Updated by Github Bot

EXP-Tools · Dec 19, 2024 · 411d2c2 · 411d2c2
1 parent 0ccafd1
commit 411d2c2
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -148,3 +148,13 @@ ace411da8b78d339d569661977f6a6fc
 308e38b0751c3e75dbcdbd2516ec94c8
 2242e50e24aa165b638b671c4752b4c8
 e4e3723d7028270b0f69be2c73afded9
+1fc440261e27306b1a7f59bcbc5673a3
+9fcdf4e6773e0bdcf7b7c50842c8bc42
+85d85b72a2d63adf4734c15706e70c2c
+a612fec9d9c34061cac19ccb39256465
+ecfcc9d22cb4e446c05fed6dcfb63efb
+45741a22a532811bd0cbda89884a6352
+a171fb73bfdc33c86ae3a19612719ee4
+6c93d59c8fe4b93d71a5315b26b6eab2
+43e6502c5abfce4e5f77de13ac605dc7
+3d34d3cb1b0f5f7a4893a019ea08a3f1
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-12-19 09:26:46 -->
+<!-- RELEASE TIME : 2024-12-19 21:22:05 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>1fc440261e27306b1a7f59bcbc5673a3</td>
+       <td>CVE-2024-52897</td>
+       <td>2024-12-19 18:15:23 <img src="imgs/new.gif" /></td>
+       <td>IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-52897">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>9fcdf4e6773e0bdcf7b7c50842c8bc42</td>
+       <td>CVE-2024-51471</td>
+       <td>2024-12-19 18:15:23 <img src="imgs/new.gif" /></td>
+       <td>IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51471">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>85d85b72a2d63adf4734c15706e70c2c</td>
+       <td>CVE-2024-49336</td>
+       <td>2024-12-19 18:15:22 <img src="imgs/new.gif" /></td>
+       <td>IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-49336">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a612fec9d9c34061cac19ccb39256465</td>
+       <td>CVE-2024-38819</td>
+       <td>2024-12-19 18:15:10 <img src="imgs/new.gif" /></td>
+       <td>Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38819">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ecfcc9d22cb4e446c05fed6dcfb63efb</td>
+       <td>CVE-2024-12794</td>
+       <td>2024-12-19 18:15:09 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12794">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>45741a22a532811bd0cbda89884a6352</td>
+       <td>CVE-2024-12793</td>
+       <td>2024-12-19 18:15:09 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.4 is able to address this issue. It is recommended to upgrade the affected component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12793">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a171fb73bfdc33c86ae3a19612719ee4</td>
+       <td>CVE-2024-12792</td>
+       <td>2024-12-19 18:15:08 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12792">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6c93d59c8fe4b93d71a5315b26b6eab2</td>
+       <td>CVE-2024-12791</td>
+       <td>2024-12-19 18:15:08 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12791">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>43e6502c5abfce4e5f77de13ac605dc7</td>
+       <td>CVE-2023-7005</td>
+       <td>2024-12-19 18:15:06 <img src="imgs/new.gif" /></td>
+       <td>A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-7005">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3d34d3cb1b0f5f7a4893a019ea08a3f1</td>
+       <td>CVE-2024-55081</td>
+       <td>2024-12-19 17:15:09 <img src="imgs/new.gif" /></td>
+       <td>An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55081">详情</a></td>
+      </tr>
+
       <tr>
        <td>d6bec2c8f376f6c87daf6932b21290b5</td>
        <td>CVE-2024-52361</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12193">详情</a></td>
       </tr>
 
-      <tr>
-       <td>a4e974165785ddf24fd970bc098dd3bc</td>
-       <td>CVE-2024-12478</td>
-       <td>2024-12-16 11:15:04</td>
-       <td>A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12478">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1edfab03e102d44e92b29f1ed47a23f2</td>
-       <td>CVE-2024-12362</td>
-       <td>2024-12-16 10:15:05</td>
-       <td>A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12362">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>65b7efcc88c6008c0e1cad5ffcd5f61b</td>
-       <td>CVE-2024-54682</td>
-       <td>2024-12-16 08:15:05</td>
-       <td>Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54682">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>367169ac31e04d6b422a10d5a9b1ba22</td>
-       <td>CVE-2024-54083</td>
-       <td>2024-12-16 08:15:05</td>
-       <td>Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54083">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>547fa52dac331557e1b14f3f21f99493</td>
-       <td>CVE-2024-48872</td>
-       <td>2024-12-16 08:15:04</td>
-       <td>Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48872">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e43d3adfe02255c292babe3226af2c7b</td>
-       <td>CVE-2024-9679</td>
-       <td>2024-12-16 07:15:07</td>
-       <td>A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9679">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8bf99a69ac5c5e77af2a00dee97f0c31</td>
-       <td>CVE-2024-9678</td>
-       <td>2024-12-16 07:15:06</td>
-       <td>An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9678">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>594936095c8c3c421f9605a13558eb31</td>
-       <td>CVE-2024-12646</td>
-       <td>2024-12-16 07:15:06</td>
-       <td>The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability, allowing attackers to delete arbitrary files on the user's system.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12646">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>286d1bce15445150c4f662c6cd7e40d6</td>
-       <td>CVE-2024-12645</td>
-       <td>2024-12-16 07:15:06</td>
-       <td>The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to read arbitrary files on the user's system.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12645">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>aa1e25452e020caa59e946d938f4420c</td>
-       <td>CVE-2024-12644</td>
-       <td>2024-12-16 07:15:06</td>
-       <td>The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability. Attackers can copy arbitrary files on the user's system and paste them into any path, which poses a potential risk of information leakage or could consume hard drive space by copying files in large volumes.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12644">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>