From 31282b9d314a55c7a17d886caacc2f6212239170 Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Sun, 3 Nov 2024 18:30:15 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 ++ data/cves.db | Bin 49946624 -> 49958912 bytes docs/index.html | 216 ++++++++++++++++++------------------- 3 files changed, 118 insertions(+), 108 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 5aa17b76851..2ebdb71b5b3 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -192,3 +192,13 @@ c22e03872602304da545498b8d3939f2 b06ec221a52db3868c18beee39b7c236 831fa78956e8130155a0f47f6cd4e688 43a8a9ca06bb9794c18595f996da6d7e +2574508adf0842b5633e49e14c2148d0 +fe2e0827c1101a8cadc578827379d5ab +68a36067213470b487f2f2e69736adfa +7939ea4dec7bd387d5748274bd747d21 +81f8e1446fee3f35f2f4736cba6f2153 +44f01974c5741fe3206a0bf0a5b22df4 +b978cedf439fcf9ee234b39b6c5c4b72 +76006f70bcda5a96e240656e7a8e66ea +4a91da0c2f702235e251c2fbab1f21a8 +945b20b703ac613f633587fe4f8bc93c diff --git a/data/cves.db b/data/cves.db index a7641053bb3edbf6e4caf21b5866640c1572d49a..9a541d295e918497a65418770451574898f0132c 100644 GIT binary patch delta 5161 zcmciEXLJ*Q1DodqldQOPJw6;9g+Y^gd{$i`a!OOTn*_D82}jw83Y*&xdt)>axG*ikh>svLjb9Q+yj{gnGU%Zavx*{WF}-5WHzK4QUkdkG6(Vi zWG>`ENG;?c$it9FAoC#eAqyZ2AquhxvKX=i@+f2}>4S5E# z0`e?mCFD8C^N<%HFG5~|tb(kDybM_bc?Gf-@+xE<Lf(SB z4S5IhF62GPX2|=H4U=LcWF^f*gh%fgFW=1Nj#69po6~d&m!vA0fvfCm=sTPC|Z$oPwN& z`~vwE@*CuL$Uh)|Oc!mYXrxmDB~lV4QwlYtMwCiv)R>x3IyI#X%A_o6M$M@OwWMrn zMXjj~<SiWJJLfxo4^`M^Ai!PO{aV5KAJ%@X%@|= zt)W+FExk(X=rvkT8)zfFPH)gAdXwIwx9J^vm)@hz^gew+TWBk7qwVw|eMBGAC-f=p zpwDP0eNJD{msCf)=quVyduT81qy2P%4${|jhz`>cI!fQrxAYwyqwnbl`jL*)3Hpgn z($92?PSY>+EB!{l(?94BZMx_@{-jd^B~lV4QwlYtMwCiv)R>x3IyI#X%A_o6M$M@O zwWMrnMXjj~<SiWJJLfxo4^`M^Ai!PO{aV5KAJ%@X%@|=t)W+FExk(X=rvkT8)zfFPH)gAdXwIwx9J^vm)@hz^gew+TWBk7qwVw|eMBGA zC-f=ppwDP0eNJD{msCf)=quVyduT81qy2P%4${|jhz`>ceVrWDm(FguDPd`Y*q_(+ zjjNC9Qxj@uRd!FV&8i-i)vRDC>RR%rM^Tr>mnEo6pS@Fd|bIj#4Z(XoVtPJM{dj zp}b#e|NK0RG%?ch1t!m4K3mwJw7sP*<%t)rT< zbH3hG-9B@n-bg*1K3i|6s^_)Uu54LS79Ky=E|^$W5ia6;du+jkVtb-83LEM9YEZvt zw4{Wh%BaemZD?)OpzB&|cB(tyF!G(I!!T6O<_Gkas^@_WE$e@GhoI`Y=A?ds(`UM> z+M_NrUU4TAoh+~4GQCc(&t;fypEKz8`y#H0%k~C*rq>GB?%CYCbuzQ#m1^+}LpxV3 z8rDNkR|9W4uBRmotl*s7ctm$7N8?rc`D*2aH0?sQ^|vSV&T30&j((0B^z%1bP&t;I z)RPlq6{=pTb$Z9YHAuXIEVvwBcm)GZ474J)%XV^+LWbcqEPu!fhde$%zc76P zRnxDDmh)!;<2t)oz`9ne^$eA@vq3mq^)*r>!tGq zb>hK|*JPS7EuYuv^hUUoLSf5e1-!P)?eu!Qw$Jk0Ua!)wK6s|4#q;%MYEk$KJ$>Qm zhI(phZ>z#_ja?eG#wx9(P;adqk(1g0bw`sbJw@%>F^aopx3@(1sGiRr)2^>CPpvq0 zT2I#eXVzs9w^`cR4s_;VIE|_nsA~}~q^*gzRxsf6hwN~~Z3ZHtNWivTraNc`g5HoP zrzf-)wR>y+$WmM9&DWFEfW3KIzFIzagPyNN)b>NG z^lASg^Ok3G`Jef^s&Y}+Jf3f!i9E~gjyR2g&&|#6HX^p^a(XRiFygd4L6UgZp^?KdCLTm1de7R~I#l{{0B>8#2|U9)&W?M$?@{6@sjv*7kd zY}<^O9`+?Sn^Gufc_S`E?U}qu&q<6org43}S})bjSf;0{SUG9x0k-BY*#&>CCp6j) zjVY?MRZZFmy}qIx<;*^=m#3WRzN%*GsaW&9yDgji-y3hk@?33}+I{(2Ju%&98nKh3 zr<`bz=1f_i$-mkA^w_aUPU>9cLtU$Qu{})mumWx_lQZaZnpVhbm=U%D4_mSAj`)M2 z+Kta|ZIc-5!fNq+Lvz%(&*VaDa&g2`+u5OptEOxB=_wgw?TX5Rv1Ox*OG9O)(TXxv zb4w*l%~;k~oB5ZG=TX}#UtmXwck{Cz$@$A^Jug2n{VLRD$7+~1#GE$7a$5l-Y&k1oYL(dPX};~!)pAU*DvIssBu81qQ5GF-S2)V83jWTWUg;>VbXbvy s9g5mvN3^W0i_7V%ePbu(uD*ylh delta 2854 zcmWmG97BYCKtdLfa70L>2g|Wg~;jHjh1S_Hy$%<@6v7%bhtmsw@E2b68 zifzTQ;#%>n_*Mcdp_Rx=Y$dUhTFI>BRthVnmC8zOrLodl>8$it1}meL$;xbHv9em( ztn5|}E2ovq%5CMb@>=<<{8j<0pjF5!Y!