Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Feb 1, 2025
1 parent 5b14a3c commit a73cb08
Show file tree
Hide file tree
Showing 3 changed files with 98 additions and 88 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,3 +114,13 @@ a0a7c19f733f786176413f8cf2bea7bc
8b0b380dae9f3b28db8a8fe16767bda6
82f85f797f073500d6950d8f8e4d2ced
8e4061e3c33c867ce93d04e071e1b404
6c800609d73f2b8ea7214be0a097dab5
62cded9e858c3b6164a70396845273f3
7f567785f638e82a8bba48e274088d86
30738749f23597996b5a3f4467527c7e
c4383abf4c58ae39dcd8cade9939aae8
6a142478f304a216caad26f78d887345
dc9e557bec64eb9fcc0fa194f30e0bc3
263ee1ea73719e224676bb7253ef9239
d408ba5217723d7af23d1fce3e1a1f1a
097e957494221472f3e50804814481bf
Binary file modified data/cves.db
View file
Binary file not shown.
176 changes: 88 additions & 88 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2025-01-31 07:24:28 -->
<!-- RELEASE TIME : 2025-02-01 05:28:04 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -284,6 +284,86 @@ <h2><a href="https://www.aabyss.cn" target="_blank">渊龙Sec安全团队</a> |
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>6c800609d73f2b8ea7214be0a097dab5</td>
<td>CVE-2025-24891</td>
<td>2025-01-31 23:15:08 <img src="imgs/new.gif" /></td>
<td>Dumb Drop is a file upload application. Users with permission to upload to the service are able to exploit a path traversal vulnerability to overwrite arbitrary system files. As the container runs as root by default, there is no limit to what can be overwritten. With this, it's possible to inject malicious payloads into files ran on schedule or upon certain service actions. As the service is not required to run with authentication enabled, this may permit wholly unprivileged users root access. Otherwise, anybody with a PIN.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-24891">详情</a></td>
</tr>

<tr>
<td>62cded9e858c3b6164a70396845273f3</td>
<td>CVE-2024-57587</td>
<td>2025-01-31 22:15:13 <img src="imgs/new.gif" /></td>
<td>EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are vulnerable to SQL Injection on the authentication portal.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-57587">详情</a></td>
</tr>

<tr>
<td>7f567785f638e82a8bba48e274088d86</td>
<td>CVE-2024-57435</td>
<td>2025-01-31 22:15:13 <img src="imgs/new.gif" /></td>
<td>In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-57435">详情</a></td>
</tr>

<tr>
<td>30738749f23597996b5a3f4467527c7e</td>
<td>CVE-2024-57434</td>
<td>2025-01-31 22:15:12 <img src="imgs/new.gif" /></td>
<td>macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control. The project imports users by default, and the test user is made a super administrator.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-57434">详情</a></td>
</tr>

<tr>
<td>c4383abf4c58ae39dcd8cade9939aae8</td>
<td>CVE-2024-57433</td>
<td>2025-01-31 22:15:12 <img src="imgs/new.gif" /></td>
<td>macrozheng mall-tiny 1.0.1 is vulnerable to Incorrect Access Control via the logout function. After a user logs out, their token is still available and fetches information in the logged-in state.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-57433">详情</a></td>
</tr>

<tr>
<td>6a142478f304a216caad26f78d887345</td>
<td>CVE-2024-55062</td>
<td>2025-01-31 22:15:10 <img src="imgs/new.gif" /></td>
<td>EasyVirt DCScope 8.6.0 and earlier and co2Scope 1.3.0 and earlier are vulnerable to Command injection.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55062">详情</a></td>
</tr>

<tr>
<td>dc9e557bec64eb9fcc0fa194f30e0bc3</td>
<td>CVE-2024-53357</td>
<td>2025-01-31 22:15:09 <img src="imgs/new.gif" /></td>
<td>In EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0, the AES encryption keys used to encrypt passwords are not stored securely.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53357">详情</a></td>
</tr>

<tr>
<td>263ee1ea73719e224676bb7253ef9239</td>
<td>CVE-2024-53356</td>
<td>2025-01-31 22:15:09 <img src="imgs/new.gif" /></td>
<td>EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to privilege escalation as the password token suffers from weak encryption making it possible to brute-force the password token.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53356">详情</a></td>
</tr>

<tr>
<td>d408ba5217723d7af23d1fce3e1a1f1a</td>
<td>CVE-2024-53355</td>
<td>2025-01-31 22:15:09 <img src="imgs/new.gif" /></td>
<td>EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to Incorrect Access Control. This vulnerability allows the api to be used to create/modify/delete information about aliases (users) / users (groups) / roles.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53355">详情</a></td>
</tr>

<tr>
<td>097e957494221472f3e50804814481bf</td>
<td>CVE-2024-53354</td>
<td>2025-01-31 22:15:09 <img src="imgs/new.gif" /></td>
<td>EasyVirt DCScope <=8.6.0 and CO2Scope <=1.3.0 are vulnerable to SQL Injection.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53354">详情</a></td>
</tr>

<tr>
<td>e42edf805eaa450c4067c531163f6146</td>
<td>CVE-2025-0470</td>
Expand Down Expand Up @@ -367,55 +447,55 @@ <h2><a href="https://www.aabyss.cn" target="_blank">渊龙Sec安全团队</a> |
<tr>
<td>30c0a3d3b6b8732c931e0b96b0c57380</td>
<td>CVE-2024-40890</td>
<td>2025-01-30 03:25:19 <img src="imgs/new.gif" /></td>
<td>2025-01-30 03:25:19</td>
<td>CVE-2024-40890 is a command injection vulnerability in Zyxel CPE Series devices.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-40890">详情</a></td>
</tr>

