Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Dec 12, 2024
1 parent 35dc1aa commit 4d9f67b
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
Original file line number Diff line number Diff line change
Expand Up @@ -180,3 +180,13 @@ cd5e032ffe052c193ad63764099a229c
f906d8cb36d24d8ff38dce7e37a5f7f7
cd31e80af727416fa921a7fea13e7f7c
34f15ea4746098cd99de090d5679f9d5
a391db25adf8c2cd2cc34bb4ea442274
1539d0272e54965789a7f9ab1c27f401
9eec9b49bcdcc9ac24a0a8c9a5d5f95b
4fdbf33748ea75d38f8ac045aa306ab1
86635ea38a607f675e45bb2bf0366706
4e9561c1fb555057a93fac88536ab6e5
9dbaef59d3a24333acacb4140a88c412
244f204acbee1ff428f99af6afe94fe3
57dcc095861454525aa6f1b55d69d1e3
5ffff2d21aa74e70384e62daeca48dd1
Binary file modified data/cves.db
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-12-12 09:27:40 -->
<!-- RELEASE TIME : 2024-12-12 15:27:49 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>a391db25adf8c2cd2cc34bb4ea442274</td>
<td>CVE-2024-50584</td>
<td>2024-12-12 14:15:22 <img src="imgs/new.gif" /></td>
<td>An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the JSON syntax of the templates parameter.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50584">详情</a></td>
</tr>

<tr>
<td>1539d0272e54965789a7f9ab1c27f401</td>
<td>CVE-2024-28146</td>
<td>2024-12-12 14:15:22 <img src="imgs/new.gif" /></td>
<td>The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28146">详情</a></td>
</tr>

<tr>
<td>9eec9b49bcdcc9ac24a0a8c9a5d5f95b</td>
<td>CVE-2024-28145</td>
<td>2024-12-12 14:15:22 <img src="imgs/new.gif" /></td>
<td>An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28145">详情</a></td>
</tr>

<tr>
<td>4fdbf33748ea75d38f8ac045aa306ab1</td>
<td>CVE-2024-28144</td>
<td>2024-12-12 14:15:22 <img src="imgs/new.gif" /></td>
<td>An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28144">详情</a></td>
</tr>

<tr>
<td>86635ea38a607f675e45bb2bf0366706</td>
<td>CVE-2024-28143</td>
<td>2024-12-12 14:15:22 <img src="imgs/new.gif" /></td>
<td>The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e.g. by exploiting a CSRF issue.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28143">详情</a></td>
</tr>

<tr>
<td>4e9561c1fb555057a93fac88536ab6e5</td>
<td>CVE-2024-54122</td>
<td>2024-12-12 13:15:11 <img src="imgs/new.gif" /></td>
<td>Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54122">详情</a></td>
</tr>

<tr>
<td>9dbaef59d3a24333acacb4140a88c412</td>
<td>CVE-2024-54119</td>
<td>2024-12-12 13:15:11 <img src="imgs/new.gif" /></td>
<td>Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54119">详情</a></td>
</tr>

<tr>
<td>244f204acbee1ff428f99af6afe94fe3</td>
<td>CVE-2024-54118</td>
<td>2024-12-12 13:15:11 <img src="imgs/new.gif" /></td>
<td>Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54118">详情</a></td>
</tr>

<tr>
<td>57dcc095861454525aa6f1b55d69d1e3</td>
<td>CVE-2024-47947</td>
<td>2024-12-12 13:15:10 <img src="imgs/new.gif" /></td>
<td>Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47947">详情</a></td>
</tr>

<tr>
<td>5ffff2d21aa74e70384e62daeca48dd1</td>
<td>CVE-2024-36498</td>
<td>2024-12-12 13:15:10 <img src="imgs/new.gif" /></td>
<td>Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. Version 7.40 implemented a fix, but it could be bypassed via URL-encoding the Javascript payload again.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36498">详情</a></td>
</tr>

<tr>
<td>db248c0aad583cee4771e463a3dbd3a1</td>
<td>CVE-2024-12325</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45709">详情</a></td>
</tr>

<tr>
<td>5900fb8f4b4e64597d05d10d9a72a9ec</td>
<td>CVE-2023-48277</td>
<td>2024-12-09 11:39:26</td>
<td>Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Progressive Web Apps: from n/a through 2.2.21.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-48277">详情</a></td>
</tr>

<tr>
<td>5da1046edb0b166a7fbf96bb10d413ae</td>
<td>CVE-2024-54227</td>
<td>2024-12-09 11:32:29</td>
<td>Missing Authorization vulnerability in theDotstore Minimum and Maximum Quantity for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimum and Maximum Quantity for WooCommerce: from n/a through 2.0.0.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54227">详情</a></td>
</tr>

<tr>
<td>b43a5c02440ae82e08383fb5ffd1bd22</td>
<td>CVE-2024-54251</td>
<td>2024-12-09 11:32:28</td>
<td>Missing Authorization vulnerability in Prodigy Commerce Prodigy Commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through 3.0.9.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54251">详情</a></td>
</tr>

<tr>
<td>319bee83b9dfd18ddcfc441ebaf5c51d</td>
<td>CVE-2024-54224</td>
<td>2024-12-09 11:32:15</td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.7.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54224">详情</a></td>
</tr>

<tr>
<td>e76fbdd1be06e0c8dc5835932b2d88a2</td>
<td>CVE-2024-54228</td>
<td>2024-12-09 11:32:14</td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebOccult Technologies Pvt Ltd Wot Elementor Widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets: from n/a through 1.0.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54228">详情</a></td>
</tr>

<tr>
<td>b1030cbc424aed75b916d97c39f308ca</td>
<td>CVE-2024-54230</td>
<td>2024-12-09 11:32:13</td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPRealizer Unlock Addons for Elementor allows DOM-Based XSS.This issue affects Unlock Addons for Elementor: from n/a through 1.0.0.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54230">详情</a></td>
</tr>

<tr>
<td>b93f7b6d9803cc219ae147c3a74a68a7</td>
<td>CVE-2024-54232</td>
<td>2024-12-09 11:32:12</td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rrdevs RRAddons for Elementor allows Stored XSS.This issue affects RRAddons for Elementor: from n/a through 1.1.0.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54232">详情</a></td>
</tr>

<tr>
<td>fc39563782d7fd868726cc1c16b6052d</td>
<td>CVE-2024-54260</td>
<td>2024-12-09 11:32:11</td>
<td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlazeThemes News Kit Elementor Addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through 1.2.2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54260">详情</a></td>
</tr>

<tr>
<td>d4ede3ecb17bbf09d397002365a6bbb4</td>
<td>CVE-2024-54226</td>
<td>2024-12-09 11:32:08</td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in Karl Kiesinger Country Blocker allows Stored XSS.This issue affects Country Blocker: from n/a through 3.2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54226">详情</a></td>
</tr>

<tr>
<td>ec7c9173dc2c4fc7fdb029f521dc93ec</td>
<td>CVE-2024-54255</td>
<td>2024-12-09 11:32:02</td>
<td>URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode allows Phishing.This issue affects Login Widget With Shortcode: from n/a through 6.1.2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54255">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 4d9f67b

Please sign in to comment.