Updated by Github Bot

EXP-Tools · Aug 29, 2024 · daa8453 · daa8453
1 parent 3fcf0e8
commit daa8453
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -114,3 +114,13 @@ d33b1a4c2b1373e5ddb77bc669a41c4e
 1625c4f1a67bc62ade9948e9502c70c4
 4f6db5aff6372dcf6a308f0476921826
 07a4cf151afc74e5513c7fbc4f96cdf6
+ca2b89001dd1fd2fb2f81f13f78a3e17
+d3c1668362fb12bff7de0ce900102826
+4dc6bcb8bda58ec951619cc1774f4abc
+e3761ffe21fd440ec3c6fe24367dec71
+b2a7692fa36eddbcf3bdae4983684acb
+d0024d5daf466a87f2fc5426879b6222
+4c1cd813c489aaf4f4b49030621ca161
+0069c99b1c99cf7eb0199a9718fb3b6b
+77a00201cacf88e4851f4af1acb0c181
+95651df0dc5ef6181f1ea4171ea0726e
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-08-29 01:39:56 -->
+<!-- RELEASE TIME : 2024-08-29 12:42:43 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>ca2b89001dd1fd2fb2f81f13f78a3e17</td>
+       <td>CVE-2024-4428</td>
+       <td>2024-08-29 07:49:03 <img src="imgs/new.gif" /></td>
+       <td>Improper Privilege Management vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4428">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d3c1668362fb12bff7de0ce900102826</td>
+       <td>CVE-2024-43700</td>
+       <td>2024-08-29 07:36:13 <img src="imgs/new.gif" /></td>
+       <td>xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-43700">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4dc6bcb8bda58ec951619cc1774f4abc</td>
+       <td>CVE-2024-7132</td>
+       <td>2024-08-29 06:00:03 <img src="imgs/new.gif" /></td>
+       <td>The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of post embed via one of its block, which could allow users with the capability to publish posts (editor and admin by default) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7132">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>e3761ffe21fd440ec3c6fe24367dec71</td>
+       <td>CVE-2024-6927</td>
+       <td>2024-08-29 06:00:03 <img src="imgs/new.gif" /></td>
+       <td>The Viral Signup WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6927">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b2a7692fa36eddbcf3bdae4983684acb</td>
+       <td>CVE-2024-5417</td>
+       <td>2024-08-29 06:00:02 <img src="imgs/new.gif" /></td>
+       <td>The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5417">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d0024d5daf466a87f2fc5426879b6222</td>
+       <td>CVE-2024-7607</td>
+       <td>2024-08-29 05:30:57 <img src="imgs/new.gif" /></td>
+       <td>The Front End Users plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 3.2.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7607">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4c1cd813c489aaf4f4b49030621ca161</td>
+       <td>CVE-2024-5987</td>
+       <td>2024-08-29 05:30:57 <img src="imgs/new.gif" /></td>
+       <td>The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_variations' functions in all versions up to, and including, 0.6.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to edit or delete contrast settings. Please note these issues were patched in 0.6.2.8, though it broke functionality and the vendor has not responded to our follow-ups.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5987">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>0069c99b1c99cf7eb0199a9718fb3b6b</td>
+       <td>CVE-2024-3944</td>
+       <td>2024-08-29 05:30:56 <img src="imgs/new.gif" /></td>
+       <td>The WP To Do plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3944">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>77a00201cacf88e4851f4af1acb0c181</td>
+       <td>CVE-2024-7606</td>
+       <td>2024-08-29 05:30:55 <img src="imgs/new.gif" /></td>
+       <td>The Front End Users plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'user-search' shortcode in all versions up to, and including, 3.2.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7606">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>95651df0dc5ef6181f1ea4171ea0726e</td>
+       <td>CVE-2024-38303</td>
+       <td>2024-08-29 04:34:53 <img src="imgs/new.gif" /></td>
+       <td>Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38303">详情</a></td>
+      </tr>
+
       <tr>
        <td>649c6eac2ff9f980daeae5055b7894e4</td>
        <td>CVE-2024-8229</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7989">详情</a></td>
       </tr>
 
-      <tr>
-       <td>3afa4415e3e41f954cfd788b9d277f13</td>
-       <td>CVE-2024-45256</td>
-       <td>2024-08-26 07:15:04</td>
-       <td>An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0 allows attackers to overwrite SQLite databases and bypass authentication via an unauthenticated HTTP request with a crafted parameter. This occurs in file_add in api/files/routes.py.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45256">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>30f4302ba68fdecc9f0893e3164d8c8c</td>
-       <td>CVE-2024-45241</td>
-       <td>2024-08-26 07:15:04</td>
-       <td>A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-45241">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>bee58eeef1a411ec3430c3a9c423036e</td>
-       <td>CVE-2024-43884</td>
-       <td>2024-08-26 07:11:58</td>
-       <td>In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the function.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-43884">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3edbb048c2bb1e0f6d58e41183342a24</td>
-       <td>CVE-2024-7313</td>
-       <td>2024-08-26 06:15:04</td>
-       <td>The Shield Security WordPress plugin before 20.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7313">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>86c4c75e90d9b33ec448fc8c747fdd9e</td>
-       <td>CVE-2024-6879</td>
-       <td>2024-08-26 06:15:04</td>
-       <td>The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting (XSS) attacks.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6879">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>af72d6906b2a0899f6ea9a399d752b80</td>
-       <td>CVE-2024-41996</td>
-       <td>2024-08-26 06:15:04</td>
-       <td>Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-41996">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ceecaa640f5a9fd618c5460f7f2beb44</td>
-       <td>CVE-2024-8073</td>
-       <td>2024-08-26 03:15:03</td>
-       <td>Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8073">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>78d7f2f76b2b677cd653ebf24d14dafb</td>
-       <td>CVE-2024-8155</td>
-       <td>2024-08-25 23:15:04</td>
-       <td>A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseController#tree of the file /api/system/dept/tree?sort=parentId%2Casc&sort=sort%2Casc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8155">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>db1fa069b3353b157fdc1f4b58f0aa4a</td>
-       <td>CVE-2024-8154</td>
-       <td>2024-08-25 23:15:03</td>
-       <td>A vulnerability classified as problematic has been found in SourceCodester QR Code Bookmark System 1.0. Affected is an unknown function of the file /endpoint/update-bookmark.php of the component Parameter Handler. The manipulation of the argument tbl_bookmark_id/name/url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8154">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1a1cffcd263ec92bb04faeda9dc530ef</td>
-       <td>CVE-2024-8153</td>
-       <td>2024-08-25 23:15:03</td>
-       <td>A vulnerability was found in SourceCodester QR Code Bookmark System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/delete-bookmark.php. The manipulation of the argument bookmark leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8153">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>