Updated by Github Bot

EXP-Tools · Nov 1, 2024 · 63f542c · 63f542c
1 parent edf29aa
commit 63f542c
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -172,3 +172,13 @@ d04f8ae6a9c643d7d3727416631a0c77
 101ac11c3746251f040e0ee1f66f8e13
 5b373425d5a4ee0bbf496bb4f082367a
 824945b5f225323b6a8d053345bae811
+5d33f4b32cfacf76b38c0997708bb2c7
+acc76aa6e9697dba946ffbd97a0f1885
+17f0c2202b5b403481f8ff3ec6fa9c51
+44325e7b9400932ddd52ae23fe7b909c
+3b62773714d14bfc4a57458afc2042ec
+b78c52b5a1e3469c70e39c6f85ea555d
+a4eda3818e1c5d4ffc09355ff6e7dfeb
+71273eb0213732ae0148cbed80ee198a
+ef5f595a5a2ab9111930b23cb7acc21b
+28ddbd298657dea9fd83fd621a2bee7f
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-11-01 03:35:56 -->
+<!-- RELEASE TIME : 2024-11-01 18:31:36 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>5d33f4b32cfacf76b38c0997708bb2c7</td>
+       <td>CVE-2024-51407</td>
+       <td>2024-11-01 14:15:07 <img src="imgs/new.gif" /></td>
+       <td>Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51407">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>acc76aa6e9697dba946ffbd97a0f1885</td>
+       <td>CVE-2024-51406</td>
+       <td>2024-11-01 14:15:07 <img src="imgs/new.gif" /></td>
+       <td>Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51406">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>17f0c2202b5b403481f8ff3ec6fa9c51</td>
+       <td>CVE-2024-48270</td>
+       <td>2024-11-01 14:15:06 <img src="imgs/new.gif" /></td>
+       <td>An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48270">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>44325e7b9400932ddd52ae23fe7b909c</td>
+       <td>CVE-2024-37094</td>
+       <td>2024-11-01 14:15:05 <img src="imgs/new.gif" /></td>
+       <td>Access Control vulnerability in StylemixThemes MasterStudy LMS allows . This issue affects MasterStudy LMS: from n/a through 3.2.12.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37094">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3b62773714d14bfc4a57458afc2042ec</td>
+       <td>CVE-2024-10655</td>
+       <td>2024-11-01 14:15:05 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10655">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b78c52b5a1e3469c70e39c6f85ea555d</td>
+       <td>CVE-2024-7456</td>
+       <td>2024-11-01 12:15:03 <img src="imgs/new.gif" /></td>
+       <td>A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, allowing for SQL injection. The `orderByClause` variable is constructed without server-side validation or sanitization, enabling an attacker to execute arbitrary SQL commands. Successful exploitation can lead to complete data loss, modification, or corruption.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7456">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a4eda3818e1c5d4ffc09355ff6e7dfeb</td>
+       <td>CVE-2024-10654</td>
+       <td>2024-11-01 12:15:03 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /formLoginAuth.htm. The manipulation of the argument authCode with the input 1 leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10654">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>71273eb0213732ae0148cbed80ee198a</td>
+       <td>CVE-2024-10367</td>
+       <td>2024-11-01 11:15:12 <img src="imgs/new.gif" /></td>
+       <td>The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10367">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ef5f595a5a2ab9111930b23cb7acc21b</td>
+       <td>CVE-2024-10653</td>
+       <td>2024-11-01 10:15:05 <img src="imgs/new.gif" /></td>
+       <td>IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10653">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>28ddbd298657dea9fd83fd621a2bee7f</td>
+       <td>CVE-2024-10652</td>
+       <td>2024-11-01 10:15:04 <img src="imgs/new.gif" /></td>
+       <td>IDExpert from CHANGING Information Technology does not properly validate a parameter for a specific functionality, allowing unauthenticated remote attackers to inject JavsScript code and perform Reflected Cross-site scripting attacks.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10652">详情</a></td>
+      </tr>
+
       <tr>
        <td>1eb0b7e208880b927912bc94e8ef69eb</td>
        <td>CVE-2024-51254</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33626">详情</a></td>
       </tr>
 
-      <tr>
-       <td>f055dc827b8b2a4a55429e693addb3a4</td>
-       <td>CVE-2024-8396</td>
-       <td>2024-10-29 14:30:29</td>
-       <td>The DJL package's untar function attempts to prevent path traversal by checking for relative path traversals but fails to account for absolute path traversals. An attacker can exploit this by creating a tarfile with absolute paths, leading to arbitrary file overwrite and potential remote code execution. This can have severe consequences, including unauthorized SSH access, web server exploitation, and availability impacts.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8396">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>73f799be9ddb0d71f26462b6c403494c</td>
-       <td>CVE-2024-9505</td>
-       <td>2024-10-29 14:15:08</td>
-       <td>The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9505">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9b76e0e4ab4744fff1dfcb2c9867a6b0</td>
-       <td>CVE-2024-51076</td>
-       <td>2024-10-29 14:15:08</td>
-       <td>A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/booking-search.php in PHPGurukul Online DJ Booking Management System 1.0, which allows remote attackers to execute arbitrary code via the "searchdata" parameter.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51076">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>23dba8b8def9990ad29e6df9f13e9a0c</td>
-       <td>CVE-2024-51075</td>
-       <td>2024-10-29 14:15:08</td>
-       <td>A Reflected Cross Site Scripting (XSS) vulnerability was found in /odms/admin/user-search.php in PHPGurukul Online DJ Booking Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata parameter.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51075">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b5f0eb3fe9d8292a366bcafa14eac51f</td>
-       <td>CVE-2024-49634</td>
-       <td>2024-10-29 14:15:07</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rimon Habib BP Member Type Manager allows Reflected XSS.This issue affects BP Member Type Manager: from n/a through 1.01.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-49634">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>dbc5283dd81076276118230e6bfa7433</td>
-       <td>CVE-2024-49632</td>
-       <td>2024-10-29 14:15:07</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Coral Web Design CWD 3D Image Gallery allows Reflected XSS.This issue affects CWD 3D Image Gallery: from n/a through 1.0.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-49632">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>59ad7c81cb121c45c11913ba884870eb</td>
-       <td>CVE-2024-47640</td>
-       <td>2024-10-29 14:15:06</td>
-       <td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47640">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8f982272e8bf95b2d22fb51af0977404</td>
-       <td>CVE-2024-10226</td>
-       <td>2024-10-29 14:15:06</td>
-       <td>The Arconix Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'box' shortcode in all versions up to, and including, 2.1.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10226">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2d891d31ff285aa25329cf71f84b0284</td>
-       <td>CVE-2024-8309</td>
-       <td>2024-10-29 13:15:10</td>
-       <td>A vulnerability in the GraphCypherQAChain class of langchain-ai/langchain version 0.2.5 allows for SQL injection through prompt injection. This vulnerability can lead to unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8309">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e1b34b624cf8d6d84e909554646fb31b</td>
-       <td>CVE-2024-8143</td>
-       <td>2024-10-29 13:15:10</td>
-       <td>In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8143">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>