diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 870314c9dd1..97c153349d0 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -154,3 +154,13 @@ b02058d761aa2e3a3a78c23605ff1eef 3b837e21b553479f7d66d01115d96d5d 6c2b7e1809071b6cf3decfef471d04bf bbaef98426239e727c0ae093a44436f7 +e7f53adefe4999f333c7e15140f10b6f +480b41aac35d99925d77d84a5f3334a2 +771a638d9c0a62768b369e6a362644c6 +0d44d2689795c3368800520a647ff95c +1a24fe83c1941cb763334dee4d3df757 +cc9c0dc2c9996b7e5a416a7f21ddc2e1 +56ab2280c7ba7661959f3863c87da6f2 +32c5b6b2393dee7dfd409c172a7ea7a8 +90d2f49bde0977a81c28ec340282b0bc +25ef9fc26ed31e33e0fb7fc58bcced03 diff --git a/data/cves.db b/data/cves.db index 4aab1b0ac47..60ad1b19256 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 8106c36f38d..f88d14ada71 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + e7f53adefe4999f333c7e15140f10b6f + CVE-2024-7692 + 2024-09-02 08:15:06 + The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. + 详情 + + + + 480b41aac35d99925d77d84a5f3334a2 + CVE-2024-7691 + 2024-09-02 08:15:06 + The Flaming Forms WordPress plugin through 1.0.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators. + 详情 + + + + 771a638d9c0a62768b369e6a362644c6 + CVE-2024-7690 + 2024-09-02 08:15:06 + The DN Popup WordPress plugin through 1.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack + 详情 + + + + 0d44d2689795c3368800520a647ff95c + CVE-2024-7354 + 2024-09-02 08:15:06 + The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin + 详情 + + + + 1a24fe83c1941cb763334dee4d3df757 + CVE-2024-8365 + 2024-09-02 05:15:17 + Vault Community Edition and Vault Enterprise experienced a regression where functionality that HMAC’d sensitive headers in the configured audit device, specifically client tokens and token accessors, was removed. This resulted in the plaintext values of client tokens and token accessors being stored in the audit log. This vulnerability, CVE-2024-8365, was fixed in Vault Community Edition and Vault Enterprise 1.17.5 and Vault Enterprise 1.16.9. + 详情 + + + + cc9c0dc2c9996b7e5a416a7f21ddc2e1 + CVE-2024-7871 + 2024-09-02 05:15:17 + SQL Injection in online dictionary function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the word parameter. + 详情 + + + + 56ab2280c7ba7661959f3863c87da6f2 + CVE-2024-45528 + 2024-09-02 05:15:17 + CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS. + 详情 + + + + 32c5b6b2393dee7dfd409c172a7ea7a8 + CVE-2024-45527 + 2024-09-02 05:15:17 + REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website. + 详情 + + + + 90d2f49bde0977a81c28ec340282b0bc + CVE-2024-43776 + 2024-09-02 05:15:17 + SQL Injection in mock exam function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the qlevel parameter. + 详情 + + + + 25ef9fc26ed31e33e0fb7fc58bcced03 + CVE-2024-43775 + 2024-09-02 05:15:17 + SQL Injection in search course titles function of Easytest Online Test Platform ver.24E01 and earlier allow remote authenticated users to execute arbitrary SQL commands via the search parameter. + 详情 + + 241827295878b1c3de31f448e48cbb51 CVE-2024-8368 @@ -302,7 +382,7 @@

眈眈探求 | + 2024-08-31 18:15:13 A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. 详情 @@ -310,7 +390,7 @@

眈眈探求 | + 2024-08-31 14:15:04 In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). [0] The scenario is 1. Thread A builds a skb with MSG_MORE and sets kcm->seq_skb. 2. Thread A resumes building skb from kcm->seq_skb but is blocked by sk_stream_wait_memory() 3. Thread B calls sendmsg() concurrently, finishes building kcm->seq_skb and puts the skb to the write queue 4. Thread A faces an error and finally frees skb that is already in the write queue 5. kcm_release() does double-free the skb in the write queue When a thread is building a MSG_MORE skb, another thread must not touch it. Let's add a per-sk mutex and serialise kcm_sendmsg(). [0]: BUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline] BUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline] BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 Read of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167 CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x178/0x518 mm/kasan/report.c:488 kasan_report+0xd8/0x138 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 __skb_unlink include/linux/skbuff.h:2366 [inline] __skb_dequeue include/linux/skbuff.h:2385 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] __skb_queue_purge include/linux/skbuff.h:3181 [inline] kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 __sock_release net/socket.c:659 [inline] sock_close+0xa4/0x1e8 net/socket.c:1421 __fput+0x30c/0x738 fs/file_table.c:376 ____fput+0x20/0x30 fs/file_table.c:404 task_work_run+0x230/0x2e0 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x618/0x1f64 kernel/exit.c:871 do_group_exit+0x194/0x22c kernel/exit.c:1020 get_signal+0x1500/0x15ec kernel/signal.c:2893 do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Allocated by task 6166: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903 __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641 alloc_skb include/linux/skbuff.h:1296 [inline] kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x220/0x2c0 net/socket.c:768 splice_to_socket+0x7cc/0xd58 fs/splice.c:889 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0xec/0x1d8 fs/splice.c:1164 splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108 do_splice_direct_actor ---truncated--- 详情 @@ -318,7 +398,7 @@

眈眈探求 | + 2024-08-31 10:15:04 The Web Application Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1.2. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in. 详情 @@ -326,7 +406,7 @@

