Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Dec 16, 2024
1 parent abdeefe commit 6fc5dc1
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
Original file line number Diff line number Diff line change
Expand Up @@ -118,3 +118,13 @@ d67d18f4f091b4254f51d85161939ca0
dadaf9bb405058212d1c71f06d95ea59
b53a1f01f88188e5cf796ab64f39e3ba
91b3b46fcd53438c089d99cdf8412d03
a4e974165785ddf24fd970bc098dd3bc
1edfab03e102d44e92b29f1ed47a23f2
65b7efcc88c6008c0e1cad5ffcd5f61b
367169ac31e04d6b422a10d5a9b1ba22
547fa52dac331557e1b14f3f21f99493
e43d3adfe02255c292babe3226af2c7b
8bf99a69ac5c5e77af2a00dee97f0c31
594936095c8c3c421f9605a13558eb31
286d1bce15445150c4f662c6cd7e40d6
aa1e25452e020caa59e946d938f4420c
Binary file modified data/cves.db
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-12-16 09:28:46 -->
<!-- RELEASE TIME : 2024-12-16 18:34:47 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>a4e974165785ddf24fd970bc098dd3bc</td>
<td>CVE-2024-12478</td>
<td>2024-12-16 11:15:04 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12478">详情</a></td>
</tr>

<tr>
<td>1edfab03e102d44e92b29f1ed47a23f2</td>
<td>CVE-2024-12362</td>
<td>2024-12-16 10:15:05 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12362">详情</a></td>
</tr>

<tr>
<td>65b7efcc88c6008c0e1cad5ffcd5f61b</td>
<td>CVE-2024-54682</td>
<td>2024-12-16 08:15:05 <img src="imgs/new.gif" /></td>
<td>Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54682">详情</a></td>
</tr>

<tr>
<td>367169ac31e04d6b422a10d5a9b1ba22</td>
<td>CVE-2024-54083</td>
<td>2024-12-16 08:15:05 <img src="imgs/new.gif" /></td>
<td>Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-54083">详情</a></td>
</tr>

<tr>
<td>547fa52dac331557e1b14f3f21f99493</td>
<td>CVE-2024-48872</td>
<td>2024-12-16 08:15:04 <img src="imgs/new.gif" /></td>
<td>Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48872">详情</a></td>
</tr>

<tr>
<td>e43d3adfe02255c292babe3226af2c7b</td>
<td>CVE-2024-9679</td>
<td>2024-12-16 07:15:07 <img src="imgs/new.gif" /></td>
<td>A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9679">详情</a></td>
</tr>

<tr>
<td>8bf99a69ac5c5e77af2a00dee97f0c31</td>
<td>CVE-2024-9678</td>
<td>2024-12-16 07:15:06 <img src="imgs/new.gif" /></td>
<td>An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9678">详情</a></td>
</tr>

<tr>
<td>594936095c8c3c421f9605a13558eb31</td>
<td>CVE-2024-12646</td>
<td>2024-12-16 07:15:06 <img src="imgs/new.gif" /></td>
<td>The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability, allowing attackers to delete arbitrary files on the user's system.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12646">详情</a></td>
</tr>

<tr>
<td>286d1bce15445150c4f662c6cd7e40d6</td>
<td>CVE-2024-12645</td>
<td>2024-12-16 07:15:06 <img src="imgs/new.gif" /></td>
<td>The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to read arbitrary files on the user's system.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12645">详情</a></td>
</tr>

<tr>
<td>aa1e25452e020caa59e946d938f4420c</td>
<td>CVE-2024-12644</td>
<td>2024-12-16 07:15:06 <img src="imgs/new.gif" /></td>
<td>The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability. Attackers can copy arbitrary files on the user's system and paste them into any path, which poses a potential risk of information leakage or could consume hard drive space by copying files in large volumes.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12644">详情</a></td>
</tr>

<tr>
<td>e06b7f31f7e95d61e3c590929fb78aaf</td>
<td>CVE-2024-11858</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48008">详情</a></td>
</tr>

<tr>
<td>70b0c874b65eb15736584d9223cbcc5a</td>
<td>CVE-2024-48007</td>
<td>2024-12-13 14:15:22</td>
<td>Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-48007">详情</a></td>
</tr>

<tr>
<td>cc216ee3385a6efb3943afdc4f13811a</td>
<td>CVE-2024-38488</td>
<td>2024-12-13 14:15:21</td>
<td>Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. This allows attackers to brute-force the password of valid users in an automated manner.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38488">详情</a></td>
</tr>

<tr>
<td>60c21f6d930064addaba4e1846c23e18</td>
<td>CVE-2024-22461</td>
<td>2024-12-13 14:15:21</td>
<td>Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22461">详情</a></td>
</tr>

<tr>
<td>21f47697a5ce427001fb9ff687fd0a45</td>
<td>CVE-2024-11986</td>
<td>2024-12-13 14:15:21</td>
<td>Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11986">详情</a></td>
</tr>

<tr>
<td>03282aa37629779cf4a49f1c85ad5c2d</td>
<td>CVE-2024-9608</td>
<td>2024-12-13 12:15:20</td>
<td>The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Please note this is only exploitable when the WooCommerce store is set to Belgium.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9608">详情</a></td>
</tr>

<tr>
<td>174bfe7512da199b532e861da77a3173</td>
<td>CVE-2024-21577</td>
<td>2024-12-13 12:15:19</td>
<td>ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21577">详情</a></td>
</tr>

<tr>
<td>4abf3988708229d0b36d1e26a5592d66</td>
<td>CVE-2024-21576</td>
<td>2024-12-13 12:15:19</td>
<td>ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there’s a call to eval which can be triggered by generating a workflow that injects a crafted string into the node. This can result in executing arbitrary code on the server.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21576">详情</a></td>
</tr>

<tr>
<td>358ae56ec177d1253a16832e41ba3f2b</td>
<td>CVE-2024-11827</td>
<td>2024-12-13 12:15:19</td>
<td>The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootb_query shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11827">详情</a></td>
</tr>

<tr>
<td>a391db25adf8c2cd2cc34bb4ea442274</td>
<td>CVE-2024-50584</td>
<td>2024-12-12 14:15:22</td>
<td>An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the JSON syntax of the templates parameter.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-50584">详情</a></td>
</tr>

<tr>
<td>1539d0272e54965789a7f9ab1c27f401</td>
<td>CVE-2024-28146</td>
<td>2024-12-12 14:15:22</td>
<td>The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28146">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 6fc5dc1

Please sign in to comment.