diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat index 5ab30e20583..1dd9823f021 100644 --- a/cache/Nsfocus.dat +++ b/cache/Nsfocus.dat @@ -123,3 +123,18 @@ d6ab038604fd4f556e31d1222a09064c 381b4edd5b4665d42a26b32a2adb84ac 79f502561fabb0fe2ceb41cb78da3cf7 eeb7ad500cf01ce29d668962caebb99b +785609b855037016203b339580898cdb +274fa10bd580253ab695116c935f8b97 +b645eebc7781ea33d73b1acdf7695a85 +a3c833b17d62be767c27b5cc9d537f5d +375e01960d3359eff395c1b4761491e7 +6717f570659d9ef3153ab5b9f3f2d321 +4b93b4d02f6a1676117eeb61f695dec6 +b4a1d09f19a55dbe6c8a43dba6e9889b +b51053e96c32f583391c8d9beca9bf2e +ea5b71f01febbaf9622f4273e9e1ee6c +9b60afadacd5804fed9144b6da02129b +bc1707698ebb4457eddfe3149b8725da +721621ce53e2c0745b3b07a68e489c40 +17d9b05f947502d93e9cc946131c1c42 +1de2184b73f340404b425bc386c189db diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 2946f110ffb..edd5def8bfe 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -102,3 +102,13 @@ c554c2552fb0751135556e07cace2ebd ff2458d88815b9c325b6ba0219aa4b35 8e4f8785f0b10a512ed39eaa8824e7fb 751e37859fc07200503fe96ccad8a928 +9b86bf105d42fefbd759e5b2698a72b5 +6875d3bdfe5bb1ac331afacfaa8a2518 +b656d22e6fe4af76692760c3eed82920 +93da909fddaa5e3e25c9ada243fd7183 +4d63aa657dc702eded55c67245ad16e3 +b6a82d25410f1e429cd76556eb7792e7 +706c62e11f9af8583999354bb68d95be +ad0456891122afde0cde5162a4f11325 +7ef143f98cb9eda14c112e31dc080d5d +1e7d5e4f96b1a90fb7d1a1af59045e9f diff --git a/data/cves.db b/data/cves.db index 460edff4048..1e25be996c2 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 8f6a7c6b557..a793fc5701b 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 9b86bf105d42fefbd759e5b2698a72b5 + CVE-2024-7781 + 2024-09-26 05:15:12 + The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. This is due to improper authentication via the Social Login widget. This makes it possible for unauthenticated attackers to log in as the first user to have logged in with a social media account, including administrator accounts. Attackers can exploit the vulnerability even if the Social Login element has been disabled, as long as it was previously enabled and used. The vulnerability was partially patched in version 4.7.5, and fully patched in version 4.7.8. + 详情 + + + + 6875d3bdfe5bb1ac331afacfaa8a2518 + CVE-2024-7772 + 2024-09-26 05:15:12 + The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. + 详情 + + + + b656d22e6fe4af76692760c3eed82920 + CVE-2024-45836 + 2024-09-26 05:15:12 + Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user. + 详情 + + + + 93da909fddaa5e3e25c9ada243fd7183 + CVE-2024-45372 + 2024-09-26 05:15:12 + MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc. + 详情 + + + + 4d63aa657dc702eded55c67245ad16e3 + CVE-2024-47045 + 2024-09-26 04:15:07 + User interface (UI) misrepresentation of critical information issue exists in multiple Home GateWay/Hikari Denwa routers provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION. If this vulnerability is exploited, an attacker who identified WAN-side IPv6 address may access the product's Device Setting page via WAN-side. Note that, affects products are also provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION, but the vulnerability only affects products subscribed and used in NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION areas. + 详情 + + + + b6a82d25410f1e429cd76556eb7792e7 + CVE-2023-52950 + 2024-09-26 04:15:06 + Missing encryption of sensitive data vulnerability in login component in Synology Active Backup for Business Agent before 2.7.0-3221 allows adjacent man-in-the-middle attackers to obtain user credential