Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Nov 27, 2024
1 parent 14e18f7 commit f41c2e5
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -132,3 +132,13 @@ a8ad3dd98906e55b62e82236d963840a
2e766aad63d0f28e7b9fbe42a63d0639
1a5fb770f0614bca096124ac0b950cf9
4c211ecdf45a307f58e3f6b0ec8afc3b
2f727bde471b13c1ae2e14076ab3a4c8
78c73790025e596e2f99c11661f97985
33b86be4fda888a50ee1a76c72c90638
1fb8e3c220dcc19f8a44aa1cb777b334
d768d0b6cf54837815bfaeb67117fc0b
7a72c1f1369688b841eb91926443ca98
77e99e99cdeb887bc152d7fc043686cb
fda1b5c1d4095322a3e93a9067c98fad
7e01b98183c1a6b72d5cc438a2ceab04
58ee1c1a3573e58c2cbe62c68b43edef
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-11-27 12:49:28 -->
<!-- RELEASE TIME : 2024-11-27 15:26:45 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>2f727bde471b13c1ae2e14076ab3a4c8</td>
<td>CVE-2024-52323</td>
<td>2024-11-27 09:54:07 <img src="imgs/new.gif" /></td>
<td>Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-52323">详情</a></td>
</tr>

<tr>
<td>78c73790025e596e2f99c11661f97985</td>
<td>CVE-2024-11667</td>
<td>2024-11-27 09:39:41 <img src="imgs/new.gif" /></td>
<td>A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11667">详情</a></td>
</tr>

<tr>
<td>33b86be4fda888a50ee1a76c72c90638</td>
<td>CVE-2024-36467</td>
<td>2024-11-27 07:15:09 <img src="imgs/new.gif" /></td>
<td>An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36467">详情</a></td>
</tr>

<tr>
<td>1fb8e3c220dcc19f8a44aa1cb777b334</td>
<td>CVE-2024-10895</td>
<td>2024-11-27 07:15:08 <img src="imgs/new.gif" /></td>
<td>The Counter Up – Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10895">详情</a></td>
</tr>

<tr>
<td>d768d0b6cf54837815bfaeb67117fc0b</td>
<td>CVE-2024-10580</td>
<td>2024-11-27 07:15:07 <img src="imgs/new.gif" /></td>
<td>The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10580">详情</a></td>
</tr>

<tr>
<td>7a72c1f1369688b841eb91926443ca98</td>
<td>CVE-2024-10175</td>
<td>2024-11-27 07:15:07 <img src="imgs/new.gif" /></td>
<td>The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-10175">详情</a></td>
</tr>

<tr>
<td>77e99e99cdeb887bc152d7fc043686cb</td>
<td>CVE-2024-52959</td>
<td>2024-11-27 06:15:19 <img src="imgs/new.gif" /></td>
<td>A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-52959">详情</a></td>
</tr>

<tr>
<td>fda1b5c1d4095322a3e93a9067c98fad</td>
<td>CVE-2024-52958</td>
<td>2024-11-27 06:15:18 <img src="imgs/new.gif" /></td>
<td>A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-52958">详情</a></td>
</tr>

<tr>
<td>7e01b98183c1a6b72d5cc438a2ceab04</td>
<td>CVE-2024-11219</td>
<td>2024-11-27 06:15:18 <img src="imgs/new.gif" /></td>
<td>The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, which can contain sensitive information.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11219">详情</a></td>
</tr>

<tr>
<td>58ee1c1a3573e58c2cbe62c68b43edef</td>
<td>CVE-2024-11083</td>
<td>2024-11-27 06:15:17 <img src="imgs/new.gif" /></td>
<td>The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11083">详情</a></td>
</tr>

<tr>
<td>d3af3ba28ea2bfaaa42cb9f59de143c8</td>
<td>CVE-2024-11680</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6538">详情</a></td>
</tr>

<tr>
<td>7cf182d7dfaf5be3a714a67d8476d761</td>
<td>CVE-2024-9941</td>
<td>2024-11-23 07:38:07</td>
<td>The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the administrator role.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9941">详情</a></td>
</tr>

<tr>
<td>0af5445422ab6764bf54061a07e955bd</td>
<td>CVE-2024-9659</td>
<td>2024-11-23 07:38:07</td>
<td>The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all versions up to, and including, 91.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9659">详情</a></td>
</tr>

<tr>
<td>5054c6ddf6ddeb68ca5e05444b88ac19</td>
<td>CVE-2024-9942</td>
<td>2024-11-23 07:38:06</td>
<td>The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9942">详情</a></td>
</tr>

<tr>
<td>e6b8002cb5ae32707c799f07b2d9205e</td>
<td>CVE-2024-9511</td>
<td>2024-11-23 07:38:05</td>
<td>The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. The vulnerability was partially patched in version 2.2.82.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9511">详情</a></td>
</tr>

<tr>
<td>0a29dabfcf6574494793f93d3bfff212</td>
<td>CVE-2024-9660</td>
<td>2024-11-23 07:38:03</td>
<td>The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9660">详情</a></td>
</tr>

<tr>
<td>2d6b9cccf49c2a0bd5fbbf159c3678a9</td>
<td>CVE-2024-9635</td>
<td>2024-11-23 06:54:54</td>
<td>The Checkout with Cash App on WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wp_http_referer' parameter in several files in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9635">详情</a></td>
</tr>

<tr>
<td>934bb8c7462f1e55c43359863405ab50</td>
<td>CVE-2024-11446</td>
<td>2024-11-23 06:54:53</td>
<td>The Chessgame Shizzle plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'cs_nonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11446">详情</a></td>
</tr>

<tr>
<td>ef48c3d67afee75497134f509e35a1bb</td>
<td>CVE-2024-11330</td>
<td>2024-11-23 06:54:49</td>
<td>The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11330">详情</a></td>
</tr>

<tr>
<td>5a8bb5df857fa16e7071e4dc822400ff</td>
<td>CVE-2024-11188</td>
<td>2024-11-23 05:40:11</td>
<td>The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11188">详情</a></td>
</tr>

<tr>
<td>b688fdc46d864b07a4ba6049b4bcd0a1</td>
<td>CVE-2024-11426</td>
<td>2024-11-23 04:32:22</td>
<td>The AutoListicle: Automatically Update Numbered List Articles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-list-number' shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11426">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit f41c2e5

Please sign in to comment.