$JJTE(p5Rtc-5Rmv)Dm9c)a%39^D@>T__ zqE*SNY*n$UTGg!TRt>ABRm-Yv)v@YY^{o0<1FNCc$ZBjgv6@=!)68mawXj-Rt*q8o z8>_9=&T4OUusT|utj<;!tE<(`>TdP0dRo1#-c}#0uhq}$Zw;^pT7#^?*6-F3Yp6BM z8g7lSY>l)=S);8n)>vztHQt(F{b5bCCRvlMDORvG)tY8aw`N!~ty$J=YmPP7nrF?o z7FY|dMb=_#iM7;PW-Yf?SSzhn)@o~wwboi^t+zH<8?8;&W^0SJ)!Jrlw{}=NtzFh` zYmc?p+Gp*z4p;}RL)KyIh;`IDW*xUqSSPJh)@kdEb=Ep(owqJn7p+UyW$TJ{)w*U~ zw{BQBty|V@>yCBTx@XLL@)G4 zAM`~(^v3`U#2^gD?-+ui7>3~(0b?XaVKl~IEXH9xCg2ZD#3W3{6a-@`reQi}U?yf^ zHs)Y1=3zb-U?CP^F_vH{mSH(oU?o;zHP&D))?qz1U?VnRGqzwWwqZMVU?+BAH}+sJ z_F+E`;2;j+Fpl6Tj^Q{?;3Q7rG|u2G&fz>R;36*JGOpk%uHiav;3jV2Htygq?%_Tj z;2|F2F`nQlp5ZxO;3Zz+HQwMY-r+qy;3GcaGrr&}zTrE5;3t0JPyB_y@elsRe<8;x zi1SAfLLoH5AS}WmJR%?>A|W!OAS$9EI$|IuVj(u-ATHt|J`x}y5+N~?ASsd|IZ_}c zQXw_cAT81%Ju)C8G9fdvAS<#VJ8~c=av?YJATRPEKMJ5A3ZXEHpeTx=I7*--N})8$ z;5U>-Ih02QR753IMio>=HB?6p)I=@RMjg~eJ=8}7G(;mbMiVqeVE<-ljuvQ%R%nej zXp44ej}GXFPUws-=!$OWjvnZVUg(WJ=!<^nj{z8nK^TnRF$6;~48t)3#z>69XpF&F zjKg?Lz#o{1Ntlc&2*y-Q!*tBROw7V;%)wmD!+b2jLM*~!EWuJN!*Z;^O02?atif8W z!+LDMMr^`nY{6D+!*=YzPVB;N?7?2_!+spVK^($i9Klf>!*QIzNu0uIoWWU~!+Bi5 zMO?yVT)|ab!*$%iP29q5+`(Pk!+ku!Lp;J`Ji${u!*jgAOT5DCpnZB1v~*(lL!ows z2t2O`B2Rh~G%VDNoF5BinYbtTO%Qn-$h$z^2l641kAZv& + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 2574508adf0842b5633e49e14c2148d0 + CVE-2024-10735 + 2024-11-03 14:15:13 + A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. + 详情 + + + + fe2e0827c1101a8cadc578827379d5ab + CVE-2024-10734 + 2024-11-03 13:15:03 + A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + 详情 + + + + 68a36067213470b487f2f2e69736adfa + CVE-2024-10733 + 2024-11-03 12:15:12 + A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + 详情 + + + + 7939ea4dec7bd387d5748274bd747d21 + CVE-2024-10732 + 2024-11-03 11:15:03 + A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /module/word_model/view/index.php. The manipulation of the argument query_str leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. + 详情 + + + + 81f8e1446fee3f35f2f4736cba6f2153 + CVE-2024-10731 + 2024-11-03 10:15:03 + A vulnerability, which was classified as critical, was found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/appcenter/check_seal.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + 详情 + + + + 44f01974c5741fe3206a0bf0a5b22df4 + CVE-2024-10730 + 2024-11-03 09:15:02 + A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6. This issue affects some unknown processing of the file /pda/appcenter/web_show.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + 详情 + + + + b978cedf439fcf9ee234b39b6c5c4b72 + CVE-2024-10702 + 2024-11-02 18:15:03 + A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. + 详情 + + + + 76006f70bcda5a96e240656e7a8e66ea + CVE-2024-10701 + 2024-11-02 18:15:03 + A vulnerability was found in PHPGurukul Car Rental Portal 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. + 详情 + + + + 4a91da0c2f702235e251c2fbab1f21a8 + CVE-2024-10700 + 2024-11-02 16:15:03 + A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "name" to be affected. But it must be assumed that a variety of other parameters is affected too. + 详情 + + + + 945b20b703ac613f633587fe4f8bc93c + CVE-2024-10699 + 2024-11-02 15:15:16 + A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. + 详情 + + 810b236c7472f36701e88d5d86356dec CVE-2024-10698 @@ -350,7 +430,7 @@

