Updated by Github Bot

EXP-Tools · Dec 5, 2024 · b8f813f · b8f813f
1 parent 4bd731e
commit b8f813f
Show file tree

Hide file tree

Showing 3 changed files with 146 additions and 131 deletions.
diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat
@@ -110,3 +110,18 @@ dbc0913696cafec13a47c2dee27cd8c2
 58a8e6a03cc3086fb513c0bd4fe5f289
 b3d7ea8a0b0204b196a0a464e66f73de
 4d285100b27bd8f04b467bda616fa0ff
+7814029b14f351fdde4330d8ccd01c24
+c18f77010460fa75a05e834d6ff8dd3d
+945718d7b5462d88a6870eb6d5db0498
+a8a95473373cf1ae794ff5e7086880f0
+fd61514e58689180051990cae22c35d9
+0a23ff6171b29396f0cb71b9538947db
+c9fbfe2950091bc2284dc48c34dff8e8
+f0e5e6d1e7d83e00a9fbe69d5c60dfca
+d91440307dcccc509b9c7febb08006ad
+da683e95470c336767715ac6f5680b2d
+f68416098fba9ea10df4a975852eaa3f
+c55178da0d071073d36ef2930ae7bff5
+15fd12608509466434284ab873b83488
+7d1b5152dc9b57973d531bf732a29fa5
+bae391c3fcd81f351570cecbee24eb6a
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-12-04 15:27:27 -->
+<!-- RELEASE TIME : 2024-12-05 03:39:01 -->
 <html lang="zh-cn">
 
  <head>
@@ -366,79 +366,79 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>bb2e9775a85894d4704f09c64d2bc95f</td>
        <td>CVE-2024-11326</td>
-       <td>2024-12-03 11:15:04 <img src="imgs/new.gif" /></td>
+       <td>2024-12-03 11:15:04</td>
        <td>The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11326">详情</a></td>
       </tr>
 
       <tr>
        <td>c27ec759246c4b6143afe6abd150e22f</td>
        <td>CVE-2024-47476</td>
-       <td>2024-12-03 10:15:05 <img src="imgs/new.gif" /></td>
+       <td>2024-12-03 10:15:05</td>
        <td>Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47476">详情</a></td>
       </tr>
 
       <tr>
        <td>cb145d1279d502a58f6f11b4c0d9f3c5</td>
        <td>CVE-2024-45106</td>
-       <td>2024-12-03 10:15:05 <img src="imgs/new.gif" /></td>
+       <td>2024-12-03 10:15:05</td>
        <td>Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false. * The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators. Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45106">详情</a></td>
       </tr>
 
       <tr>
        <td>37ff2a3069cb370b4eae6a7f82582f40</td>
        <td>CVE-2024-12062</td>
-       <td>2024-12-03 10:15:05 <img src="imgs/new.gif" /></td>
+       <td>2024-12-03 10:15:05</td>
        <td>The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12062">详情</a></td>
       </tr>
 
       <tr>
        <td>e35683925b14e304537319db4fa9a916</td>
        <td>CVE-2024-11782</td>
-       <td>2024-12-03 10:15:05 <img src="imgs/new.gif" /></td>
+       <td>2024-12-03 10:15:05</td>
        <td>The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11782">详情</a></td>
       </tr>
 
       <tr>
        <td>55fd43999d4154b2f038abd3713f1a31</td>
        <td>CVE-2024-11325</td>
-       <td>2024-12-03 10:15:05 <img src="imgs/new.gif" /></td>
+       <td>2024-12-03 10:15:05</td>
        <td>The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11325">详情</a></td>
       </tr>
 
       <tr>
        <td>78eea2bbebfac7d693f56b959ac8c805</td>
        <td>CVE-2024-11866</td>
-       <td>2024-12-03 09:15:05 <img src="imgs/new.gif" /></td>
+       <td>2024-12-03 09:15:05</td>
        <td>The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_tabbed_map' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11866">详情</a></td>
       </tr>
 
       <tr>
        <td>dab11fa1400700787b766753e088e193</td>
        <td>CVE-2024-11844</td>
-       <td>2024-12-03 09:15:04 <img src="imgs/new.gif" /></td>
+       <td>2024-12-03 09:15:04</td>
        <td>The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the "boards" taxonomy.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11844">详情</a></td>
       </tr>
 
       <tr>
        <td>a8e87a5c7cd45c454e29bffc4b5bf64f</td>
        <td>CVE-2024-11898</td>
-       <td>2024-12-03 08:15:06 <img src="imgs/new.gif" /></td>
+       <td>2024-12-03 08:15:06</td>
        <td>The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swin-campaign' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11898">详情</a></td>
       </tr>
 
