Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Apr 12, 2024
1 parent af50f8e commit 885b8a1
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,3 +104,13 @@ b616bedffb88e07bfa65121ffc7a7a9d
5afcccb3474cf38e92fca78d3956ea5d
519d9f064fae7c8647690120c14a59f6
e042819898578be8b6eed915de1ac478
4fb231048c1f9f7ab953622d4993218e
5d30f28307d99f8ef687efadfb62e609
58fdfb30b9e00e406039bb33f9646df0
74c71451c90b0e77cb78b92df6b9b9a9
38c60f9603b2952abbdf4bf99d653020
f055ab7fbcada08b35fbb3cfaa461b47
3315ff09ef4002882586b280ebba5973
d6e69687d570799e00c72934be69ee83
2294de2743ac043fbc4fa1e30c6c20f7
19243d5e8ea0ce74eb09c5fc33114ec8
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-04-12 03:25:13 -->
<!-- RELEASE TIME : 2024-04-12 23:19:02 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>4fb231048c1f9f7ab953622d4993218e</td>
<td>CVE-2024-3698</td>
<td>2024-04-12 17:17:23 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in Campcodes House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_payment.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260485 was assigned to this vulnerability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3698">详情</a></td>
</tr>

<tr>
<td>5d30f28307d99f8ef687efadfb62e609</td>
<td>CVE-2024-3697</td>
<td>2024-04-12 17:17:22 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3697">详情</a></td>
</tr>

<tr>
<td>58fdfb30b9e00e406039bb33f9646df0</td>
<td>CVE-2024-22359</td>
<td>2024-04-12 17:17:22 <img src="imgs/new.gif" /></td>
<td>IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22359">详情</a></td>
</tr>

<tr>
<td>74c71451c90b0e77cb78b92df6b9b9a9</td>
<td>CVE-2024-22358</td>
<td>2024-04-12 17:17:22 <img src="imgs/new.gif" /></td>
<td>IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 280896.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22358">详情</a></td>
</tr>

<tr>
<td>38c60f9603b2952abbdf4bf99d653020</td>
<td>CVE-2024-22339</td>
<td>2024-04-12 17:17:21 <img src="imgs/new.gif" /></td>
<td>IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22339">详情</a></td>
</tr>

<tr>
<td>f055ab7fbcada08b35fbb3cfaa461b47</td>
<td>CVE-2024-22334</td>
<td>2024-04-12 17:17:21 <img src="imgs/new.gif" /></td>
<td>IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22334">详情</a></td>
</tr>

<tr>
<td>3315ff09ef4002882586b280ebba5973</td>
<td>CVE-2024-0157</td>
<td>2024-04-12 17:17:21 <img src="imgs/new.gif" /></td>
<td>Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0157">详情</a></td>
</tr>

<tr>
<td>d6e69687d570799e00c72934be69ee83</td>
<td>CVE-2024-3707</td>
<td>2024-04-12 14:15:09 <img src="imgs/new.gif" /></td>
<td>Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3707">详情</a></td>
</tr>

<tr>
<td>2294de2743ac043fbc4fa1e30c6c20f7</td>
<td>CVE-2024-3706</td>
<td>2024-04-12 14:15:09 <img src="imgs/new.gif" /></td>
<td>Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3706">详情</a></td>
</tr>

<tr>
<td>19243d5e8ea0ce74eb09c5fc33114ec8</td>
<td>CVE-2024-3705</td>
<td>2024-04-12 14:15:08 <img src="imgs/new.gif" /></td>
<td>Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3705">详情</a></td>
</tr>

<tr>
<td>513133c591989f557bb35bec9e5077fd</td>
<td>CVE-2024-30273</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3388">详情</a></td>
</tr>

<tr>
<td>64c99d4e452f362d5321dbc16228f326</td>
<td>CVE-2024-3545</td>
<td>2024-04-09 19:15:41</td>
<td>Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3545">详情</a></td>
</tr>

<tr>
<td>57f39a3baee4cc784c673b545110a6f9</td>
<td>CVE-2024-3514</td>
<td>2024-04-09 19:15:41</td>
<td>The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3514">详情</a></td>
</tr>

<tr>
<td>ea89e5eb40cfcd53b5f3907742de5974</td>
<td>CVE-2024-3512</td>
<td>2024-04-09 19:15:41</td>
<td>The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'note_color' shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3512">详情</a></td>
</tr>

<tr>
<td>5d05c256dd0c25e0c7aff1279b8129d5</td>
<td>CVE-2024-3267</td>
<td>2024-04-09 19:15:40</td>
<td>The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3267">详情</a></td>
</tr>

<tr>
<td>f91acb3e5908a92502d4388db5a7c091</td>
<td>CVE-2024-3266</td>
<td>2024-04-09 19:15:40</td>
<td>The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3266">详情</a></td>
</tr>

<tr>
<td>81d201d38d511297f30f5fd4c927a1d7</td>
<td>CVE-2024-3244</td>
<td>2024-04-09 19:15:40</td>
<td>The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3244">详情</a></td>
</tr>

<tr>
<td>b04503ac83847773e3c1913a29e3d53f</td>
<td>CVE-2024-3214</td>
<td>2024-04-09 19:15:40</td>
<td>The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3214">详情</a></td>
</tr>

<tr>
<td>bda0d0c8b970be70e8cfb0f831f0c387</td>
<td>CVE-2024-3213</td>
<td>2024-04-09 19:15:40</td>
<td>The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3213">详情</a></td>
</tr>

<tr>
<td>0e58afa56a2d326d843b06d379a76859</td>
<td>CVE-2024-3208</td>
<td>2024-04-09 19:15:40</td>
<td>The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3208">详情</a></td>
</tr>

<tr>
<td>8220ef4a0604d6d98fea2628e6433290</td>
<td>CVE-2024-3167</td>
<td>2024-04-09 19:15:39</td>
<td>The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3167">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 885b8a1

Please sign in to comment.