Updated by Github Bot

EXP-Tools · Dec 5, 2024 · b41eda4 · b41eda4
1 parent 6d4ac23
commit b41eda4
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -112,3 +112,13 @@ d30a6a0a871c08efe722fa0218fa92fe
 2e70d46367c2fe2fd630bfe42ed30405
 f1290c5f5300021600825d693b2501cb
 7450e61446c158e6a5881d1fb9cab4e6
+7f913b82a9b467fdb93896a4e62811a1
+196eaebd9324489dbe9dfd9732d47714
+6ecc1d40ea51e77806cad8a22dee377b
+55ae0fafd1fe575167a6c2f916098840
+a2bdb9c8ab4904e6a27e2a1967884f3b
+64c2c9aa002b51e83ea404fce0f389d1
+eb7c6200ba263f22100c4816f1faf697
+cb28458ea029ad39f81a40e6dca08ec5
+fcaeab97fabd17b452ed7e628198d326
+1ac70b177b71e31b7e8851604c75ba38
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-12-05 09:27:20 -->
+<!-- RELEASE TIME : 2024-12-05 15:28:57 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>7f913b82a9b467fdb93896a4e62811a1</td>
+       <td>CVE-2024-52270</td>
+       <td>2024-12-05 11:15:06 <img src="imgs/new.gif" /></td>
+       <td>User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-52270">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>196eaebd9324489dbe9dfd9732d47714</td>
+       <td>CVE-2024-52564</td>
+       <td>2024-12-05 10:31:40 <img src="imgs/new.gif" /></td>
+       <td>Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-52564">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6ecc1d40ea51e77806cad8a22dee377b</td>
+       <td>CVE-2024-47133</td>
+       <td>2024-12-05 10:31:40 <img src="imgs/new.gif" /></td>
+       <td>UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47133">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>55ae0fafd1fe575167a6c2f916098840</td>
+       <td>CVE-2024-45841</td>
+       <td>2024-12-05 10:31:40 <img src="imgs/new.gif" /></td>
+       <td>Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45841">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a2bdb9c8ab4904e6a27e2a1967884f3b</td>
+       <td>CVE-2024-11779</td>
+       <td>2024-12-05 10:31:39 <img src="imgs/new.gif" /></td>
+       <td>The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11779">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>64c2c9aa002b51e83ea404fce0f389d1</td>
+       <td>CVE-2024-11420</td>
+       <td>2024-12-05 10:31:39 <img src="imgs/new.gif" /></td>
+       <td>The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11420">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>eb7c6200ba263f22100c4816f1faf697</td>
+       <td>CVE-2024-11341</td>
+       <td>2024-12-05 10:31:39 <img src="imgs/new.gif" /></td>
+       <td>The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11341">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>cb28458ea029ad39f81a40e6dca08ec5</td>
+       <td>CVE-2024-11324</td>
+       <td>2024-12-05 10:31:39 <img src="imgs/new.gif" /></td>
+       <td>The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11324">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fcaeab97fabd17b452ed7e628198d326</td>
+       <td>CVE-2024-10848</td>
+       <td>2024-12-05 10:31:39 <img src="imgs/new.gif" /></td>
+       <td>The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10848">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>1ac70b177b71e31b7e8851604c75ba38</td>
+       <td>CVE-2024-10777</td>
+       <td>2024-12-05 10:31:38 <img src="imgs/new.gif" /></td>
+       <td>The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10777">详情</a></td>
+      </tr>
+
       <tr>
        <td>b803b349c35d632b3cf6a7dba45ceba0</td>
        <td>CVE-2024-52277</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11853">详情</a></td>
       </tr>
 
-      <tr>
-       <td>9eef9e4c58ecb068948eedfd18f8b78e</td>
-       <td>CVE-2024-43053</td>
-       <td>2024-12-02 11:15:09</td>
-       <td>Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-43053">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>5d2fd953cf563cc88c8eb541f69d5c21</td>
-       <td>CVE-2024-43052</td>
-       <td>2024-12-02 11:15:09</td>
-       <td>Memory corruption while processing API calls to NPU with invalid input.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-43052">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4a3c6c69747353b7a2ed58e027918e77</td>
-       <td>CVE-2024-43050</td>
-       <td>2024-12-02 11:15:09</td>
-       <td>Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-43050">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>7b23dc8ca4111c4d46777f9773150cf2</td>
-       <td>CVE-2024-43049</td>
-       <td>2024-12-02 11:15:09</td>
-       <td>Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-43049">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>671f6d434e1a923bd4561520534095a7</td>
-       <td>CVE-2024-43048</td>
-       <td>2024-12-02 11:15:08</td>
-       <td>Memory corruption when invalid input is passed to invoke GPU Headroom API call.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-43048">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a1e78aae0651da44c30a1c0f51992e0b</td>
-       <td>CVE-2024-33063</td>
-       <td>2024-12-02 11:15:08</td>
-       <td>Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33063">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3ddfd47183b9acce752bfdd61c3e799a</td>
-       <td>CVE-2024-33056</td>
-       <td>2024-12-02 11:15:08</td>
-       <td>Memory corruption when allocating and accessing an entry in an SMEM partition continuously.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33056">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f9b92434cf1c7361c700ba14eaddb396</td>
-       <td>CVE-2024-33053</td>
-       <td>2024-12-02 11:15:08</td>
-       <td>Memory corruption when multiple threads try to unregister the CVP buffer at the same time.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33053">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>97634203bad4b5af5e5af844a10ce76b</td>
-       <td>CVE-2024-33044</td>
-       <td>2024-12-02 11:15:08</td>
-       <td>Memory corruption while Configuring the SMR/S2CR register in Bypass mode.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33044">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>730ac473f60e953c00b3ef0bf4501f3c</td>
-       <td>CVE-2024-33040</td>
-       <td>2024-12-02 11:15:08</td>
-       <td>Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33040">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>