Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Oct 5, 2024
1 parent 2118d9e commit 8472580
Show file tree
Hide file tree
Showing 3 changed files with 97 additions and 87 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,3 +188,13 @@ d8ed090dcada72e81ce792990b43e07d
6df7504b9baed58cebd2f6eb2bdeeb7e
b4355797ec78f21e5628dec1bfb8871b
56436b970672affabc72d3b04a9929e1
2e319570c62aa8ae825332d5c8690889
8aae912aa967f42c9435bda9238f8d05
fb9c6bb7e56a3ec367c5554ab19e61a2
961bbdc758d842aa31033dd4503ce287
5e0426bd0177e251053678b0498fa705
5d7c15e4d3d3ea116efceaf48301919e
1c1e932f5b56506c21aae59dd9ef69ad
4fc6550277872dec5609570b4447e789
d1e805e837511cf4147edd5bea1c6879
9e07a86de4adfe12a600aede4e25f079
Binary file modified data/cves.db
View file
Binary file not shown.
174 changes: 87 additions & 87 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-10-04 09:25:27 -->
<!-- RELEASE TIME : 2024-10-05 09:25:53 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>2e319570c62aa8ae825332d5c8690889</td>
<td>CVE-2024-9528</td>
<td>2024-10-05 03:15:02 <img src="imgs/new.gif" /></td>
<td>The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form label fields in all versions up to, and including, 5.1.19 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with access to edit forms (administrator by default), to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9528">详情</a></td>
</tr>

<tr>
<td>8aae912aa967f42c9435bda9238f8d05</td>
<td>CVE-2024-9455</td>
<td>2024-10-05 02:15:02 <img src="imgs/new.gif" /></td>
<td>The WP Cleanup and Basic Functions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9455">详情</a></td>
</tr>

<tr>
<td>fb9c6bb7e56a3ec367c5554ab19e61a2</td>
<td>CVE-2024-9385</td>
<td>2024-10-05 02:15:02 <img src="imgs/new.gif" /></td>
<td>The Themify Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9385">详情</a></td>
</tr>

<tr>
<td>961bbdc758d842aa31033dd4503ce287</td>
<td>CVE-2024-47841</td>
<td>2024-10-05 02:15:02 <img src="imgs/new.gif" /></td>
<td>Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Path Traversal.This issue affects Mediawiki - CSS Extension: from 1.42.X before 1.42.2, from 1.41.X before 1.41.3, from 1.39.X before 1.39.9.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47841">详情</a></td>
</tr>

<tr>
<td>5e0426bd0177e251053678b0498fa705</td>
<td>CVE-2024-47849</td>
<td>2024-10-05 01:15:12 <img src="imgs/new.gif" /></td>
<td>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows SQL Injection.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47849">详情</a></td>
</tr>

<tr>
<td>5d7c15e4d3d3ea116efceaf48301919e</td>
<td>CVE-2024-47847</td>
<td>2024-10-05 01:15:12 <img src="imgs/new.gif" /></td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47847">详情</a></td>
</tr>

<tr>
<td>1c1e932f5b56506c21aae59dd9ef69ad</td>
<td>CVE-2024-47846</td>
<td>2024-10-05 01:15:12 <img src="imgs/new.gif" /></td>
<td>Cross-Site Request Forgery (CSRF) vulnerability in The Wikimedia Foundation Mediawiki - Cargo allows Cross Site Request Forgery.This issue affects Mediawiki - Cargo: from 3.6.X before 3.6.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47846">详情</a></td>
</tr>

<tr>
<td>4fc6550277872dec5609570b4447e789</td>
<td>CVE-2024-47845</td>
<td>2024-10-05 01:15:12 <img src="imgs/new.gif" /></td>
<td>Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47845">详情</a></td>
</tr>

<tr>
<td>d1e805e837511cf4147edd5bea1c6879</td>
<td>CVE-2024-47840</td>
<td>2024-10-05 01:15:12 <img src="imgs/new.gif" /></td>
<td>Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Apex skin allows Stored XSS.This issue affects Mediawiki - Apex skin: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47840">详情</a></td>
</tr>

<tr>
<td>9e07a86de4adfe12a600aede4e25f079</td>
<td>CVE-2024-47848</td>
<td>2024-10-05 00:15:02 <img src="imgs/new.gif" /></td>
<td>Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47848">详情</a></td>
</tr>

<tr>
<td>4a557abd7ba519dc90cf8a3065861dd1</td>
<td>CVE-2024-6443</td>
Expand Down Expand Up @@ -366,47 +446,47 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<tr>
<td>9ad5b13e2f117fa3a6039ff1b4e642eb</td>
<td>CVE-2024-8352</td>
<td>2024-10-03 04:15:04 <img src="imgs/new.gif" /></td>
<td>2024-10-03 04:15:04</td>
<td>The Social Web Suite – Social Media Auto Post, Social Media Auto Publish plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 4.1.11 via the download_log function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8352">详情</a></td>
</tr>

