Updated by Github Bot

EXP-Tools · Feb 7, 2024 · 886ec42 · 886ec42
1 parent 23f08b4
commit 886ec42
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -194,3 +194,13 @@ cc4640c1fd2fa6fc131b1a52229b49b5
 b021f0ba66cdc88f28544dcef4990bd8
 7842924e67633e99aea4706dcc910bcc
 dae7829bbe21f9d04ed12231e555d045
+8b6827f90073579427f6e9fb3fbe09ab
+01186fcb20868ed7e03ed4e5ba0bab97
+b944bd8e9ce2eefc05570932ea093c72
+bce12e38d6fc6de5271e127c2e923092
+d8a7ec532a97672daf723ae530e10905
+41ec1a6d53651a0ac48d5e6a1f8c37ce
+ad96ad76adac6ecd5f0dc15e95a9ef0c
+ff19707dae7e221c96f4a355eb00af83
+bc795570b54cf0d3e3b359d92bd3103c
+218903fcd473554d33c30a323e2f61b4
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-02-07 03:24:03 -->
+<!-- RELEASE TIME : 2024-02-07 11:22:07 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>8b6827f90073579427f6e9fb3fbe09ab</td>
+       <td>CVE-2024-1079</td>
+       <td>2024-02-07 08:15:43 <img src="imgs/new.gif" /></td>
+       <td>The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1079">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>01186fcb20868ed7e03ed4e5ba0bab97</td>
+       <td>CVE-2024-1078</td>
+       <td>2024-02-07 08:15:42 <img src="imgs/new.gif" /></td>
+       <td>The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1078">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b944bd8e9ce2eefc05570932ea093c72</td>
+       <td>CVE-2024-0977</td>
+       <td>2024-02-07 08:15:41 <img src="imgs/new.gif" /></td>
+       <td>The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0977">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>bce12e38d6fc6de5271e127c2e923092</td>
+       <td>CVE-2023-40355</td>
+       <td>2024-02-07 08:15:40 <img src="imgs/new.gif" /></td>
+       <td>Cross Site Scripting (XSS) vulnerability in Axigen versions 10.3.3.0 before 10.3.3.59, 10.4.0 before 10.4.19, and 10.5.0 before 10.5.5, allows authenticated attackers to execute arbitrary code and obtain sensitive information via the logic for switching between the Standard and Ajax versions.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-40355">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d8a7ec532a97672daf723ae530e10905</td>
+       <td>CVE-2024-1055</td>
+       <td>2024-02-07 07:15:09 <img src="imgs/new.gif" /></td>
+       <td>The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1055">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>41ec1a6d53651a0ac48d5e6a1f8c37ce</td>
+       <td>CVE-2024-1037</td>
+       <td>2024-02-07 07:15:08 <img src="imgs/new.gif" /></td>
+       <td>The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1037">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ad96ad76adac6ecd5f0dc15e95a9ef0c</td>
+       <td>CVE-2024-0628</td>
+       <td>2024-02-07 07:15:07 <img src="imgs/new.gif" /></td>
+       <td>The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0628">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ff19707dae7e221c96f4a355eb00af83</td>
+       <td>CVE-2024-0256</td>
+       <td>2024-02-07 05:15:08 <img src="imgs/new.gif" /></td>
+       <td>The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0256">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>bc795570b54cf0d3e3b359d92bd3103c</td>
+       <td>CVE-2024-23447</td>
+       <td>2024-02-07 04:15:07 <img src="imgs/new.gif" /></td>
+       <td>An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23447">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>218903fcd473554d33c30a323e2f61b4</td>
+       <td>CVE-2024-23446</td>
+       <td>2024-02-07 04:15:07 <img src="imgs/new.gif" /></td>
+       <td>An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23446">详情</a></td>
+      </tr>
+
       <tr>
        <td>2df45c0cb18e42e7d9695723f4bdb75a</td>
        <td>CVE-2024-24680</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23917">详情</a></td>
       </tr>
 
-      <tr>
-       <td>2c936bb86963e5927e2ddbeacff334f8</td>
-       <td>CVE-2024-24112</td>
-       <td>2024-02-06 01:15:09 <img src="imgs/new.gif" /></td>
-       <td>xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-24112">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6af1dc5fcd1765fc57ae2df51e861ab9</td>
-       <td>CVE-2024-22773</td>
-       <td>2024-02-06 01:15:09 <img src="imgs/new.gif" /></td>
-       <td>Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22773">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>816378b4e384e2a05c7a016a2aa5ae01</td>
-       <td>CVE-2024-0244</td>
-       <td>2024-02-06 01:15:09 <img src="imgs/new.gif" /></td>
-       <td>Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0244">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e1b6dea4ef26f253594cc208baf0ecb0</td>
-       <td>CVE-2023-6234</td>
-       <td>2024-02-06 01:15:09 <img src="imgs/new.gif" /></td>
-       <td>Buffer overflow in CPCA Color LUT Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6234">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>68cab3521dc986e98e5d2e396905c3e8</td>
-       <td>CVE-2023-6233</td>
-       <td>2024-02-06 01:15:08 <img src="imgs/new.gif" /></td>
-       <td>Buffer overflow in SLP attribute request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6233">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c72fc586126b39b1172008c872d6c90e</td>
-       <td>CVE-2023-6232</td>
-       <td>2024-02-06 01:15:08 <img src="imgs/new.gif" /></td>
-       <td>Buffer overflow in the Address Book username process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6232">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>cfe6dc6c60e99337208dada23cb904eb</td>
-       <td>CVE-2023-6231</td>
-       <td>2024-02-06 01:15:08 <img src="imgs/new.gif" /></td>
-       <td>Buffer overflow in WSD probe request process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6231">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9e48093b6674cc0f04fd7e6a9f549a31</td>
-       <td>CVE-2023-6230</td>
-       <td>2024-02-06 01:15:08 <img src="imgs/new.gif" /></td>
-       <td>Buffer overflow in the Address Book password process in authentication of Mobile Device Function of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6230">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9357aec6efb04547cb00d3a59bc283b7</td>
-       <td>CVE-2023-6229</td>
-       <td>2024-02-06 01:15:08 <img src="imgs/new.gif" /></td>
-       <td>Buffer overflow in CPCA PDL Resource Download process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*: Satera LBP670C Series/Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS LBP674C/Color imageCLASS X LBP1333C/Color imageCLASS MF750C Series/Color imageCLASS X MF1333C Series firmware v03.07 and earlier sold in US. i-SENSYS LBP673Cdw/C1333P/i-SENSYS MF750C Series/C1333i Series firmware v03.07 and earlier sold in Europe.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-6229">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>89d95442035ad7cc57063cf87727d903</td>
-       <td>CVE-2023-47889</td>
-       <td>2024-02-06 01:15:08 <img src="imgs/new.gif" /></td>
-       <td>The Android application BINHDRM26 com.bdrm.superreboot 1.0.3, exposes several critical actions through its exported broadcast receivers. These exposed actions can allow any app on the device to send unauthorized broadcasts, leading to unintended consequences. The vulnerability is particularly concerning because these actions include powering off, system reboot & entering recovery mode.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-47889">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>