Updated by Github Bot

EXP-Tools · Jun 14, 2024 · 47d1726 · 47d1726
1 parent 41990aa
commit 47d1726
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -107,3 +107,13 @@ ae694e8b0ad2e65b4727865d6bceb56e
 7db35c93454dc37cd636e67d435717cb
 a4b41a23c3ad59eedcf5f68bad616c7d
 7bc4e0d9638a94ae1839d5ac7086b08f
+43c333e3eedbed06e2905ee40ccd43e5
+3377d3df2213fa560fc89d1603545be9
+27fcba9daa458f802e0ebf33b0560201
+a197e2156b163d3083ade8bb390628b4
+dc4afe693f1dcba0367635dfcda2a975
+3e9d89696180cd3b325cb40ab7ac2ce5
+a93dcb8a0cf18d818c4aa0a9e6e0a0ff
+11454e8ccc3789541af99de589b7a557
+93b30d718aee6197297c7e82548c10c8
+13b1586065447e11e057703aa57db529
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-06-14 09:22:12 -->
+<!-- RELEASE TIME : 2024-06-14 18:28:11 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>43c333e3eedbed06e2905ee40ccd43e5</td>
+       <td>CVE-2024-2024</td>
+       <td>2024-06-14 13:15:51 <img src="imgs/new.gif" /></td>
+       <td>The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2024">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3377d3df2213fa560fc89d1603545be9</td>
+       <td>CVE-2024-2023</td>
+       <td>2024-06-14 13:15:50 <img src="imgs/new.gif" /></td>
+       <td>The Folders and Folders Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.0 in Folders and 3.0.2 in Folders Pro via the 'handle_folders_file_upload' function. This makes it possible for authenticated attackers, with author access and above, to upload files to arbitrary locations on the server.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2023">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>27fcba9daa458f802e0ebf33b0560201</td>
+       <td>CVE-2024-36459</td>
+       <td>2024-06-14 12:15:09 <img src="imgs/new.gif" /></td>
+       <td>A CRLF cross-site scripting vulnerability has been identified in certain configurations of the SiteMinder Web Agent for IIS Web Server and SiteMinder Web Agent for Domino Web Server. As a result, an attacker can execute arbitrary Javascript code in a client browser.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36459">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a197e2156b163d3083ade8bb390628b4</td>
+       <td>CVE-2023-51376</td>
+       <td>2024-06-14 11:15:50 <img src="imgs/new.gif" /></td>
+       <td>Missing Authorization vulnerability in Brainstorm Force ProjectHuddle Client Site.This issue affects ProjectHuddle Client Site: from n/a through 1.0.34.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-51376">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>dc4afe693f1dcba0367635dfcda2a975</td>
+       <td>CVE-2024-5685</td>
+       <td>2024-06-14 10:15:10 <img src="imgs/new.gif" /></td>
+       <td>Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5685">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3e9d89696180cd3b325cb40ab7ac2ce5</td>
+       <td>CVE-2024-3912</td>
+       <td>2024-06-14 10:15:10 <img src="imgs/new.gif" /></td>
+       <td>Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3912">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a93dcb8a0cf18d818c4aa0a9e6e0a0ff</td>
+       <td>CVE-2024-34012</td>
+       <td>2024-06-14 10:15:10 <img src="imgs/new.gif" /></td>
+       <td>Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.24135.272.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34012">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>11454e8ccc3789541af99de589b7a557</td>
+       <td>CVE-2024-2472</td>
+       <td>2024-06-14 10:15:09 <img src="imgs/new.gif" /></td>
+       <td>The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to view other customer's cabinets, including the ability to view PII such as email addresses and to change their LatePoint user password, which may or may not be associated with a WordPress account.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2472">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>93b30d718aee6197297c7e82548c10c8</td>
+       <td>CVE-2024-5996</td>
+       <td>2024-06-14 09:15:11 <img src="imgs/new.gif" /></td>
+       <td>The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the system.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5996">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>13b1586065447e11e057703aa57db529</td>
+       <td>CVE-2024-4863</td>
+       <td>2024-06-14 09:15:10 <img src="imgs/new.gif" /></td>
+       <td>The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4863">详情</a></td>
+      </tr>
+
       <tr>
        <td>cd6930e6f700fc8b8012b8d3d6690d24</td>
        <td>CVE-2024-5927</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5693">详情</a></td>
       </tr>
 
-      <tr>
-       <td>f921fc539d7dbbbd16d595b350d016bf</td>
-       <td>CVE-2024-5786</td>
-       <td>2024-06-10 13:15:51</td>
-       <td>Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5786">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>32d45e9d926f9665bc0f4395fd09b231</td>
-       <td>CVE-2024-5785</td>
-       <td>2024-06-10 13:15:51</td>
-       <td>Command injection vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability could allow an authenticated user to execute commands inside the router by making a POST request to the URL “/boaform/admin/formUserTracert”.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5785">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ca64759545267f22163107519fb1037e</td>
-       <td>CVE-2024-36405</td>
-       <td>2024-06-10 13:15:50</td>
-       <td>liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for `-Os`, `-O1`, and other compilation options. A proof-of-concept local attack on the reference implementation leaks the entire ML-KEM 512 secret key in ~10 minutes using end-to-end decapsulation timing measurements. The issue has been fixed in version 0.10.1. As a possible workaround, some compiler options may produce vectorized code that does not leak secret information, however relying on these compiler options as a workaround may not be reliable.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36405">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>379dafe47acf1c4e948a2c7701ad51ba</td>
-       <td>CVE-2024-3700</td>
-       <td>2024-06-10 12:15:10</td>
-       <td>Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Simple Care software installations. This issue affects Estomed Sp. z o.o. Simple Care software in all versions. The software is no longer supported.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3700">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>fe6fd703ea7eed7bbaccbd1b3191812f</td>
-       <td>CVE-2024-3699</td>
-       <td>2024-06-10 12:15:10</td>
-       <td>Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3699">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>09be932b53a64e7cdc13730557a2407d</td>
-       <td>CVE-2024-28833</td>
-       <td>2024-06-10 12:15:09</td>
-       <td>Improper restriction of excessive authentication attempts with two factor authentication methods in Checkmk 2.3 before 2.3.0p6 facilitates brute-forcing of second factor mechanisms.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-28833">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c782629c0bc01f0720592b5b3cfc5498</td>
-       <td>CVE-2024-1228</td>
-       <td>2024-06-10 12:15:09</td>
-       <td>Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all Eurosoft Przychodnia installations. This issue affects Eurosoft Przychodnia software before version 20240417.001 (from that version vulnerability is fixed).</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1228">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>77540c911956015cc3b3bd903c544b24</td>
-       <td>CVE-2024-36971</td>
-       <td>2024-06-10 09:15:09</td>
-       <td>In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36971">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a07ee8b1fed75be77dc42ffd928031f0</td>
-       <td>CVE-2024-4746</td>
-       <td>2024-06-10 08:15:52</td>
-       <td>Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4746">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>52fd944cfc0a600ded5dd35c8c055eea</td>
-       <td>CVE-2024-4745</td>
-       <td>2024-06-10 08:15:52</td>
-       <td>Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4745">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>