<tr>
<td>00efda38d2c370265ba34d479968090f</td>
<td>CVE-2024-47136</td>
<td>2024-10-03 03:15:02 <img src="imgs/new.gif" /></td>
<td>2024-10-03 03:15:02</td>
<td>Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47136">详情</a></td>
</tr>

<tr>
<td>737e45e5f022dad8b1c73f45292febb3</td>
<td>CVE-2024-47135</td>
<td>2024-10-03 03:15:02 <img src="imgs/new.gif" /></td>
<td>2024-10-03 03:15:02</td>
<td>Stack-based buffer overflow vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47135">详情</a></td>
</tr>

<tr>
<td>d8ccb0b3af937f7ada5ff07504053ae8</td>
<td>CVE-2024-47134</td>
<td>2024-10-03 03:15:02 <img src="imgs/new.gif" /></td>
<td>2024-10-03 03:15:02</td>
<td>Out-of-bounds write vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.14.0 and earlier. Having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier may cause a denial-of-service (DoS) condition, arbitrary code execution, and/or information disclosure because the issues exist in parsing of KPP project files.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47134">详情</a></td>
</tr>

<tr>
<td>ddd0c3496ebfdbbdd566369380029337</td>
<td>CVE-2024-45367</td>
<td>2024-10-03 02:58:49 <img src="imgs/new.gif" /></td>
<td>2024-10-03 02:58:49</td>
<td>The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45367">详情</a></td>
</tr>

<tr>
<td>ba0aaac83ca433f2f3f3c5ad83513834</td>
<td>CVE-2024-41925</td>
<td>2024-10-03 02:54:58 <img src="imgs/new.gif" /></td>
<td>2024-10-03 02:54:58</td>
<td>The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-41925">详情</a></td>
</tr>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24117">详情</a></td>
</tr>

<tr>
<td>1ccc799c9730574b923457c1da8fa1b8</td>
<td>CVE-2024-7855</td>
<td>2024-10-02 05:15:11</td>
<td>The WP Hotel Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_review() function in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7855">详情</a></td>
</tr>

<tr>
<td>4b1f19431ef777d600e7efceb0915df6</td>
<td>CVE-2024-45186</td>
<td>2024-10-02 05:15:11</td>
<td>FileSender before 2.49 allows server-side template injection (SSTI) for retrieving credentials.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45186">详情</a></td>
</tr>

<tr>
<td>56db77ed78c66d177c336064f69d07a7</td>
<td>CVE-2024-33662</td>
<td>2024-10-02 05:15:11</td>
<td>Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33662">详情</a></td>
</tr>

<tr>
<td>197b25657cce43dd45267cb82aa1432c</td>
<td>CVE-2024-21530</td>
<td>2024-10-02 05:15:11</td>
<td>Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the same ciphertext by creating a new encrypted message with the same cocoon object. **Note:** The issue does NOT affect objects created with Cocoon::new which utilizes ThreadRng.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-21530">详情</a></td>
</tr>

<tr>
<td>528c0dbbc9590077dcd38260e823114f</td>
<td>CVE-2024-45519</td>
<td>2024-10-02 03:10:16</td>
<td>A security vulnerability was discovered in the postjournal service, which may allow unauthenticated users to execute commands.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45519">详情</a></td>
</tr>

<tr>
<td>86d94eb2b646191e1c531f314f7e0e81</td>
<td>CVE-2024-9407</td>
<td>2024-10-01 21:15:08</td>
<td>A vulnerability exists in the bind-propagation option of the Dockerfile RUN --mount instruction. The system does not properly validate the input passed to this option, allowing users to pass arbitrary parameters to the mount instruction. This issue can be exploited to mount sensitive directories from the host into a container during the build process and, in some cases, modify the contents of those mounted files. Even if SELinux is used, this vulnerability can bypass its protection by allowing the source directory to be relabeled to give the container access to host files.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9407">详情</a></td>
</tr>

<tr>
<td>9a9135067dfaba9ee7d7ee3c47b23017</td>
<td>CVE-2024-47609</td>
<td>2024-10-01 21:15:08</td>
<td>Tonic is a native gRPC client & server implementation with async/await support. When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a TCP/TLS stream. This can be triggered by causing the accept call to error out with errors that were not covered correctly causing the accept loop to exit. Upgrading to tonic 0.12.3 and above contains the fix.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47609">详情</a></td>
</tr>

<tr>
<td>fee40dcdde8f1e8bc716b8d0e472546d</td>
<td>CVE-2024-47528</td>
<td>2024-10-01 21:15:08</td>
<td>LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47528">详情</a></td>
</tr>

<tr>
<td>cddc44d93b4200595c3265d027f45dfe</td>
<td>CVE-2024-47527</td>
<td>2024-10-01 21:15:07</td>
<td>LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47527">详情</a></td>
</tr>

<tr>
<td>9d96d585675e1b7c595042440bc3f575</td>
<td>CVE-2024-47526</td>
<td>2024-10-01 21:15:07</td>
<td>LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47526">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 8472580

Please sign in to comment.