Updated by Github Bot

EXP-Tools · Apr 10, 2024 · ef97d5e · ef97d5e
1 parent d60d9ae
commit ef97d5e
Show file tree

Hide file tree

Showing 4 changed files with 101 additions and 81 deletions.
diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat
@@ -189,3 +189,13 @@ dafb16386b20c4f952a59324a1794c9d
 66b334bfb9d372d2b5a712d03604d5a2
 06dae91cce03929de2f6f8854a908e07
 8004391b8e1c96c641b8758acccdc10e
+32af80c7379d03f280183ba7acd8a84a
+6c6280fbe5c8cfbef31af96b7ff7b9cf
+723b16276e4986238185d5a03ddb1410
+45b0e8af3ac9f94758b4d8b511bb2ad3
+afc289db9b9066faf183dac3e560c45c
+7e3582e365dee6357d7fce8d7c2c21a9
+149da79d492c24db7ec6463a1d3ac512
+7a8916f10631d7ead78ff6a493fc982c
+de44e2b98b08d2e3f367c944039eb285
+165790f01c20e9f64aa46c00f19df258
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -184,3 +184,13 @@ b04503ac83847773e3c1913a29e3d53f
 bda0d0c8b970be70e8cfb0f831f0c387
 0e58afa56a2d326d843b06d379a76859
 8220ef4a0604d6d98fea2628e6433290
+5b04a3e27db944229f192131fe1caf90
+cdbe7700995e9888a647e8c1ae7d9e5d
+fc6d41a82e26c8569cb87356890f3624
+6cca780c86ce5fa125cd1ce5392903e1
+b43b364de3a6ebb5359192440d49ef1e
+3a56c25d315675184cadfedd77c1ea2e
+3f471ecf5f8dd2e5b932d7c9366e7b60
+c6c2b4de3819a8a9e164ce228bf5af3d
+da3606d440a3a32031edd55a2aaf4665
+6514fc5e7e0ac13c0aa1d2fe4b25f166
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-04-10 10:29:54 -->
+<!-- RELEASE TIME : 2024-04-10 23:24:04 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>5b04a3e27db944229f192131fe1caf90</td>
+       <td>CVE-2024-31944</td>
+       <td>2024-04-10 18:15:08 <img src="imgs/new.gif" /></td>
+       <td>Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31944">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>cdbe7700995e9888a647e8c1ae7d9e5d</td>
+       <td>CVE-2024-31943</td>
+       <td>2024-04-10 18:15:08 <img src="imgs/new.gif" /></td>
+       <td>Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31943">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fc6d41a82e26c8569cb87356890f3624</td>
+       <td>CVE-2024-31461</td>
+       <td>2024-04-10 18:15:07 <img src="imgs/new.gif" /></td>
+       <td>Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31461">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6cca780c86ce5fa125cd1ce5392903e1</td>
+       <td>CVE-2024-31242</td>
+       <td>2024-04-10 18:15:07 <img src="imgs/new.gif" /></td>
+       <td>Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31242">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b43b364de3a6ebb5359192440d49ef1e</td>
+       <td>CVE-2024-31230</td>
+       <td>2024-04-10 18:15:07 <img src="imgs/new.gif" /></td>
+       <td>Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31230">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3a56c25d315675184cadfedd77c1ea2e</td>
+       <td>CVE-2024-31214</td>
+       <td>2024-04-10 18:15:07 <img src="imgs/new.gif" /></td>
+       <td>Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it's not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31214">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3f471ecf5f8dd2e5b932d7c9366e7b60</td>
+       <td>CVE-2024-3570</td>
+       <td>2024-04-10 17:15:58 <img src="imgs/new.gif" /></td>
+       <td>A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to perform actions on behalf of the user, such as creating a new admin account or changing the user's password, leading to a complete takeover of the AnythingLLM application. The vulnerability stems from the improper sanitization of user and ChatBot input, specifically through the use of `dangerouslySetInnerHTML`. Successful exploitation requires convincing an admin to add a malicious LocalAI ChatBot to their AnythingLLM instance.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3570">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c6c2b4de3819a8a9e164ce228bf5af3d</td>
+       <td>CVE-2024-3569</td>
+       <td>2024-04-10 17:15:58 <img src="imgs/new.gif" /></td>
+       <td>A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3569">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>da3606d440a3a32031edd55a2aaf4665</td>
+       <td>CVE-2024-3568</td>
+       <td>2024-04-10 17:15:58 <img src="imgs/new.gif" /></td>
+       <td>The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3568">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6514fc5e7e0ac13c0aa1d2fe4b25f166</td>
+       <td>CVE-2024-3388</td>
+       <td>2024-04-10 17:15:57 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3388">详情</a></td>
+      </tr>
+
       <tr>
        <td>64c99d4e452f362d5321dbc16228f326</td>
        <td>CVE-2024-3545</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31447">详情</a></td>
       </tr>
 
