From 3ab498a2f6012814632c1a8af4a97630fc73452f Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Tue, 29 Oct 2024 15:26:38 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 +++ data/cves.db | Bin 49893376 -> 49901568 bytes docs/index.html | 162 ++++++++++++++++++------------------- 3 files changed, 91 insertions(+), 81 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index a966321e6c0..26be43c9531 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -142,3 +142,13 @@ e630b890be515cade39ce51b6551910b bd0e21b4e3bb0cb7ffff1e0f63e4d3fd cd8c3092e9d37beebf9d8daf8d4ae2af 57a556583e5968f3b07afdb1c1ea1ade +f055dc827b8b2a4a55429e693addb3a4 +73f799be9ddb0d71f26462b6c403494c +9b76e0e4ab4744fff1dfcb2c9867a6b0 +23dba8b8def9990ad29e6df9f13e9a0c +b5f0eb3fe9d8292a366bcafa14eac51f +dbc5283dd81076276118230e6bfa7433 +59ad7c81cb121c45c11913ba884870eb +8f982272e8bf95b2d22fb51af0977404 +2d891d31ff285aa25329cf71f84b0284 +e1b34b624cf8d6d84e909554646fb31b diff --git a/data/cves.db b/data/cves.db index 9f76b368d8a262aa57aa254f129ce7cb724d32c1..5fbee3efc99c8a907b86b0b69a0ab26bed75f1ff 100644 GIT binary patch delta 6565 zcmeI#X>=6Twg+&!5)w!VV@LuCP#_S24Bgc;DD$YG%!nZDs;=sEL(<*!5D18jo5=xC zq;cYa;;aaYI14y|hyo%g5;34SAp(M+*L%J1UkU4q@2&OjUC;MEz5C&JR+8>IwfCug z>g>#2cOrLg&57I<`Ss;`^-7Z~7@n2MQ7m`a(fOg1Kk$9!ys;UCq>!sTWgk zranx4nffvHXBxmXkZBOpV5T8V*DzhnG?Zx=({)VOGYw}N!8DR-6w_#?F-&8b#xdQ% zG@j{3rU^_FnQmg5#59=+>!UJhOg<)^$zbv`l`#dFf=pAGrZSZ?RWOB^!b}mSX-rY3 z7*m`n!BojKooNPB71KBnHDfDWMZa8OpBS8FfCV|txw8`E~C9ZYX9y~*?z)7wn%Fzsa8#q=)IZl?E`_AtHA^a0aerhQENnLcDX z!1NK*L8e1YA2WTzbeQQ=rXx(%OrJ3wW%`_{hUpm7ai%YrzGOPV^cB=0aDWqB;06zPp*!?|tKe$r3B8~<^nt$65BkFZ z7zl%4Fbsif;93|8!{9o&9)`mR7zv|bG>n09q{8j`RE?ty#ZKDZwqfVCiC9ju23;UU-n55pty zC_Dy_!xQi%JOxj~MtBA`!De_Co`Ws$JZyy*;6-=|UWQlTRd@|vhi$MOcEB6(CcFi2 z!#l7OcEP)_8{UIG@IHJ1dto2!hY#TZd;|yK5PS@uz+w0ljzBeh21ns@sDWc}9KL`r z;RJjIU&A->Eqn(j;d?j*Kfq}?183n!I0xt9C%6C?;b-^-{sO2V4bLLr>@hy`c~Eg?`W< z2EafV1cPA+Tm#p_P#6Z+!Syg4M!-lI1*2gMjD>M<1B{0oVFFBqn_v=526O#Y(7*>e z7~qF82tW{~z*H!Q3J5_MA}|f25Q8`*pc1CT45)&cFbi&m*>DTYfw?db=EDM52n>s0 zF)V?lunca6+u(M%1D3-ISP6H+U9bx7hSiXSHE<8y3-`hO@Bpj@0qbBrJO~fL26z}A zfk)vncpRR9C*di08aBc+un9K9v+x{jf#+c>yZ|r4OYkzh0kdl&`m6~iHIkK`*>1wXd!zXuh zb@S!ft4>N7zBh+c=J10#oHmCu=5W>=el&-3=5XE|elmv(=5SHkmc8m{>CBTUO{J(v z@BNF^?uDi_e5llQ@fggWF|4?7(PaCg$&>w7r&ITN6u0Kl6xE?RoesroxV&~%Pey{r z3&g&{AEeY0uWNL`ko#XVRF0^=scM-~7?TsBxEhuHiI6WI42NVj9ycl?@t7PBCr{<= z&TFDo$-aQ$n;Hz2$^LLOd2Hl?yw)*UOT=Zr8Z0-zD62kS81tB)i)lG|mOL?kc|%JJ zv2IbGrD?K4Y|Tu^P5i-fBRQ|pwj817-72*fHCIKYjO1}XTR0&YlYMGP4ycue95X77 zs3H5pp_nl(VT61}tVj-qeB}w&a z@^CP&ni+}p)13%q_R~`=>Ag!7tKulOS&J2~Y;$zCTe~aX|KCfJ^eFdrOmh@_>|WQl zp#y)Bwlr*!g~Cp&H?Usj?uJ^rl=_r3ww`DvM=kc^g_)>rlwFqvE$j;p+^EnldUDrJ}tJ|fxT{fFXv0Dw7=2zXKCUd7$km~Td?4o_U=cIzQd{`RU zsb4s%mdoQ%Tm6k#uq-6^8`od9_m_uMVEf2})bes8S|!f5{LRue^RiFGj#lTTHe&76 z3sOd^S!`nBg^f~&|BX41e)o#h$>AtABUQ`{bAHcIbNa1@X7?Lj-J^IF)$Vd>KGm<< z9ER$13d^p&Qhr^EmiZ?xrPzLCumT%@u&M<$x$kg!m{Fl&4~?#h81gVRgfzwG0cWJH zS%3IUG;RK_RM5;;VzvF@nO&CWpP5*)l_W7YYnnK4#YCw?a#Lb#TamFh-ICq%4{15No2BUaAJ3NTaWdFZ%yoP! zrCJfyLLXOW*QPVozF?~A)!Z(_YB*HQ;dVIue!ork`!vPp^|;)sOYAuD)unV?mj}?c zHl0#cuLy=pwQ$&cMHj~mHR=nLL;{iDGn7TeEXmSD)F8!