via unspecified vectors. + 详情 + + + + 706c62e11f9af8583999354bb68d95be + CVE-2023-52949 + 2024-09-26 04:15:06 + Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. + 详情 + + + + ad0456891122afde0cde5162a4f11325 + CVE-2023-52948 + 2024-09-26 04:15:06 + Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. + 详情 + + + + 7ef143f98cb9eda14c112e31dc080d5d + CVE-2023-52947 + 2024-09-26 04:15:06 + Missing authentication for critical function vulnerability in logout functionality in Synology Active Backup for Business Agent before 2.6.3-3101 allows local users to logout the client via unspecified vectors. The backup functionality will continue to operate and will not be affected by the logout. + 详情 + + + + 1e7d5e4f96b1a90fb7d1a1af59045e9f + CVE-2023-52946 + 2024-09-26 04:15:05 + Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in vss service component in Synology Drive Client before 3.5.0-16084 allows remote attackers to overwrite trivial buffers and crash the client via unspecified vectors. + 详情 + + cb4a266a4203b354953e8dd6f35f06d3 CVE-2024-8942 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - c43a5758fe553bb1e08f13838e762405 - CVE-2024-9088 - 2024-09-22 22:15:02 - A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument uname leads to buffer overflow. The exploit has been disclosed to the public and may be used. - 详情 - - - - e2884560bdff281b60e3248e531393b0 - CVE-2024-9087 - 2024-09-22 22:15:02 - A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /edit1.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. - 详情 - - - - 465f12faf56ab524b31a881295b51ae9 - CVE-2024-9086 - 2024-09-22 21:15:10 - A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well. - 详情 - - - - eed71244eced0b1e50eeae7d5c1c84b1 - CVE-2024-40703 - 2024-09-22 13:15:10 - IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive information in the form of an API key. An attacker could use this information to launch further attacks against affected applications. - 详情 - - - - 866c94648e6307c1c1f187fe2765c7f5 - CVE-2024-9084 - 2024-09-22 09:15:03 - A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file bbms.php. The manipulation of the argument fullname/age/bloodgroup/city/phno/gender as part of String leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. - 详情 - - - - b043849b7d4cf83dc49084cf3e8d118a - CVE-2024-9083 - 2024-09-22 09:15:02 - A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation of the argument txtfullname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. - 详情 - - - - 80b45712f0a8e34c29b90602dc24356d - CVE-2024-9085 - 2024-09-22 08:15:02 - A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions sid as affected paramater which is incorrect. - 详情 - - - - 054fd2be8405d36ad11fb0becb1f2077 - CVE-2024-9082 - 2024-09-22 08:15:02 - A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Users.phpf=save of the component User Creation Handler. The manipulation of the argument type with the input 1 leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. - 详情 - - - - 97fe8e79f8e7caba8f3a23df8d4dd021 - CVE-2024-9081 - 2024-09-22 07:15:11 - A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. - 详情 - - - - 5a063a479a26242c9463b1a803a1297c - CVE-2024-9080 - 2024-09-22 07:15:10 - A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. - 详情 - - @@ -1979,6 +1979,126 @@

