Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Dec 24, 2024
1 parent 558cb93 commit 7bd8c19
Show file tree
Hide file tree
Showing 3 changed files with 98 additions and 88 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
Original file line number Diff line number Diff line change
Expand Up @@ -185,3 +185,13 @@ b273799c52646c405cb0eafa1bf54620
8b1b3037309ba63d90f958011ee562f0
c97e5a38c85cf77728a1393839a2b923
7c31e66078485a056d37ade7316a60aa
916044873b020917249ba77a70db906d
0bdfdc0a3a264020a14a8ced51c0f40e
4c02a5c039512e91b1fa263da3030bdd
c5d82dec1886b1554f25b191e29880be
574caa9c7c9c3d90bc6dd7d924c8d89e
c4f4c0f6dd2e0c26511b977c4aa2ef6f
1403001f963d453afaed49b4a7f87a82
0c0b6e3d8b9ae26107c0295f04a56493
d43f508a82f7fa455feaf8b23dd7e104
417bcaa3adf26488a4db413aec1775a8
Binary file modified data/cves.db
Binary file not shown.
176 changes: 88 additions & 88 deletions docs/index.html
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-12-23 12:44:46 -->
<!-- RELEASE TIME : 2024-12-24 01:45:31 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,58 +283,138 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>916044873b020917249ba77a70db906d</td>
<td>CVE-2024-53961</td>
<td>2024-12-23 21:15:05 <img src="imgs/new.gif" /></td>
<td>ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53961">详情</a></td>
</tr>

<tr>
<td>0bdfdc0a3a264020a14a8ced51c0f40e</td>
<td>CVE-2024-56363</td>
<td>2024-12-23 18:15:07 <img src="imgs/new.gif" /></td>
<td>APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2 template. Specifically, when user input is improperly sanitized or validated, an attacker can inject Jinja2 syntax into the template, causing the server to execute arbitrary code. For example, an attacker might be able to inject expressions like {{ config }}, {{ self.class.mro[1].subclasses() }}, or more dangerous payloads that trigger execution of arbitrary Python code. The vulnerability can be reproduced by submitting crafted input to all the template fields handled by ckeditor, that are passed directly to a Jinja2 template. If the input is rendered without sufficient sanitization, it results in the execution of malicious Jinja2 code on the server.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56363">详情</a></td>
</tr>

<tr>
<td>4c02a5c039512e91b1fa263da3030bdd</td>
<td>CVE-2024-56362</td>
<td>2024-12-23 18:15:07 <img src="imgs/new.gif" /></td>
<td>Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56362">详情</a></td>
</tr>

<tr>
<td>c5d82dec1886b1554f25b191e29880be</td>
<td>CVE-2024-53276</td>
<td>2024-12-23 18:15:07 <img src="imgs/new.gif" /></td>
<td>Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default settings. The following express middleware allows any website to make a cross site request to home-gallery, thus allowing them to read any endpoint on home-gallery. Home-gallery is mostly safe from cross-site requests due to most of its pages requiring JavaScript, and cross-site requests such as fetch() do not render javascript. If an attacker is able to get the path of the preview images which are randomized, an attacker will be able to view such a photo. If any static files or endpoints are introduced in the future that contain sensitive information, they will be accessible to an attacker website.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53276">详情</a></td>
</tr>

<tr>
<td>574caa9c7c9c3d90bc6dd7d924c8d89e</td>
<td>CVE-2024-53275</td>
<td>2024-12-23 18:15:07 <img src="imgs/new.gif" /></td>
<td>Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. In this attack, an attacker will ask a user to visit their website. The attacker website will then change the DNS records of their domain from their IP address to the internal IP address of the home-gallery instance. To tell which IP addresses are valid, we can rebind a subdomain to each IP address we want to check, and see if there is a response. Once potential candidates have been found, the attacker can launch the attack by reading the response of the web server after the IP address has changed. When the attacker domain is fetched, the response will be from the home-gallery instance, not the attacker website, because the IP address has been changed. Due to a lack of authentication, home-gallery photos can then be extracted by the attacker website.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-53275">详情</a></td>
</tr>

<tr>
<td>c4f4c0f6dd2e0c26511b977c4aa2ef6f</td>
<td>CVE-2024-40896</td>
<td>2024-12-23 17:15:08 <img src="imgs/new.gif" /></td>
<td>In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-40896">详情</a></td>
</tr>

<tr>
<td>1403001f963d453afaed49b4a7f87a82</td>
<td>CVE-2024-56364</td>
<td>2024-12-23 16:15:07 <img src="imgs/new.gif" /></td>
<td>SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56364">详情</a></td>
</tr>

<tr>
<td>0c0b6e3d8b9ae26107c0295f04a56493</td>
<td>CVE-2024-56326</td>
<td>2024-12-23 16:15:07 <img src="imgs/new.gif" /></td>
<td>Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56326">详情</a></td>
</tr>

<tr>
<td>d43f508a82f7fa455feaf8b23dd7e104</td>
<td>CVE-2024-56201</td>
<td>2024-12-23 16:15:07 <img src="imgs/new.gif" /></td>
<td>Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56201">详情</a></td>
</tr>

