Updated by Github Bot

EXP-Tools · Dec 13, 2024 · 18fcccc · 18fcccc
1 parent 50ffbd9
commit 18fcccc
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -190,3 +190,13 @@ a391db25adf8c2cd2cc34bb4ea442274
 244f204acbee1ff428f99af6afe94fe3
 57dcc095861454525aa6f1b55d69d1e3
 5ffff2d21aa74e70384e62daeca48dd1
+c25a2ba2d3bed359741f69e4db5ca730
+b2370b33d7c90304933eaa0265322413
+70b0c874b65eb15736584d9223cbcc5a
+cc216ee3385a6efb3943afdc4f13811a
+60c21f6d930064addaba4e1846c23e18
+21f47697a5ce427001fb9ff687fd0a45
+03282aa37629779cf4a49f1c85ad5c2d
+174bfe7512da199b532e861da77a3173
+4abf3988708229d0b36d1e26a5592d66
+358ae56ec177d1253a16832e41ba3f2b
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-12-13 09:26:52 -->
+<!-- RELEASE TIME : 2024-12-13 15:27:02 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>c25a2ba2d3bed359741f69e4db5ca730</td>
+       <td>CVE-2024-55889</td>
+       <td>2024-12-13 14:15:22 <img src="imgs/new.gif" /></td>
+       <td>phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55889">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b2370b33d7c90304933eaa0265322413</td>
+       <td>CVE-2024-48008</td>
+       <td>2024-12-13 14:15:22 <img src="imgs/new.gif" /></td>
+       <td>Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48008">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>70b0c874b65eb15736584d9223cbcc5a</td>
+       <td>CVE-2024-48007</td>
+       <td>2024-12-13 14:15:22 <img src="imgs/new.gif" /></td>
+       <td>Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48007">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>cc216ee3385a6efb3943afdc4f13811a</td>
+       <td>CVE-2024-38488</td>
+       <td>2024-12-13 14:15:21 <img src="imgs/new.gif" /></td>
+       <td>Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. This allows attackers to brute-force the password of valid users in an automated manner.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38488">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>60c21f6d930064addaba4e1846c23e18</td>
+       <td>CVE-2024-22461</td>
+       <td>2024-12-13 14:15:21 <img src="imgs/new.gif" /></td>
+       <td>Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22461">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>21f47697a5ce427001fb9ff687fd0a45</td>
+       <td>CVE-2024-11986</td>
+       <td>2024-12-13 14:15:21 <img src="imgs/new.gif" /></td>
+       <td>Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11986">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>03282aa37629779cf4a49f1c85ad5c2d</td>
+       <td>CVE-2024-9608</td>
+       <td>2024-12-13 12:15:20 <img src="imgs/new.gif" /></td>
+       <td>The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Please note this is only exploitable when the WooCommerce store is set to Belgium.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9608">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>174bfe7512da199b532e861da77a3173</td>
+       <td>CVE-2024-21577</td>
+       <td>2024-12-13 12:15:19 <img src="imgs/new.gif" /></td>
+       <td>ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21577">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4abf3988708229d0b36d1e26a5592d66</td>
+       <td>CVE-2024-21576</td>
+       <td>2024-12-13 12:15:19 <img src="imgs/new.gif" /></td>
+       <td>ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects a crafted string into the node. This can result in executing arbitrary code on the server.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21576">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>358ae56ec177d1253a16832e41ba3f2b</td>
+       <td>CVE-2024-11827</td>
+       <td>2024-12-13 12:15:19 <img src="imgs/new.gif" /></td>
+       <td>The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootb_query shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11827">详情</a></td>
+      </tr>
+
       <tr>
        <td>a391db25adf8c2cd2cc34bb4ea442274</td>
        <td>CVE-2024-50584</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12004">详情</a></td>
       </tr>
 
-      <tr>
-       <td>d2e43fa313aa415391b77d249328ab28</td>
-       <td>CVE-2024-52538</td>
-       <td>2024-12-10 11:15:07</td>
-       <td>Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-52538">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c6e1f9f98ac196ca51e8071c0169b9de</td>
-       <td>CVE-2024-47977</td>
-       <td>2024-12-10 11:15:07</td>
-       <td>Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47977">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9b79e4358afdef94b4266d3358a87026</td>
-       <td>CVE-2024-47484</td>
-       <td>2024-12-10 11:15:07</td>
-       <td>Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47484">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>eceb8ef6b1c50bd1896800d51828bde0</td>
-       <td>CVE-2024-11928</td>
-       <td>2024-12-10 11:15:07</td>
-       <td>The iChart – Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11928">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4a305bc5b5943d641fa4718317dd7462</td>
-       <td>CVE-2024-11106</td>
-       <td>2024-12-10 11:15:07</td>
-       <td>The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11106">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>13cfc31ef5a2cca8f805cf306841c9bf</td>
-       <td>CVE-2024-10959</td>
-       <td>2024-12-10 11:15:05</td>
-       <td>The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via woot_get_smth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10959">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d3b8cbe49b15187fa474d7d5946de88b</td>
-       <td>CVE-2024-11973</td>
-       <td>2024-12-10 10:15:06</td>
-       <td>The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11973">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>5d1a7a39267d3ea7490c70cca06c5c59</td>
-       <td>CVE-2024-11945</td>
-       <td>2024-12-10 10:15:04</td>
-       <td>The Email Reminders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11945">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>86c91b9f953dddacd513b420b2cf4df7</td>
-       <td>CVE-2024-8256</td>
-       <td>2024-12-10 09:15:06</td>
-       <td>In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8256">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>213b18d34daa327137d4dd1a4b4228f7</td>
-       <td>CVE-2024-45709</td>
-       <td>2024-12-10 09:15:06</td>
-       <td>SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45709">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>