眈眈探求 | + 2024-11-01 22:15:03 The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing. Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers only using Okta Verify on platforms other than Windows, or only using FastPass are not affected. 详情 @@ -358,7 +438,7 @@

眈眈探求 | + 2024-11-01 21:15:14 The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1, visionOS 2.1, watchOS 11.1, tvOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. Parsing a maliciously crafted video file may lead to unexpected system termination. 详情 @@ -366,7 +446,7 @@

眈眈探求 | + 2024-11-01 14:15:07 Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies. 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2024-11-01 14:15:07 Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster. 详情 @@ -382,7 +462,7 @@

眈眈探求 | + 2024-11-01 14:15:06 An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack. 详情 @@ -390,7 +470,7 @@

眈眈探求 | + 2024-11-01 14:15:05 Access Control vulnerability in StylemixThemes MasterStudy LMS allows . This issue affects MasterStudy LMS: from n/a through 3.2.12. 详情 @@ -398,7 +478,7 @@

眈眈探求 | + 2024-11-01 14:15:05 A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. 详情 @@ -406,7 +486,7 @@

眈眈探求 | + 2024-11-01 12:15:03 A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, allowing for SQL injection. The `orderByClause` variable is constructed without server-side validation or sanitization, enabling an attacker to execute arbitrary SQL commands. Successful exploitation can lead to complete data loss, modification, or corruption. 详情 @@ -414,7 +494,7 @@

眈眈探求 | + 2024-11-01 12:15:03 A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. 详情 @@ -422,7 +502,7 @@

眈眈探求 | + 2024-11-01 11:15:12 The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. 详情 @@ -430,7 +510,7 @@

眈眈探求 | + 2024-11-01 10:15:05 IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server. 详情 @@ -438,91 +518,11 @@

