diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 59a966b6571..770cd67f149 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -104,3 +104,13 @@ e878dd20971a6e2843472e929e11a443 a65b1135d277a03173c4908300bc6e9a 01cdf6523d61c5d89a642e556308cf3f fd42ee6c45e901285cb7dfeb9e964e90 +d7ef48ca2dbfd48f6ed83c1d06e3d7ef +576dc19669bfa90e3a7758993504cb34 +5b7b55a5130f5fc21dc3e5ed81276375 +46599ca7abecdf36a8d6fbb4f22e13c0 +0a9a3d66d41c1dc3d87d8fcd9ef11d34 +efe5b646d149e1497b3247d438943c74 +274bb7010259f89bec9b5cf52e4cabcf +d00c85106435c8b064ff7060c2a05bca +06abad314c9adc4600cd71a737d1f809 +1ce281c2bf7a9a8c530cc00a8e7b4af2 diff --git a/data/cves.db b/data/cves.db index d55aea1b68e..81732d08119 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 8256fcf3bea..ca1ba5ae270 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + d7ef48ca2dbfd48f6ed83c1d06e3d7ef + CVE-2024-8538 + 2024-09-07 09:15:03 + The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing a file path in an error message. This makes it possible for authenticated attackers, with author-level access and above, to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. + 详情 + + + + 576dc19669bfa90e3a7758993504cb34 + CVE-2024-8523 + 2024-09-07 09:15:02 + A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1 of the component SQL Command Execution Module. The manipulation of the argument data leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 5b7b55a5130f5fc21dc3e5ed81276375 + CVE-2024-6849 + 2024-09-07 09:15:01 + The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. + 详情 + + + + 46599ca7abecdf36a8d6fbb4f22e13c0 + CVE-2024-8521 + 2024-09-07 08:15:11 + A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index of the file /qso of the component Live QSO. The manipulation of the argument manual leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.8.1 is able to address this issue. The patch is identified as b31002cec6b71ab5f738881806bb546430ec692e. It is recommended to upgrade the affected component. + 详情 + + + + 0a9a3d66d41c1dc3d87d8fcd9ef11d34 + CVE-2024-45498 + 2024-09-07 08:15:11 + Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airflow/pull/41873 for more information. We recommend against exposing the example DAGs in your deployment. If you must expose the example DAGs, upgrade Airflow to version 2.10.1 or later. + 详情 + + + + efe5b646d149e1497b3247d438943c74 + CVE-2024-45034 + 2024-09-07 08:15:11 + Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability. + 详情 + + + + 274bb7010259f89bec9b5cf52e4cabcf + CVE-2024-8439 + 2024-09-06 22:15:02 + Rejected reason: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the issue does not pose a security risk as it falls within the expected functionality and security controls of the application. + 详情 + + + + d00c85106435c8b064ff7060c2a05bca + CVE-2024-45771 + 2024-09-06 22:15:02 + RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php. + 详情 + + + + 06abad314c9adc4600cd71a737d1f809 + CVE-2024-44839 + 2024-09-06 22:15:02 + RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php. + 详情 + + + + 1ce281c2bf7a9a8c530cc00a8e7b4af2 + CVE-2024-44838 + 2024-09-06 22:15:02 + RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php. + 详情 + + a4a2eaa6a3679feff64f42da4ab147ca CVE-2023-52916 @@ -366,7 +446,7 @@

眈眈探求 | + 2024-09-05 10:15:03 The Dynamic Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dfiFeatured’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -374,7 +454,7 @@

眈眈探求 | + 2024-09-05 10:15:03 The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -382,7 +462,7 @@

眈眈探求 | + 2024-09-05 10:15:02 The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version. 详情 @@ -390,7 +470,7 @@

眈眈探求 | + 2024-09-05 09:15:04 The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -398,7 +478,7 @@

眈眈探求 | + 2024-09-05 09:15:04 The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12. 详情 @@ -406,7 +486,7 @@

眈眈探求 | + 2024-09-05 09:15:03 Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 详情 @@ -414,7 +494,7 @@

眈眈探求 | + 2024-09-05 07:15:02 The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form 详情 @@ -422,7 +502,7 @@

眈眈探求 | + 2024-09-05 06:15:03 The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs 详情 @@ -430,7 +510,7 @@

眈眈探求 | + 2024-09-05 05:15:13 The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. 详情 @@ -438,91 +518,11 @@

眈眈探求 | + 2024-09-05 05:15:13 The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. 详情 - - 9ad5f6e43e9fc270a8817dc06fe22570 - CVE-2024-7821 - 2024-09-04 10:15:03 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. - 详情 - - - - 0634121234224077e7de6445bf0fc2c7 - CVE-2024-8289 - 2024-09-04 09:15:04 - The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to privilege escalation/de-escalation and account takeover due to an insufficient capability check on the update_item_permissions_check and create_item_permissions_check functions in all versions up to, and including, 4.2.0. This makes it possible for unauthenticated attackers to change the password of any user with the vendor role, create new users with the vendor role, and demote other users like administrators to the vendor role. - 详情 - - - - 35a06ff1084d6d07b5bcc3ddd948e1d5 - CVE-2024-7870 - 2024-09-04 09:15:04 - The PixelYourSite – Your smart PIXEL (TAG) & API Manager and the PixelYourSite PRO plugins for WordPress are vulnerable to Sensitive Information Exposure in all versions up to, and including, 9.7.1 and 10.4.2, respectively, through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, and to delete log files. - 详情 - - - - ad4e26f876935ae5a804dd148b01301e - CVE-2024-45507 - 2024-09-04 09:15:04 - Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. - 详情 - - - - 6178bbc473228da2f4458016e4de843e - CVE-2024-45195 - 2024-09-04 09:15:04 - Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue. - 详情 - - - - 18e3756524a662a30ae4feddc04f454d - CVE-2024-8318 - 2024-09-04 08:15:03 - The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributesForBlocks’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. - 详情 - - - - f5eb2670c247d298533731afb9a608b3 - CVE-2024-8123 - 2024-09-04 07:15:05 - The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to duplicate posts written by other authors including admins. This includes the ability to duplicate password-protected posts, which reveals their contents. - 详情 - - - - f150034b54994c231f52fad91fdf46bc - CVE-2024-8121 - 2024-09-04 07:15:04 - The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to unauthorized modification of user names due to a missing capability check on the wpext_change_admin_name() function in all versions up to, and including, 3.0.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change an admin's username to a username of their liking as long as the default 'admin' was used. - 详情 - - - - 4bf5179e24ade3db3af2585a173391ff - CVE-2024-8119 - 2024-09-04 07:15:04 - The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the page parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - 详情 - - - - 1b17834e8bb0a19a354faea3d360fbfd - CVE-2024-8117 - 2024-09-04 07:15:04 - The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘selected_option’ parameter in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. - 详情 - -