diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 770cd67f149..fa2a0811531 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -114,3 +114,13 @@ efe5b646d149e1497b3247d438943c74 d00c85106435c8b064ff7060c2a05bca 06abad314c9adc4600cd71a737d1f809 1ce281c2bf7a9a8c530cc00a8e7b4af2 +0d7702fa19878b8f679150c2a3504ad2 +02f4ca78bb320aa57f87800817fc3f04 +3b852810ce3bab0aab5cd74887324a89 +d54be91eb19efd0a0bd48dcf889c1407 +c301665be5d7b2ece02ebcd165e9d487 +2f9ca5fed1b884026ed3c455b25e8b03 +1ec3e0a8dca3eaf3626329079e887462 +99d247a2d1ae6bbd0db1f0eb2338ea79 +23be4d6a1399e312e5914e9a0685f00a +bcbdded623b2b96216d0913115198640 diff --git a/data/cves.db b/data/cves.db index 81732d08119..b1496bf9d94 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index ca1ba5ae270..8ce65103c43 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 0d7702fa19878b8f679150c2a3504ad2 + CVE-2024-8573 + 2024-09-08 10:15:01 + A vulnerability, which was classified as critical, was found in TOTOLINK AC1200 T8 and AC1200 T10 4.1.5cu.861_B20230220/4.1.8cu.5207. This affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument desc leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 02f4ca78bb320aa57f87800817fc3f04 + CVE-2024-8572 + 2024-09-08 08:15:13 + A vulnerability was found in Gouniverse GoLang CMS 1.4.0. It has been declared as problematic. This vulnerability affects the function PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.4.1 is able to address this issue. The patch is identified as 3e661cdfb4beeb9fe2ad507cdb8104c0b17d072c. It is recommended to upgrade the affected component. + 详情 + + + + 3b852810ce3bab0aab5cd74887324a89 + CVE-2024-8571 + 2024-09-08 08:15:13 + A vulnerability was found in erjemin roll_cms up to 1484fe2c4e0805946a7bcf46218509fcb34883a9. It has been classified as problematic. This affects an unknown part of the file roll_cms/roll_cms/views.py. The manipulation leads to information exposure through error message. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. + 详情 + + + + d54be91eb19efd0a0bd48dcf889c1407 + CVE-2024-8570 + 2024-09-08 07:15:01 + A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /inccatadd.php. The manipulation of the argument title leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. + 详情 + + + + c301665be5d7b2ece02ebcd165e9d487 + CVE-2024-6928 + 2024-09-08 06:15:02 + The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. + 详情 + + + + 2f9ca5fed1b884026ed3c455b25e8b03 + CVE-2024-6925 + 2024-09-08 06:15:02 + The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. + 详情 + + + + 1ec3e0a8dca3eaf3626329079e887462 + CVE-2024-6924 + 2024-09-08 06:15:02 + The TrueBooker WordPress plugin before 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. + 详情 + + + + 99d247a2d1ae6bbd0db1f0eb2338ea79 + CVE-2024-6859 + 2024-09-08 06:15:02 + The WP MultiTasking WordPress plugin through 0.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks + 详情 + + + + 23be4d6a1399e312e5914e9a0685f00a + CVE-2024-6856 + 2024-09-08 06:15:02 + The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack + 详情 + + + + bcbdded623b2b96216d0913115198640 + CVE-2024-6855 + 2024-09-08 06:15:02 + The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating exit popups, which could allow attackers to make logged admins perform such action via a CSRF attack + 详情 + + d7ef48ca2dbfd48f6ed83c1d06e3d7ef CVE-2024-8538 @@ -334,7 +414,7 @@

眈眈探求 | + 2024-09-06 22:15:02 Rejected reason: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the issue does not pose a security risk as it falls within the expected functionality and security controls of the application. 详情 @@ -342,7 +422,7 @@

眈眈探求 | + 2024-09-06 22:15:02 RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php. 详情 @@ -350,7 +430,7 @@

眈眈探求 | + 2024-09-06 22:15:02 RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php. 详情 @@ -358,7 +438,7 @@

眈眈探求 | + 2024-09-06 22:15:02 RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php. 详情 @@ -366,7 +446,7 @@

眈眈探求 | + 2024-09-06 09:15:03 In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is tight. The way to reproduce this issue: 1. Use 1600x900 to display on host 2. Mount ISO through 'Virtual media' on OpenBMC's web 3. Run script as below on host to do sha continuously #!/bin/bash while [ [1] ]; do find /media -type f -printf '"%h/%f"\n' | xargs sha256sum done 4. Open KVM on OpenBMC's web The size of macro block captured is 8x8. Therefore, we should make sure the height of src-buf is 8 aligned to fix this issue. 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2024-09-06 09:15:02 In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()") 详情 @@ -382,7 +462,7 @@

眈眈探求 | + 2024-09-06 07:15:03 The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings and forms. 详情 @@ -390,7 +470,7 @@

眈眈探求 | + 2024-09-06 07:15:03 The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment’ attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -398,7 +478,7 @@

眈眈探求 | + 2024-09-06 07:15:03 The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit. 详情 @@ -406,7 +486,7 @@

眈眈探求 | + 2024-09-06 07:15:02 The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. 详情 @@ -414,7 +494,7 @@

眈眈探求 | + 2024-09-06 06:15:02 The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page. 详情 @@ -422,7 +502,7 @@

眈眈探求 | + 2024-09-06 05:15:13 tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical. 详情 @@ -430,7 +510,7 @@

眈眈探求 | + 2024-09-06 05:15:13 Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure. 详情 @@ -438,91 +518,11 @@

眈眈探求 | + 2024-09-06 05:15:13 Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. 详情 - - b287915f41e51da29950425b9111220e - CVE-2024-6929 - 2024-09-05 10:15:03 - The Dynamic Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dfiFeatured’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 11daf155960d50d694ef3a84124e2380 - CVE-2024-6894 - 2024-09-05 10:15:03 - The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 40b37271ec8f930e4c22ccc8d2c296cc - CVE-2024-6332 - 2024-09-05 10:15:02 - The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version. - 详情 - - - - 118c30f85a0f1dbc8f3c089552742821 - CVE-2024-8363 - 2024-09-05 09:15:04 - The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - 4187510ba71a48716a9609e4014f76b0 - CVE-2024-5309 - 2024-09-05 09:15:04 - The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12. - 详情 - - - - f25949e50ddec6eadba7ec6f3059d692 - CVE-2024-45107 - 2024-09-05 09:15:03 - Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. - 详情 - - - - df7cac17a06de699bf104c64cba85871 - CVE-2024-6835 - 2024-09-05 07:15:02 - The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form - 详情 - - - - 1f08b620eef0fbdcfe792ed5e917e8d4 - CVE-2024-6846 - 2024-09-05 06:15:03 - The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs - 详情 - - - - c8d7a97613cda1d8609a4939062f1ac2 - CVE-2024-8178 - 2024-09-05 05:15:13 - The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. - 详情 - - - - b95d09d924b393a77616f0fc9fd596ea - CVE-2024-45063 - 2024-09-05 05:15:13 - The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. - 详情 - -