Updated by Github Bot

EXP-Tools · Oct 29, 2024 · 3ab498a · 3ab498a
1 parent b6bbaa8
commit 3ab498a
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -142,3 +142,13 @@ e630b890be515cade39ce51b6551910b
 bd0e21b4e3bb0cb7ffff1e0f63e4d3fd
 cd8c3092e9d37beebf9d8daf8d4ae2af
 57a556583e5968f3b07afdb1c1ea1ade
+f055dc827b8b2a4a55429e693addb3a4
+73f799be9ddb0d71f26462b6c403494c
+9b76e0e4ab4744fff1dfcb2c9867a6b0
+23dba8b8def9990ad29e6df9f13e9a0c
+b5f0eb3fe9d8292a366bcafa14eac51f
+dbc5283dd81076276118230e6bfa7433
+59ad7c81cb121c45c11913ba884870eb
+8f982272e8bf95b2d22fb51af0977404
+2d891d31ff285aa25329cf71f84b0284
+e1b34b624cf8d6d84e909554646fb31b
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-10-29 09:25:56 -->
+<!-- RELEASE TIME : 2024-10-29 15:26:37 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>f055dc827b8b2a4a55429e693addb3a4</td>
+       <td>CVE-2024-8396</td>
+       <td>2024-10-29 14:30:29 <img src="imgs/new.gif" /></td>
+       <td>The DJL package's untar function attempts to prevent path traversal by checking for relative path traversals but fails to account for absolute path traversals. An attacker can exploit this by creating a tarfile with absolute paths, leading to arbitrary file overwrite and potential remote code execution. This can have severe consequences, including unauthorized SSH access, web server exploitation, and availability impacts.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8396">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>73f799be9ddb0d71f26462b6c403494c</td>
+       <td>CVE-2024-9505</td>
+       <td>2024-10-29 14:15:08 <img src="imgs/new.gif" /></td>
+       <td>The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9505">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>9b76e0e4ab4744fff1dfcb2c9867a6b0</td>
+       <td>CVE-2024-51076</td>
+       <td>2024-10-29 14:15:08 <img src="imgs/new.gif" /></td>
+       <td>A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51076">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>23dba8b8def9990ad29e6df9f13e9a0c</td>
+       <td>CVE-2024-51075</td>
+       <td>2024-10-29 14:15:08 <img src="imgs/new.gif" /></td>
+       <td>A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51075">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b5f0eb3fe9d8292a366bcafa14eac51f</td>
+       <td>CVE-2024-49634</td>
+       <td>2024-10-29 14:15:07 <img src="imgs/new.gif" /></td>
+       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rimon Habib BP Member Type Manager allows Reflected XSS.This issue affects BP Member Type Manager: from n/a through 1.01.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-49634">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>dbc5283dd81076276118230e6bfa7433</td>
+       <td>CVE-2024-49632</td>
+       <td>2024-10-29 14:15:07 <img src="imgs/new.gif" /></td>
+       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coral Web Design CWD 3D Image Gallery allows Reflected XSS.This issue affects CWD 3D Image Gallery: from n/a through 1.0.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-49632">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>59ad7c81cb121c45c11913ba884870eb</td>
+       <td>CVE-2024-47640</td>
+       <td>2024-10-29 14:15:06 <img src="imgs/new.gif" /></td>
+       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47640">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8f982272e8bf95b2d22fb51af0977404</td>
+       <td>CVE-2024-10226</td>
+       <td>2024-10-29 14:15:06 <img src="imgs/new.gif" /></td>
+       <td>The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10226">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2d891d31ff285aa25329cf71f84b0284</td>
+       <td>CVE-2024-8309</td>
+       <td>2024-10-29 13:15:10 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8309">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>e1b34b624cf8d6d84e909554646fb31b</td>
+       <td>CVE-2024-8143</td>
+       <td>2024-10-29 13:15:10 <img src="imgs/new.gif" /></td>
+       <td>In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8143">详情</a></td>
+      </tr>
+
       <tr>
        <td>3a963cb4f7bb51d4286db8ed29aaa4dd</td>
        <td>CVE-2024-22065</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10433">详情</a></td>
       </tr>
 
-      <tr>
-       <td>44fd7285b1b6d4837d69bdd971556498</td>
-       <td>CVE-2024-10408</td>
-       <td>2024-10-27 02:00:06</td>
-       <td>A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10408">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>17f2da51516b97b3332d69ad7f1d9c49</td>
-       <td>CVE-2024-10407</td>
-       <td>2024-10-27 00:15:12</td>
-       <td>A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10407">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1380df092970ad56239d8cf45d1c0d7f</td>
-       <td>CVE-2024-10406</td>
-       <td>2024-10-26 22:15:02</td>
-       <td>A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_fuel.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10406">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d9719476d79694ee7d821c73d87e9b33</td>
-       <td>CVE-2020-26311</td>
-       <td>2024-10-26 21:15:14</td>
-       <td>Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no patches are available.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2020-26311">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>76b40fc2f8e3d8495d32dfc41385fdf5</td>
-       <td>CVE-2020-26310</td>
-       <td>2024-10-26 21:15:14</td>
-       <td>Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2020-26310">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>57e10eca9b11b2a371c510abf68e118c</td>
-       <td>CVE-2020-26309</td>
-       <td>2024-10-26 21:15:14</td>
-       <td>Validate.js provides a declarative way of validating javascript objects. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2020-26309">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>0d70122ce767cc3a2a440f17fabb942d</td>
-       <td>CVE-2020-26308</td>
-       <td>2024-10-26 21:15:14</td>
-       <td>Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2020-26308">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1f779862d0961669d55291ac270dbb69</td>
-       <td>CVE-2020-26307</td>
-       <td>2024-10-26 21:15:13</td>
-       <td>HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2020-26307">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>14316d4906d95d389ddf87c58462978c</td>
-       <td>CVE-2020-26306</td>
-       <td>2024-10-26 21:15:13</td>
-       <td>Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2020-26306">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>70106e00d2a08844b0f30fb62527aad1</td>
-       <td>CVE-2020-26305</td>
-       <td>2024-10-26 21:15:13</td>
-       <td>CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2020-26305">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>