眈眈探求 | TITLE URL + + 785609b855037016203b339580898cdb + CVE-2024-6599 + 2024-09-26 09:23:26 + WordPress Meks Video Importer Plugin未授权API密钥修改漏洞 + 详情 + + + + 274fa10bd580253ab695116c935f8b97 + CVE-2024-5555 + 2024-09-26 09:23:26 + WordPress Element Pack Elementor Addons Plugin跨站脚本漏洞 + 详情 + + + + b645eebc7781ea33d73b1acdf7695a85 + CVE-2024-5554 + 2024-09-26 09:23:26 + WordPress Element Pack Elementor Addons Plugin跨站脚本漏洞 + 详情 + + + + a3c833b17d62be767c27b5cc9d537f5d + CVE-2024-6504 + 2024-09-26 09:23:26 + Rapid7 InsightVM Console保护机制失败漏洞 + 详情 + + + + 375e01960d3359eff395c1b4761491e7 + CVE-2024-3242 + 2024-09-26 09:23:26 + WordPress Brizy – Page Builder Plugin任意文件上传漏洞 + 详情 + + + + 6717f570659d9ef3153ab5b9f3f2d321 + CVE-2024-6175 + 2024-09-26 09:23:26 + WordPress Booking Ultra Pro Appointments Booking Calenda未授权数据修改漏洞 + 详情 + + + + 4b93b4d02f6a1676117eeb61f695dec6 + CVE-2024-39173 + 2024-09-26 09:23:26 + calculator-boilerplate远程代码执行漏洞 + 详情 + + + + b4a1d09f19a55dbe6c8a43dba6e9889b + CVE-2024-20323 + 2024-09-26 09:23:26 + Cisco Intelligent Node (iNode) Software硬编码加密密钥使用漏洞 + 详情 + + + + b51053e96c32f583391c8d9beca9bf2e + CVE-2024-39682 + 2024-09-26 09:23:26 + WordPress Cooked Plugin HTML注入漏洞 + 详情 + + + + ea5b71f01febbaf9622f4273e9e1ee6c + CVE-2024-6705 + 2024-09-26 09:23:26 + WordPress RegLevel Plugin跨站脚本漏洞 + 详情 + + + + 9b60afadacd5804fed9144b6da02129b + CVE-2024-39090 + 2024-09-26 09:23:26 + Online Shopping Portal跨站请求伪造漏洞 + 详情 + + + + bc1707698ebb4457eddfe3149b8725da + CVE-2024-6164 + 2024-09-26 09:23:26 + WordPress Filter & Grids Plugin本地文件包含漏洞 + 详情 + + + + 721621ce53e2c0745b3b07a68e489c40 + CVE-2024-6455 + 2024-09-26 09:23:26 + WordPress ElementsKit Elementor addons Plugin信息泄露漏洞 + 详情 + + + + 17d9b05f947502d93e9cc946131c1c42 + CVE-2024-5997 + 2024-09-26 09:23:26 + WordPress Duplica Plugin未授权数据修改漏洞 + 详情 + + + + 1de2184b73f340404b425bc386c189db + CVE-2024-40642 + 2024-09-26 09:23:26 + netty-incubator-codec-ohttp输入验证错误漏洞 + 详情 + + 9ec813549ba3f618cdc08acbbe7fd27b CVE-2024-31394 @@ -2099,126 +2219,6 @@

眈眈探求 | 详情 - - 048b41b4debc34d43a382716cc4931e1 - CVE-2024-31979 - 2024-09-25 12:43:25 - Apache StreamPipes服务器端请求伪造漏洞 - 详情 - - - - d216f10ef7e5e03ec2c0fa1b68ab9699 - CVE-2024-39863 - 2024-09-25 12:43:25 - Apache Airflow跨站脚本漏洞 - 详情 - - - - 520c0d9e6706dd987d682062e2a8d783 - CVE-2024-39877 - 2024-09-25 12:43:25 - Apache Airflow代码注入漏洞 - 详情 - - - - e740c4a6af192d4a5f92a198e866e35c - CVE-2024-4443 - 2024-09-25 12:43:25 - WordPress plugin Business Directory Plugin SQL注入漏洞 - 详情 - - - - 3192a4432244b6de5979e1d2f0341cee - CVE-2024-35162 - 2024-09-25 12:43:25 - WordPress Plugin Download Plugins and Themes路径遍历漏洞 - 详情 - - - - e7630550b8f41444f3eca72e5d475b4f - CVE-2024-3611 - 2024-09-25 12:43:25 - WordPress plugin Toolbar Extras for Elementor存储型跨站脚本漏洞 - 详情 - - - - 9165fb00621c549c8fcc67b8c41bebac - CVE-2024-29737 - 2024-09-25 12:43:25 - streampark命令注入漏洞 - 详情 - - - - 43e17782445fed747b7e991df604346d - CVE-2024-36475 - 2024-09-25 12:43:25 - Century Systems FutureNet多款产品主动调试代码漏洞 - 详情 - - - - e39a676dfc5b7d01c1785eb8ac9cfa9f - CVE-2024-36491 - 2024-09-25 12:43:25 - Century Systems FutureNet多款产品操作系统命令注入漏洞 - 详情 - - - - c538905a91701eeac6821bd7e2152be4 - CVE-2024-40617 - 2024-09-25 12:43:25 - FUJITSU Network Edgiot GW1500路径遍历漏洞 - 详情 - - - - dbd4c473777ec38bbee8ffc487a0b3d4 - CVE-2024-31411 - 2024-09-25 12:43:25 - Apache StreamPipes危险类型文件不受限上传漏洞 - 详情 - - - - 04adf0f3584cc770f92e654066770812 - CVE-2024-27311 - 2024-09-25 12:43:25 - ZOHO ManageEngine DDI Central目录遍历漏洞 - 详情 - - - - 1938695484b752d95385a8074fe688f5 - CVE-2023-7272 - 2024-09-25 12:43:25 - Eclipse Parsson越界写入漏洞 - 详情 - - - - 0cc5d2332f9f86c1646068ec78244a65 - CVE-2024-23465 - 2024-09-25 12:43:25 - SolarWinds Access Rights Manager身份认证绕过漏洞 - 详情 - - - - 10bf73589aecf96421e80e8f3765ef9f - CVE-2024-23466 - 2024-09-25 12:43:25 - SolarWinds Access Rights Manager目录遍历漏洞 - 详情 - -