{wJCP%Q1?AujjJ7S7(~?y zBW^_hS;~Lnj+vL;QS3OmMY1X8^KmV)adiu$E!Y))woh9hSO@XKpwy4HVm5Yo#oq<Tox#OWjFq|QxoAM;(9BF(6mc|JWu+SaV*OUqQL+tMtq z&NqWzl51a*JK3;lc8BIt96rBCcj+F7;k9~k1S536IQ#P=gp3!g&0!ysw511I7F}tc zLROdJ=^}^ya+w;O88AXxPz{&*0tqz~NcaM3yetwglGRYM*|@DO>zA5mr)b~!v?W(G zIlda1HeIw{$`IF&t+J$v$l5Vd>KyYTIS`D+!_g{p-f%pCZJfZ77%P#-;SRD|`kj2gb$3(ONZYN&A>s=<(qOaC#IKU}V3qUphSp!V5*_S6c@+z*_MLj?w#=rdXYHe_+F}CVqa=-b?e&g5wzs;c6& zD_)-;d)wpCtV+@nd%IO#e=2rNnJu;IJt(S10{yBYDBlr%`UOY|DjiIpvuS+YgxqMS+=}7R{9dP~ z=!)XkoHo^O^}5{-pR3#iuq5R7_qC1lrQFfdr%sdqJ?LO^?QWmu-L@rWe266 W|K;TS7cQwg_j>U=Qs-3jCjS8<;7EZ0 delta 2878 zcmWmGW7if46ouh>-aHv^HPvLh$+jlj?QGlJ*`93Mwl&pcO}5?mem-3H57=v+wa(ys zkK+$s_&ENgMBzijgvmO6a}Lx;!;YXz(jE1VVHieN>wB3Y5GDAo^FR4bYl-HKtw zv|?GYtvFU(E1nf<#kUez39TQkL{?%eiS?6})JkS0w^CRstyETOD~*-bN@u0FGFTa{ zOjc$qiSU+1itz1@aE02}e%4g-b3RnfLLRMj`h*i`oW)-(eSS77eR%xq@ zRn{tJmA8JeDp(b*N>*j7idEIBW>vRpST(I$R&A?}RoAL#)wdd04Xs92V~c&7SWT^F zR&%R`)zWHZwYJ(=ZLM}zd#i)h(duM%wz^ndt!`F#tB2Lo>Sgt|`dEFfepY{LfHlw> zWDT~4SVOI0)^N+#2y3J@${KBrvBp~CtntDCNurZvm@)tYV1 zvF2LytohagYoWEsT5K(`mRifK<<<&orM1dhZLP7^TI;O!)&^^%waMCSZLzjm+pO)@ z4r`~i%i3-2vG!W~to_yj>!5YWI&2-Wj#|g8!NkZ z`rW#0U9qlO*R1Q-4eO?L%ermdvF=)bSof^^)&uLI^~ic`J+Yoz&#dRx3+tuz%6e_R zvEEwmtoPOj>!bC_`fPo%zFOa`@7ABzU)JB&Ki0q2f1?$4yuu=Y5QIZ`L_kDDLS#h2 z4~U9rh>jSDiCBn@IEagQ2t|A(KtlY8L`aMz_z6jo49SrKDUk}Pkp^jz4(X8r8IcK@ zkp)?i4cUj0T_ru7>pqpieVTIV+2NG6h>nV#$p`CV*(~(5+-8`reYeV zV+Lko7JkKS%)wmD!+b2jLM*~!EWuJN!*Z;^O02?atif8W!+LDMMr^`nY{6D+!*=Yz zPVB;N?7?2_!+spVK^($i9Klf>!*QIzNu0uIoWWU~!+HFM3%H0&_#KyV1y^wm*Kq?k zaSOL`2Y2xY?%_Tj;2|F2F`nQlp5ZxO;3Zz+HQwMY-r+qy;3GcaGrr&}zTrFm#9#Ou z|KMNz7k0D)oIe5xK{$j*1Vlt6L`D?+fT)Ou=!k)sh=tgQgSd!?P{c<9B*c$Mgv3aK zpO6&EkQ^zH5~+|HX^$ zq8N&!1WKY5N}~+Qq8!TO7gRt+R6=D`K~+>kb<{vj)Ix34L0!~CeKbHrG(uwp_iuux zXolu!ftF~6)@XyaXovRbfR5;d&gg=!=!Wj-fu87v-spqA=!gCofPol406 zMqngHVKl~IEXH9xCSW2aVKSy*DyCsNW?&{};aAMY9L&W$%*O&O#3C%l5-i0sEXNA0 z#44=D8mz@Stj7jy#3pRU7Hq{fY{w4l#4hZ{9_+vDqTd5acf{7}{DB?W4i + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + f055dc827b8b2a4a55429e693addb3a4 + CVE-2024-8396 + 2024-10-29 14:30:29 + The DJL package's untar function attempts to prevent path traversal by checking for relative path traversals but fails to account for absolute path traversals. An attacker can exploit this by creating a tarfile with absolute paths, leading to arbitrary file overwrite and potential remote code execution. This can have severe consequences, including unauthorized SSH access, web server exploitation, and availability impacts. + 详情 + + + + 73f799be9ddb0d71f26462b6c403494c + CVE-2024-9505 + 2024-10-29 14:15:08 + The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + 9b76e0e4ab4744fff1dfcb2c9867a6b0 + CVE-2024-51076 + 2024-10-29 14:15:08 + A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter. + 详情 + + + + 23dba8b8def9990ad29e6df9f13e9a0c + CVE-2024-51075 + 2024-10-29 14:15:08 + A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter. + 详情 + + + + b5f0eb3fe9d8292a366bcafa14eac51f + CVE-2024-49634 + 2024-10-29 14:15:07 + Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rimon Habib BP Member Type Manager allows Reflected XSS.This issue affects BP Member Type Manager: from n/a through 1.01. + 详情 + + + + dbc5283dd81076276118230e6bfa7433 + CVE-2024-49632 + 2024-10-29 14:15:07 + Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coral Web Design CWD 3D Image Gallery allows Reflected XSS.This issue affects CWD 3D Image Gallery: from n/a through 1.0. + 详情 + + + + 59ad7c81cb121c45c11913ba884870eb + CVE-2024-47640 + 2024-10-29 14:15:06 + Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2. + 详情 + + + + 8f982272e8bf95b2d22fb51af0977404 + CVE-2024-10226 + 2024-10-29 14:15:06 + The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + 2d891d31ff285aa25329cf71f84b0284 + CVE-2024-8309 + 2024-10-29 13:15:10 + A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database. + 详情 + + + + e1b34b624cf8d6d84e909554646fb31b + CVE-2024-8143 + 2024-10-29 13:15:10 + In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history. + 详情 + + 3a963cb4f7bb51d4286db8ed29aaa4dd CVE-2024-22065 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 44fd7285b1b6d4837d69bdd971556498 - CVE-2024-10408 - 2024-10-27 02:00:06 - A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. - 详情 - - - - 17f2da51516b97b3332d69ad7f1d9c49 - CVE-2024-10407 - 2024-10-27 00:15:12 - A vulnerability, which was classified as critical, was found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/edit_customer.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. - 详情 - - - - 1380df092970ad56239d8cf45d1c0d7f - CVE-2024-10406 - 2024-10-26 22:15:02 - A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_fuel.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. - 详情 - - - - d9719476d79694ee7d821c73d87e9b33 - CVE-2020-26311 - 2024-10-26 21:15:14 - Useragent is a user agent parser for Node.js. All versions as of time of publication contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no patches are available. - 详情 - - - - 76b40fc2f8e3d8495d32dfc41385fdf5 - CVE-2020-26310 - 2024-10-26 21:15:14 - Validate.js provides a declarative way of validating javascript objects. All versions as of 30 November 2020 contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available. - 详情 - - - - 57e10eca9b11b2a371c510abf68e118c - CVE-2020-26309 - 2024-10-26 21:15:14 - Validate.js provides a declarative way of validating javascript objects. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, it is unknown if any patches are available. - 详情 - - - - 0d70122ce767cc3a2a440f17fabb942d - CVE-2020-26308 - 2024-10-26 21:15:14 - Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. - 详情 - - - - 1f779862d0961669d55291ac270dbb69 - CVE-2020-26307 - 2024-10-26 21:15:13 - HTML2Markdown is a Javascript implementation for converting HTML to Markdown text. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. - 详情 - - - - 14316d4906d95d389ddf87c58462978c - CVE-2020-26306 - 2024-10-26 21:15:13 - Knwl.js is a Javascript library that parses through text for dates, times, phone numbers, emails, places, and more. Versions 1.0.2 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. - 详情 - - - - 70106e00d2a08844b0f30fb62527aad1 - CVE-2020-26305 - 2024-10-26 21:15:13 - CommonRegexJS is a CommonRegex port for JavaScript. All available versions contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available. - 详情 - -