眈眈探求 | + 2024-08-31 09:15:07 The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alignment' parameter in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -334,7 +414,7 @@

眈眈探求 | + 2024-08-31 09:15:07 The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 详情 @@ -342,7 +422,7 @@

眈眈探求 | + 2024-08-31 09:15:06 NVIDIA CUDA Toolkit contains a vulnerability in command 'cuobjdump' where a user may cause a crash or produce incorrect output by passing a malformed ELF file. A successful exploit of this vulnerability may lead to a limited denial of service or data tampering. 详情 @@ -350,7 +430,7 @@

眈眈探求 | + 2024-08-31 09:15:05 NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause an out-of-bound write by passing in a malformed ELF file. A successful exploit of this vulnerability may lead to code execution or denial of service. 详情 @@ -358,7 +438,7 @@

眈眈探求 | + 2024-08-31 09:15:05 NVIDIA CUDA Toolkit contains a vulnerability in command `cuobjdump` where a user may cause a crash by passing in a malformed ELF file. A successful exploit of this vulnerability may cause an out of bounds read in the unprivileged process memory which could lead to a limited denial of service. 详情 @@ -366,7 +446,7 @@

眈眈探求 | + 2024-08-31 08:15:04 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2024-08-31 07:40:02 Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. 详情 @@ -382,7 +462,7 @@

眈眈探求 | + 2024-08-31 07:15:03 In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink: Initialise extack before use in ACKs Add missing extack initialisation when ACKing BATCH_BEGIN and BATCH_END. 详情 @@ -390,7 +470,7 @@

眈眈探求 | + 2024-08-31 05:15:13 The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 详情 @@ -398,7 +478,7 @@

眈眈探求 | + 2024-08-31 05:15:13 The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_check_envato_code function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 详情 @@ -406,7 +486,7 @@

眈眈探求 | + 2024-08-31 03:15:03 The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 详情 @@ -414,7 +494,7 @@

眈眈探求 | + 2024-08-31 02:15:12 IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. 详情 @@ -422,7 +502,7 @@

眈眈探求 | + 2024-08-31 00:15:05 Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence. 详情 @@ -430,7 +510,7 @@

眈眈探求 | + 2024-08-31 00:15:05 Cairo-Contracts are OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup. This vulnerability can lead to unauthorized ownership transfer, contrary to the original owner's intention of leaving the contract without an owner. It introduces a security risk where an unintended party (pending owner) can gain control of the contract after the original owner has renounced ownership. This could also be used by a malicious owner to simulate leaving a contract without an owner, to later regain ownership by previously having proposed himself as a pending owner. This issue has been addressed in release version 0.16.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. 详情 @@ -438,91 +518,11 @@

眈眈探求 | + 2024-08-31 00:15:05 In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400. 详情 - - 489ba602cc77ce257d145bec011a9e70 - CVE-2024-8319 - 2024-08-30 07:33:09 - The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields functions. This makes it possible for unauthenticated attackers to resend order status emails, update visitor/order details, edit check-in/out details, edit order status, perform bulk order status updates, remove room order IDs, and delete old review fields, respectively, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. - 详情 - - - - 27301d34a81376401edf262b1b1223f4 - CVE-2024-8016 - 2024-08-30 07:15:12 - The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely. In certain configurations, this can be exploitable by lower level users. We confirmed that this plugin installed with Elementor makes it possible for users with contributor-level access and above to exploit this issue. - 详情 - - - - 3b56b4785012fc035f088dc2f5a3e82d - CVE-2024-42412 - 2024-08-30 07:15:12 - Cross-site scripting vulnerability exists in WAB-I1750-PS and WAB-S1167-PS due to improper processing of input values in menu.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. - 详情 - - - - e4925f066a2af72374267b00e67d1348 - CVE-2024-39300 - 2024-08-30 07:15:11 - Missing authentication vulnerability exists in Telnet function of WAB-I1750-PS v1.5.10 and earlier. When Telnet function of the product is enabled, a remote attacker may login to the product without authentication and alter the product's settings. - 详情 - - - - f88c337fc12cc8f31b2f852a9f696e2a - CVE-2024-34577 - 2024-08-30 07:15:11 - Cross-site scripting vulnerability exists in WRC-X3000GS2-B, WRC-X3000GS2-W, and WRC-X3000GS2A-B due to improper processing of input values in easysetup.cgi. If a user views a malicious web page while logged in to the product, an arbitrary script may be executed on the user's web browser. - 详情 - - - - e699e3816cfba6f2fa0b7f987a1d2341 - CVE-2024-8333 - 2024-08-30 06:15:05 - Rejected reason: Test CVE - 详情 - - - - 2df67382b43bee1a8088579c94bc3407 - CVE-2024-3673 - 2024-08-30 06:15:05 - The Web Directory Free WordPress plugin before 1.7.3 does not validate a parameter before using it in an include(), which could lead to Local File Inclusion issues. - 详情 - - - - 89ff02c0a8cf88db2b22797dbe4cfcd6 - CVE-2024-5879 - 2024-08-30 05:15:12 - The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute of the HubSpot Meeting Widget in all versions up to, and including, 11.1.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 67b6cdc8def27a81c8c466593b5c1b74 - CVE-2024-3998 - 2024-08-30 05:15:12 - The Betheme theme for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's shortcodes in all versions up to, and including, 27.5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 49cb3ef41a4bc6e73e4c1b6e46a71183 - CVE-2024-2694 - 2024-08-30 05:15:12 - The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. - 详情 - -