<tr>
<td>417bcaa3adf26488a4db413aec1775a8</td>
<td>CVE-2024-55947</td>
<td>2024-12-23 16:15:07 <img src="imgs/new.gif" /></td>
<td>Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55947">详情</a></td>
</tr>

<tr>
<td>a8856752e80eaffe72aa25cb1ae78af3</td>
<td>CVE-2024-12895</td>
<td>2024-12-22 14:15:04 <img src="imgs/new.gif" /></td>
<td>2024-12-22 14:15:04</td>
<td>A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag.php. The manipulation of the argument problema leads to sql injection. The attack can be launched remotely. The identifier of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12895">详情</a></td>
</tr>

<tr>
<td>ea4d5ae72e6fd639cc010436cf02f6a9</td>
<td>CVE-2024-12894</td>
<td>2024-12-22 12:15:16 <img src="imgs/new.gif" /></td>
<td>2024-12-22 12:15:16</td>
<td>A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12894">详情</a></td>
</tr>

<tr>
<td>b273799c52646c405cb0eafa1bf54620</td>
<td>CVE-2024-12893</td>
<td>2024-12-22 08:15:06 <img src="imgs/new.gif" /></td>
<td>2024-12-22 08:15:06</td>
<td>A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12893">详情</a></td>
</tr>

<tr>
<td>52a7371b1aa63e400f82c8bbae13f02f</td>
<td>CVE-2024-12892</td>
<td>2024-12-22 08:15:04 <img src="imgs/new.gif" /></td>
<td>2024-12-22 08:15:04</td>
<td>A vulnerability classified as problematic was found in code-projects Online Exam Mastering System 1.0. Affected by this vulnerability is an unknown functionality of the file /sign.php?q=account.php. The manipulation of the argument name/gender/college leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12892">详情</a></td>
</tr>

<tr>
<td>8b1b3037309ba63d90f958011ee562f0</td>
<td>CVE-2024-12891</td>
<td>2024-12-22 07:15:04 <img src="imgs/new.gif" /></td>
<td>2024-12-22 07:15:04</td>
<td>A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12891">详情</a></td>
</tr>

<tr>
<td>c97e5a38c85cf77728a1393839a2b923</td>
<td>CVE-2024-12890</td>
<td>2024-12-22 06:15:05 <img src="imgs/new.gif" /></td>
<td>2024-12-22 06:15:05</td>
<td>A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12890">详情</a></td>
</tr>

<tr>
<td>7c31e66078485a056d37ade7316a60aa</td>
<td>CVE-2024-11852</td>
<td>2024-12-22 02:15:16 <img src="imgs/new.gif" /></td>
<td>2024-12-22 02:15:16</td>
<td>The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11852">详情</a></td>
</tr>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55471">详情</a></td>
</tr>

<tr>
<td>39fb852f2a13d05cdd353a2c2df826d4</td>
<td>CVE-2024-55470</td>
<td>2024-12-20 16:15:23</td>
<td>Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55470">详情</a></td>
</tr>

<tr>
<td>d4fcd342a3c4221b15af4063cbe735b3</td>
<td>CVE-2024-55186</td>
<td>2024-12-20 16:15:23</td>
<td>An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-55186">详情</a></td>
</tr>

<tr>
<td>f8e90f619a017b9c36ee9f7b7500acd2</td>
<td>CVE-2024-12840</td>
<td>2024-12-20 16:15:23</td>
<td>A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12840">详情</a></td>
</tr>

<tr>
<td>8ff4aef0b81de6a002b2b8c4bf689608</td>
<td>CVE-2024-10385</td>
<td>2024-12-20 16:15:21</td>
<td>Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10385">详情</a></td>
</tr>

<tr>
<td>da91c00f5d2a99f894f6bf3d0dab8df1</td>
<td>CVE-2024-56356</td>
<td>2024-12-20 15:15:09</td>
<td>In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56356">详情</a></td>
</tr>

<tr>
<td>03f6f28e0195eb4df4cdb5c8f257c2c4</td>
<td>CVE-2024-56355</td>
<td>2024-12-20 15:15:09</td>
<td>In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56355">详情</a></td>
</tr>

<tr>
<td>2a219fd745f871769350db0d47bc4fbe</td>
<td>CVE-2024-56354</td>
<td>2024-12-20 15:15:09</td>
<td>In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-56354">详情</a></td>
</tr>

<tr>
<td>1fc440261e27306b1a7f59bcbc5673a3</td>
<td>CVE-2024-52897</td>
<td>2024-12-19 18:15:23</td>
<td>IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-52897">详情</a></td>
</tr>

<tr>
<td>9fcdf4e6773e0bdcf7b7c50842c8bc42</td>
<td>CVE-2024-51471</td>
<td>2024-12-19 18:15:23</td>
<td>IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTS web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-51471">详情</a></td>
</tr>

<tr>
<td>85d85b72a2d63adf4734c15706e70c2c</td>
<td>CVE-2024-49336</td>
<td>2024-12-19 18:15:22</td>
<td>IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-49336">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 7bd8c19

Please sign in to comment.