</td>
+       <td>CVE-2023-43879</td>
+       <td>2023-09-28 15:15:00 <img src="imgs/new.gif" /></td>
+       <td>Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43879">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>cbb5a81fac5dcc23349eeb2d9caa2405</td>
+       <td>CVE-2023-43878</td>
+       <td>2023-09-28 15:15:00 <img src="imgs/new.gif" /></td>
+       <td>Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43878">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ee971b3d0f69b61d5149b437f2b8612c</td>
+       <td>CVE-2023-43876</td>
+       <td>2023-09-28 15:15:00 <img src="imgs/new.gif" /></td>
+       <td>A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43876">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>18397e39e33564abd5cb1943c029510a</td>
+       <td>CVE-2023-5215</td>
+       <td>2023-09-28 14:15:00 <img src="imgs/new.gif" /></td>
+       <td>A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5215">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f078dc504f2d31eacf03b6ae6c8bc4c8</td>
+       <td>CVE-2023-43874</td>
+       <td>2023-09-28 14:15:00 <img src="imgs/new.gif" /></td>
+       <td>Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43874">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>298da2c147a6612880bd5bcdbe6fb472</td>
+       <td>CVE-2023-43873</td>
+       <td>2023-09-28 14:15:00 <img src="imgs/new.gif" /></td>
+       <td>A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43873">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>08c7e55b988aba1789f7660db3b84325</td>
+       <td>CVE-2023-43872</td>
+       <td>2023-09-28 14:15:00 <img src="imgs/new.gif" /></td>
+       <td>A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43872">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>707a20db56c7379d72b9e38f3058d554</td>
+       <td>CVE-2023-43871</td>
+       <td>2023-09-28 14:15:00 <img src="imgs/new.gif" /></td>
+       <td>A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43871">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3aa345f401b30d30a53bb28432bb7d6a</td>
+       <td>CVE-2023-43868</td>
+       <td>2023-09-28 14:15:00 <img src="imgs/new.gif" /></td>
+       <td>D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43868">详情</a></td>
+      </tr>
+
       <tr>
        <td>6ca126e0c0ef5582d3c8dc25fe70dfbf</td>
        <td>CVE-2023-43325</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-43644">详情</a></td>
       </tr>
 
-      <tr>
-       <td>adef21e65acb244b2799e2385716c9bb</td>
-       <td>CVE-2023-39408</td>
-       <td>2023-09-25 09:15:00</td>
-       <td>DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-39408">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>dacf6749ce99abed57535417068efd43</td>
-       <td>CVE-2023-39407</td>
-       <td>2023-09-25 09:15:00</td>
-       <td>The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-39407">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>df45022cf6671b189c9d623f3b96bf22</td>
-       <td>CVE-2015-6964</td>
-       <td>2023-09-25 05:15:00</td>
-       <td>MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC).</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2015-6964">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>623d7bd65a0f8568f396c63a1df26193</td>
-       <td>CVE-2023-5154</td>
-       <td>2023-09-25 03:15:00</td>
-       <td>** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. This vulnerability affects unknown code of the file /sysmanage/changelogo.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240250 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5154">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b2f60dc31292aa9f5768b2d439fda37a</td>
-       <td>CVE-2023-5153</td>
-       <td>2023-09-25 03:15:00</td>
-       <td>** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. This affects an unknown part of the file /Tool/querysql.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240249 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5153">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>57872237bd7c9101606e445879ba4499</td>
-       <td>CVE-2023-5152</td>
-       <td>2023-09-25 02:15:00</td>
-       <td>** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-8000 up to 20151231. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation of the argument sql leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240248. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5152">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>247ce7e005098dccd941c97106355d38</td>
-       <td>CVE-2023-5151</td>
-       <td>2023-09-25 02:15:00</td>
-       <td>** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Affected by this vulnerability is an unknown functionality of the file /autheditpwd.php. The manipulation of the argument hid_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240247. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5151">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a0c275e58017500731ab01a930a918f1</td>
-       <td>CVE-2023-5150</td>
-       <td>2023-09-25 02:15:00</td>
-       <td>** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Affected is an unknown function of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240246 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5150">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c1a94b28efbdab10aaddc13f2e04db9d</td>
-       <td>CVE-2023-41872</td>
-       <td>2023-09-25 02:15:00</td>
-       <td>Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-41872">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>78cf826dd92e31873c6a55c7bbf111f6</td>
-       <td>CVE-2023-5149</td>
-       <td>2023-09-25 01:15:00</td>
-       <td>** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. It has been rated as critical. This issue affects some unknown processing of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240245 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-5149">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>