眈眈探求 | + 2024-11-01 10:15:04 IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks. 详情 - - 1eb0b7e208880b927912bc94e8ef69eb - CVE-2024-51254 - 2024-10-31 14:15:06 - DrayTek Vigor3900 1.5.1.3 allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the sign_cacertificate function. - 详情 - - - - 64ba8cf3afa210f9422a27d06aa3a342 - CVE-2024-8934 - 2024-10-31 13:15:15 - A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed. - 详情 - - - - 65b540321c59e61f2c5f61c58fc42684 - CVE-2024-10454 - 2024-10-31 13:15:14 - Clickjacking vulnerability in Clibo Manager v1.1.9.12 in the '/public/login' directory, a login panel. This vulnerability occurs due to the absence of an X-Frame-Options server-side header. An attacker could overlay a transparent iframe to perform click hijacking on victims. - 详情 - - - - 6e183dfbcc96a09ce4151becc5387d4c - CVE-2024-49685 - 2024-10-31 10:15:05 - Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) allows Cross Site Request Forgery.This issue affects Custom Twitter Feeds (Tweets Widget): from n/a through 2.2.3. - 详情 - - - - 9216a99011b9fc85d9096112894f32e9 - CVE-2024-49674 - 2024-10-31 10:15:05 - Cross-Site Request Forgery (CSRF) vulnerability in Lukas Huser EKC Tournament Manager allows Upload a Web Shell to a Web Server.This issue affects EKC Tournament Manager: from n/a through 2.2.1. - 详情 - - - - 0ee667218f16d877c5875b5d8f336fd3 - CVE-2024-43984 - 2024-10-31 10:15:05 - Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher allows Code Injection.This issue affects Podlove Podcast Publisher: from n/a through 4.1.13. - 详情 - - - - d04f8ae6a9c643d7d3727416631a0c77 - CVE-2024-43933 - 2024-10-31 10:15:05 - Cross-Site Request Forgery (CSRF) vulnerability in WPMobile.App allows Stored XSS.This issue affects WPMobile.App: from n/a through 11.48. - 详情 - - - - 101ac11c3746251f040e0ee1f66f8e13 - CVE-2024-43930 - 2024-10-31 10:15:04 - Cross-Site Request Forgery (CSRF) vulnerability in eyecix JobSearch allows Cross Site Request Forgery.This issue affects JobSearch: from n/a through 2.5.3. - 详情 - - - - 5b373425d5a4ee0bbf496bb4f082367a - CVE-2024-43383 - 2024-10-31 10:15:04 - Deserialization of Untrusted Data vulnerability in Apache Lucene.Net.Replicator. This issue affects Apache Lucene.NET's Replicator library: from 4.8.0-beta00005 through 4.8.0-beta00016. An attacker that can intercept traffic between a replication client and server, or control the target replication node URL, can provide a specially-crafted JSON response that is deserialized as an attacker-provided exception type. This can result in remote code execution or other potential unauthorized access. Users are recommended to upgrade to version 4.8.0-beta00017, which fixes the issue. - 详情 - - - - 824945b5f225323b6a8d053345bae811 - CVE-2024-30149 - 2024-10-31 09:15:02 - HCL AppScan Source <= 10.6.0 does not properly validate a TLS/SSL certificate for an executable. - 详情 - - @@ -1982,7 +1982,7 @@

眈眈探求 | + 2024-11-01 03:33:47 WordPress plugin Ghost日志信息泄露漏洞 详情 @@ -1990,7 +1990,7 @@

眈眈探求 | + 2024-11-01 03:33:47 Phormer跨站脚本漏洞 详情 @@ -1998,7 +1998,7 @@

眈眈探求 | + 2024-11-01 03:33:47 Karma验证绕过漏洞 详情 @@ -2006,7 +2006,7 @@

眈眈探求 | + 2024-11-01 03:33:47 valtimo-frontend-libraries日志信息泄露漏洞 详情 @@ -2014,7 +2014,7 @@

眈眈探求 | + 2024-11-01 03:33:47 ZKsync Era转换错误漏洞 详情 @@ -2022,7 +2022,7 @@

眈眈探求 | + 2024-11-01 03:33:47 libxml2存储型跨站脚本漏洞 详情 @@ -2030,7 +2030,7 @@

眈眈探求 | + 2024-11-01 03:33:47 WordPress plugin Dynamics 365 Integration日志信息泄露漏洞 详情 @@ -2038,7 +2038,7 @@

眈眈探求 | + 2024-11-01 03:33:47 WordPress plugin WP Job Manager信息泄露漏洞 详情 @@ -2046,7 +2046,7 @@

眈眈探求 | + 2024-11-01 03:33:47 1Panel命令注入漏洞 详情 @@ -2054,7 +2054,7 @@

眈眈探求 | + 2024-11-01 03:33:47 Matrix日志信息泄露漏洞 详情 @@ -2062,7 +2062,7 @@

眈眈探求 | + 2024-11-01 03:33:47 FreeScout HTML注入漏洞 详情 @@ -2070,7 +2070,7 @@

眈眈探求 | + 2024-11-01 03:33:47 Nautobot跨站脚本漏洞 详情 @@ -2078,7 +2078,7 @@

眈眈探求 | + 2024-11-01 03:33:47 ZEIT Next.js环境问题漏洞 详情 @@ -2086,7 +2086,7 @@

眈眈探求 | + 2024-11-01 03:33:47 WordPress plugin Barcode Scanner with Inventory & Order Manager跨站请求伪造漏洞(CVE- 详情 @@ -2094,7 +2094,7 @@

眈眈探求 | + 2024-11-01 03:33:47 WordPress plugin Pk Favicon Manager代码问题漏洞( CVE-2024-34416) 详情