<tr>
<td>49221e9c23a89ca33ef0f7ffcfeee8c1</td>
<td>CVE-2024-40891</td>
<td>2025-01-30 03:24:18 <img src="imgs/new.gif" /></td>
<td>2025-01-30 03:24:18</td>
<td>CVE-2024-40891 is a command injection vulnerability in Zyxel CPE Series devices.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-40891">详情</a></td>
</tr>

<tr>
<td>b407d19401f6d59b11e76574894e7167</td>
<td>CVE-2025-0849</td>
<td>2025-01-30 02:15:25 <img src="imgs/new.gif" /></td>
<td>2025-01-30 02:15:25</td>
<td>A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0849">详情</a></td>
</tr>

<tr>
<td>29015e5b04b662dbd0ce3de3ae3029b9</td>
<td>CVE-2025-0848</td>
<td>2025-01-30 02:15:25 <img src="imgs/new.gif" /></td>
<td>2025-01-30 02:15:25</td>
<td>A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0848">详情</a></td>
</tr>

<tr>
<td>4b9611b4d79a59bd63973bf1acaa25a4</td>
<td>CVE-2025-0847</td>
<td>2025-01-30 02:15:25 <img src="imgs/new.gif" /></td>
<td>2025-01-30 02:15:25</td>
<td>A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0847">详情</a></td>
</tr>

<tr>
<td>b5abcd9b15a5edc6e22684ea55b53dc2</td>
<td>CVE-2025-0846</td>
<td>2025-01-30 01:15:13 <img src="imgs/new.gif" /></td>
<td>2025-01-30 01:15:13</td>
<td>A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0846">详情</a></td>
</tr>

<tr>
<td>de7aef2947c495ce7f45139faab7f95d</td>
<td>CVE-2025-0844</td>
<td>2025-01-30 00:15:41 <img src="imgs/new.gif" /></td>
<td>2025-01-30 00:15:41</td>
<td>A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the argument firstname/lastname/email/borrow/user_address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0844">详情</a></td>
</tr>
Expand Down Expand Up @@ -444,86 +524,6 @@ <h2><a href="https://www.aabyss.cn" target="_blank">渊龙Sec安全团队</a> |
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0843">详情</a></td>
</tr>

<tr>
<td>856c3ca15973caa717daf768a0f8a742</td>
<td>CVE-2025-0804</td>
<td>2025-01-29 04:15:07</td>
<td>The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via link titles in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0804">详情</a></td>
</tr>

<tr>
<td>4af6d507a357aba03f51840ed247a0ee</td>
<td>CVE-2025-0806</td>
<td>2025-01-29 03:15:06</td>
<td>A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as problematic. This issue affects some unknown processing of the file _call_job_search_ajax.php. The manipulation of the argument job_type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0806">详情</a></td>
</tr>

<tr>
<td>4b4f80214beb48a3c35c5b8e1f6d7659</td>
<td>CVE-2024-11932</td>
<td>2025-01-29 02:31:28</td>
<td>A path traversal vulnerability exists in DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possible to overwrite files outside of the intended directory. A threat actor with admin privileges could leverage this vulnerability to overwrite reports including user projects.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11932">详情</a></td>
</tr>

<tr>
<td>1133fbdf2006dc02316c2c0536d2d969</td>
<td>CVE-2025-23362</td>
<td>2025-01-29 02:15:27</td>
<td>The old versions of EXIF Viewer Classic contain a cross-site scripting vulnerability caused by improper handling of EXIF meta data. When an image is rendered and crafted EXIF meta data is processed, an arbitrary script may be executed on the web browser. Versions 2.3.2 and 2.4.0 were reported as vulnerable. According to the vendor, the product has been refactored after those old versions and the version 3.0.1 is not vulnerable.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-23362">详情</a></td>
</tr>

<tr>
<td>eabc19a20019ceace8777d8b1a770d0a</td>
<td>CVE-2025-0803</td>
<td>2025-01-29 02:15:27</td>
<td>A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/submit_plan_new.php. The manipulation of the argument planid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0803">详情</a></td>
</tr>

<tr>
<td>6f3fc8b46b03391a55db05f7d350bbb5</td>
<td>CVE-2025-0802</td>
<td>2025-01-29 02:15:27</td>
<td>A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of the component Administrative Endpoint. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0802">详情</a></td>
</tr>

<tr>
<td>5807526c9e99bd2d11adf5abaaee4b63</td>
<td>CVE-2025-0800</td>
<td>2025-01-29 02:15:27</td>
<td>A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0800">详情</a></td>
</tr>

<tr>
<td>fded201bcf219bdaf4aecf401735af6d</td>
<td>CVE-2025-0798</td>
<td>2025-01-29 02:15:27</td>
<td>A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. This issue affects some unknown processing of the file rtscanner of the component Quarantine Handler. The manipulation leads to os command injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0798">详情</a></td>
</tr>

<tr>
<td>33de359577b3ab583960d88126ea8f84</td>
<td>CVE-2025-0797</td>
<td>2025-01-29 02:15:27</td>
<td>A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0797">详情</a></td>
</tr>

<tr>
<td>10ad35a68890b2f69aa88d9d7bb8e5dc</td>
<td>CVE-2025-0795</td>
<td>2025-01-29 02:15:26</td>
<td>A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0795">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit a73cb08

Please sign in to comment.