       <tr>
        <td>b2f96993ae3781ad684605ac69f217d3</td>
        <td>CVE-2024-11853</td>
-       <td>2024-12-03 08:15:06 <img src="imgs/new.gif" /></td>
+       <td>2024-12-03 08:15:06</td>
        <td>The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11853">详情</a></td>
       </tr>
@@ -1987,6 +1987,126 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>7814029b14f351fdde4330d8ccd01c24</td>
+       <td>CVE-2024-31835</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>FlatPress跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107546">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c18f77010460fa75a05e834d6ff8dd3d</td>
+       <td>CVE-2024-42514</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>Mitel MiContact Center Business信息泄露漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107545">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>945718d7b5462d88a6870eb6d5db0498</td>
+       <td>CVE-2024-46079</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>Scriptcase跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107544">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a8a95473373cf1ae794ff5e7086880f0</td>
+       <td>CVE-2024-45999</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>Peter Goodhall Cloudlog SQL注入漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107543">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fd61514e58689180051990cae22c35d9</td>
+       <td>CVE-2024-9411</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>OFSoft OFCMS跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107542">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>0a23ff6171b29396f0cb71b9538947db</td>
+       <td>CVE-2024-9423</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>HP LaserJet Printers拒绝服务漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107541">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c9fbfe2950091bc2284dc48c34dff8e8</td>
+       <td>CVE-2024-20515</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>Cisco Identity Services Engine信息泄露漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107540">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f0e5e6d1e7d83e00a9fbe69d5c60dfca</td>
+       <td>CVE-2024-20393</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>Cisco Small Business多款产品信息泄露漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107539">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d91440307dcccc509b9c7febb08006ad</td>
+       <td>CVE-2024-7315</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin WPvivid信息泄露漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107538">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>da683e95470c336767715ac6f5680b2d</td>
+       <td>CVE-2024-9333</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>M-Files Connector访问绕过漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107537">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f68416098fba9ea10df4a975852eaa3f</td>
+       <td>CVE-2024-8254</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Email Subscribers by Icegram Express代码注入漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107536">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c55178da0d071073d36ef2930ae7bff5</td>
+       <td>CVE-2024-8800</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin RabbitLoader反射型跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107535">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>15fd12608509466434284ab873b83488</td>
+       <td>CVE-2024-8967</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin PWA — easy way to Progressive Web App存储型跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107534">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>7d1b5152dc9b57973d531bf732a29fa5</td>
+       <td>CVE-2024-9172</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Demo Importer Plus跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107533">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>bae391c3fcd81f351570cecbee24eb6a</td>
+       <td>CVE-2024-9222</td>
+       <td>2024-12-05 03:36:55 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Paid Membership Subscriptions跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107532">详情</a></td>
+      </tr>
+
       <tr>
        <td>a3be5a2e3da1785f58036036e6e8f402</td>
        <td>CVE-2024-10543</td>
@@ -2107,126 +2227,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107477">详情</a></td>
       </tr>
 
-      <tr>
-       <td>129a5f999f19b2c690c08769223302bf</td>
-       <td>CVE-2024-52020</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>NETGEAR R8500命令注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107394">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d4d3e0a2ebadbb45b8f2aa1f7c1a687a</td>
-       <td>CVE-2023-29120</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>Enel X Waybox操作系统命令注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107393">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2e2d734e701b82e0a318a8d93b845311</td>
-       <td>CVE-2024-49522</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>Adobe Substance 3D Painter越界写入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107392">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f7ba5d97a716f43411f8a004436664cc</td>
-       <td>CVE-2024-51362</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>LSC Smart Connect Indoor IP Camera信息泄露漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107391">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>147fe9cb59e6f705f4f916c2b898a49e</td>
-       <td>CVE-2024-51023</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>D-Link DIR_823G命令注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107390">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>95706a76c7363b44c03a4923f566b359</td>
-       <td>CVE-2024-51024</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>D-Link DIR_823G命令注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107389">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>cd0d059ea80f2892d504665b7a893483</td>
-       <td>CVE-2024-49377</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>OctoPrint跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107388">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4b55fce5f5ca9d74dd0eac2978b312e8</td>
-       <td>CVE-2024-49773</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>SuiteCRM SQL注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107387">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c5212850893fd7f7f2e3692e152a137f</td>
-       <td>CVE-2024-50335</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>SuiteCRM跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107386">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f798b76651f3ba259a71cd2395b9f0d1</td>
-       <td>CVE-2024-0134</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>NVIDIA Container Toolkit和NVIDIA GPU Operator UNIX符号链接漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107385">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2d2fe58155760ea2c1def184dc0b3b08</td>
-       <td>CVE-2023-29118</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>Enel X Waybox SQL注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107384">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3d27c7c3e6f1fe77e94147142f1c6308</td>
-       <td>CVE-2023-29126</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>Enel X Waybox PHP类型欺骗漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107383">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>55ccb74233bf64196dfdaba80f38bfee</td>
-       <td>CVE-2024-51015</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>NETGEAR R7000P命令注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107382">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b833f17140d10529bd4a01ef15cae2f1</td>
-       <td>CVE-2024-52023</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>NETGEAR多款产品堆栈溢出漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107381">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>56a21ab913beae9f6145e1aa21a2dc33</td>
-       <td>CVE-2024-52029</td>
-       <td>2024-12-03 12:47:01 <img src="imgs/new.gif" /></td>
-       <td>NETGEAR R7000P堆栈溢出漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/107380">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>