-      <tr>
-       <td>93dd0369eae4bcea64811d3481dda1b5</td>
-       <td>CVE-2024-3428</td>
-       <td>2024-04-07 18:15:13</td>
-       <td>A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3428">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>5bdaad99079d0bd6b78cb220f492778b</td>
-       <td>CVE-2024-31349</td>
-       <td>2024-04-07 18:15:13</td>
-       <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch MailMunch – Grow your Email List allows Stored XSS.This issue affects MailMunch – Grow your Email List: from n/a through 3.1.6.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31349">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d23663b48f5d29aa9cd2ba59ac88e890</td>
-       <td>CVE-2024-31348</td>
-       <td>2024-04-07 18:15:13</td>
-       <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themepoints Testimonials allows Stored XSS.This issue affects Testimonials: from n/a through 3.0.5.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31348">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>0eb2b923b164a1d18aa874473ff5b811</td>
-       <td>CVE-2024-31346</td>
-       <td>2024-04-07 18:15:12</td>
-       <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksmarket Gradient Text Widget for Elementor allows Stored XSS.This issue affects Gradient Text Widget for Elementor: from n/a through 1.0.1.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31346">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>07032626ff056060e31105d464abdaef</td>
-       <td>CVE-2024-31345</td>
-       <td>2024-04-07 18:15:12</td>
-       <td>Unrestricted Upload of File with Dangerous Type vulnerability in Sukhchain Singh Auto Poster.This issue affects Auto Poster: from n/a through 1.2.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31345">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4e182befdb9a68117d0620c95c33b1d5</td>
-       <td>CVE-2024-31344</td>
-       <td>2024-04-07 18:15:12</td>
-       <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phpbits Creative Studio Easy Login Styler – White Label Admin Login Page for WordPress allows Stored XSS.This issue affects Easy Login Styler – White Label Admin Login Page for WordPress: from n/a through 1.0.6.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31344">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d9b9f84eb54c6fd61eeef29c848aa448</td>
-       <td>CVE-2024-31308</td>
-       <td>2024-04-07 18:15:12</td>
-       <td>Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31308">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>20bcf172618e2af057ec2ad31724bf04</td>
-       <td>CVE-2024-31306</td>
-       <td>2024-04-07 18:15:12</td>
-       <td>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31306">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b67f27af951f9a41befbb990dabe7d1b</td>
-       <td>CVE-2024-31296</td>
-       <td>2024-04-07 18:15:11</td>
-       <td>Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31296">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>fb589e94e464f0fa8a0eeee28df875e6</td>
-       <td>CVE-2024-31292</td>
-       <td>2024-04-07 18:15:11</td>
-       <td>Unrestricted Upload of File with Dangerous Type vulnerability in Moove Agency Import XML and RSS Feeds.This issue affects Import XML and RSS Feeds: from n/a through 2.1.5.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31292">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>