Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Jul 2, 2024
1 parent c71009f commit 459596d
Show file tree
Hide file tree
Showing 3 changed files with 91 additions and 81 deletions.
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,3 +149,13 @@ d697b0a1cd5bcca3c545b959065bb8ca
d9659aa33bed89dc5404d659457f4a2e
f933f3174272143e8c3a6a24d9ee9121
eae1eafcf7ceaed2081e40e34f1273cb
9b70227dbf1642174570fced1dda7334
939c826fc592e8398fca103bb8c71a99
9b673c171a5ae5f66f2dbff4ed048149
9b05dea8e8558b5cedf0aa276962cbf0
6658648ff9198ec6d891b6a637c62123
a5391a80592b737bd7731fa734f7193e
d92b3366a3521445bb7e53fcc0451a1b
5dac148e832cc8129bd25e8805a70571
0c6d3931567571b09f0e78b05be5775f
ad927e1c87132d3c28ea9e92e3582f46
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-07-02 09:22:41 -->
<!-- RELEASE TIME : 2024-07-02 15:21:20 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>9b70227dbf1642174570fced1dda7334</td>
<td>CVE-2024-6440</td>
<td>2024-07-02 11:15:11 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270168.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6440">详情</a></td>
</tr>

<tr>
<td>939c826fc592e8398fca103bb8c71a99</td>
<td>CVE-2024-6439</td>
<td>2024-07-02 11:15:11 <img src="imgs/new.gif" /></td>
<td>A vulnerability was found in SourceCodester Home Owners Collection Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-270167.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6439">详情</a></td>
</tr>

<tr>
<td>9b673c171a5ae5f66f2dbff4ed048149</td>
<td>CVE-2024-6438</td>
<td>2024-07-02 11:15:11 <img src="imgs/new.gif" /></td>
<td>A vulnerability has been found in Hitout Carsale 1.0 and classified as critical. This vulnerability affects unknown code of the file OrderController.java. The manipulation of the argument orderBy leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-270166 is the identifier assigned to this vulnerability.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6438">详情</a></td>
</tr>

<tr>
<td>9b05dea8e8558b5cedf0aa276962cbf0</td>
<td>CVE-2024-6264</td>
<td>2024-07-02 11:15:10 <img src="imgs/new.gif" /></td>
<td>The Post Meta Data Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘$meta_key’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6264">详情</a></td>
</tr>

<tr>
<td>6658648ff9198ec6d891b6a637c62123</td>
<td>CVE-2024-6099</td>
<td>2024-07-02 11:15:10 <img src="imgs/new.gif" /></td>
<td>The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6099">详情</a></td>
</tr>

<tr>
<td>a5391a80592b737bd7731fa734f7193e</td>
<td>CVE-2024-6088</td>
<td>2024-07-02 11:15:10 <img src="imgs/new.gif" /></td>
<td>The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. This makes it possible for unauthenticated attackers to bypass disabled user registration to create a new account with the default role.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6088">详情</a></td>
</tr>

<tr>
<td>d92b3366a3521445bb7e53fcc0451a1b</td>
<td>CVE-2024-4268</td>
<td>2024-07-02 11:15:10 <img src="imgs/new.gif" /></td>
<td>The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4268">详情</a></td>
</tr>

<tr>
<td>5dac148e832cc8129bd25e8805a70571</td>
<td>CVE-2024-6012</td>
<td>2024-07-02 10:15:09 <img src="imgs/new.gif" /></td>
<td>The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'embed-create-page' and 'embed-insert-pages' functions in all versions up to, and including, 3.2.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary posts and append arbitrary content to existing posts.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6012">详情</a></td>
</tr>

<tr>
<td>0c6d3931567571b09f0e78b05be5775f</td>
<td>CVE-2024-6011</td>
<td>2024-07-02 10:15:09 <img src="imgs/new.gif" /></td>
<td>The Cost Calculator Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘textarea.description’ parameter in all versions up to, and including, 3.2.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6011">详情</a></td>
</tr>

<tr>
<td>ad927e1c87132d3c28ea9e92e3582f46</td>
<td>CVE-2024-34601</td>
<td>2024-07-02 10:15:08 <img src="imgs/new.gif" /></td>
<td>Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34601">详情</a></td>
</tr>

<tr>
<td>10ae49f825561628f931cfd2f9788c1d</td>
<td>CVE-2024-6130</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5926">详情</a></td>
</tr>

<tr>
<td>1fda643624d3c091d8d867024ced12aa</td>
<td>CVE-2024-39848</td>
<td>2024-06-29 22:15:02</td>
<td>Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Services" before 4.13.1.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39848">详情</a></td>
</tr>

<tr>
<td>803351db6e5b5e13559c67afdc334331</td>
<td>CVE-2024-39846</td>
<td>2024-06-29 21:15:09</td>
<td>NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39846">详情</a></td>
</tr>

<tr>
<td>e228ab0cad3d8607093fa072e3a61ff0</td>
<td>CVE-2024-39840</td>
<td>2024-06-29 17:15:09</td>
<td>Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39840">详情</a></td>
</tr>

<tr>
<td>44b6cfec136896f12e266aedcc840ab3</td>
<td>CVE-2024-25943</td>
<td>2024-06-29 13:15:10</td>
<td>iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25943">详情</a></td>
</tr>

<tr>
<td>acd0c183c1edfee44a8abe6d716440bf</td>
<td>CVE-2024-2386</td>
<td>2024-06-29 13:15:10</td>
<td>The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2386">详情</a></td>
</tr>

<tr>
<td>1871bfebdafb159384d8a8610263f188</td>
<td>CVE-2023-4017</td>
<td>2024-06-29 12:15:09</td>
<td>The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-4017">详情</a></td>
</tr>

<tr>
<td>9103412ed2c29ac048e8232078817768</td>
<td>CVE-2024-5819</td>
<td>2024-06-29 10:15:02</td>
<td>The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5819">详情</a></td>
</tr>

<tr>
<td>a24880093145de3bb6ed849766e175f3</td>
<td>CVE-2024-6363</td>
<td>2024-06-29 07:15:03</td>
<td>The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6363">详情</a></td>
</tr>

<tr>
<td>50e24e78994cc27136048c7232cfd2f7</td>
<td>CVE-2024-5790</td>
<td>2024-06-29 07:15:03</td>
<td>The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5790">详情</a></td>
</tr>

<tr>
<td>7be152eacb2a60f2885c027c3d70aa0d</td>
<td>CVE-2024-5666</td>
<td>2024-06-29 07:15:02</td>
<td>The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5666">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 459596d

Please sign in to comment.