Updated by Github Bot

EXP-Tools · Jun 15, 2024 · 5180736 · 5180736
1 parent bdc4eca
commit 5180736
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -117,3 +117,13 @@ a93dcb8a0cf18d818c4aa0a9e6e0a0ff
 11454e8ccc3789541af99de589b7a557
 93b30d718aee6197297c7e82548c10c8
 13b1586065447e11e057703aa57db529
+23893de5688cb99fbac4ed6eca1cc11e
+a1cbb77115f361438e8be3b2ef46320e
+935295b1cab401bcf2795cee08780174
+c59ba42b84db9618e92c3ee415827b80
+49acaabcbb06b7002cbb863255fd28d6
+b0131b32bf24059fe84061c3cf81b5c4
+439e0113cc64901bd2c697d816ba0142
+8d7864e14005c6bd354c49d177c844c1
+bf24e1ea9138d4ab8b4c3d0fa18c1bb9
+5af9de2d37d0e8d18e88aa90f96c2897
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-06-15 01:23:43 -->
+<!-- RELEASE TIME : 2024-06-15 15:21:44 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>23893de5688cb99fbac4ed6eca1cc11e</td>
+       <td>CVE-2024-6007</td>
+       <td>2024-06-15 13:15:51 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6007">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a1cbb77115f361438e8be3b2ef46320e</td>
+       <td>CVE-2024-6006</td>
+       <td>2024-06-15 12:15:49 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6006">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>935295b1cab401bcf2795cee08780174</td>
+       <td>CVE-2024-6005</td>
+       <td>2024-06-15 10:15:11 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6005">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>c59ba42b84db9618e92c3ee415827b80</td>
+       <td>CVE-2024-5611</td>
+       <td>2024-06-15 10:15:11 <img src="imgs/new.gif" /></td>
+       <td>The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5611">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>49acaabcbb06b7002cbb863255fd28d6</td>
+       <td>CVE-2024-5858</td>
+       <td>2024-06-15 09:15:12 <img src="imgs/new.gif" /></td>
+       <td>The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post titles.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5858">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b0131b32bf24059fe84061c3cf81b5c4</td>
+       <td>CVE-2024-4551</td>
+       <td>2024-06-15 09:15:12 <img src="imgs/new.gif" /></td>
+       <td>The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4551">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>439e0113cc64901bd2c697d816ba0142</td>
+       <td>CVE-2024-4258</td>
+       <td>2024-06-15 09:15:12 <img src="imgs/new.gif" /></td>
+       <td>The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4258">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8d7864e14005c6bd354c49d177c844c1</td>
+       <td>CVE-2024-4095</td>
+       <td>2024-06-15 09:15:12 <img src="imgs/new.gif" /></td>
+       <td>The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4095">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>bf24e1ea9138d4ab8b4c3d0fa18c1bb9</td>
+       <td>CVE-2024-3105</td>
+       <td>2024-06-15 09:15:11 <img src="imgs/new.gif" /></td>
+       <td>The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3105">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>5af9de2d37d0e8d18e88aa90f96c2897</td>
+       <td>CVE-2024-2695</td>
+       <td>2024-06-15 09:15:11 <img src="imgs/new.gif" /></td>
+       <td>The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2695">详情</a></td>
+      </tr>
+
       <tr>
        <td>43c333e3eedbed06e2905ee40ccd43e5</td>
        <td>CVE-2024-2024</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-34107">详情</a></td>
       </tr>
 
-      <tr>
-       <td>50962c6423c92d79bf3eb91d622eef4d</td>
-       <td>CVE-2024-5702</td>
-       <td>2024-06-11 13:15:51</td>
-       <td>Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125 and Firefox ESR < 115.12.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5702">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>15c7dd82cba467fcb1f0e9ab76220e7d</td>
-       <td>CVE-2024-5701</td>
-       <td>2024-06-11 13:15:51</td>
-       <td>Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5701">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b474ad87d2a1c8b10f9a1328b81972cf</td>
-       <td>CVE-2024-5700</td>
-       <td>2024-06-11 13:15:51</td>
-       <td>Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5700">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>08a289b0f9252f3445659e081a6bc76c</td>
-       <td>CVE-2024-5699</td>
-       <td>2024-06-11 13:15:51</td>
-       <td>In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5699">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8096e402c0b5868a1de8a0c06a68cf49</td>
-       <td>CVE-2024-5698</td>
-       <td>2024-06-11 13:15:51</td>
-       <td>By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5698">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>57d6749782d9051bff0310e5357b9c6e</td>
-       <td>CVE-2024-5697</td>
-       <td>2024-06-11 13:15:51</td>
-       <td>A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5697">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2c7dbb56713db3fd0fbf4cb514840637</td>
-       <td>CVE-2024-5696</td>
-       <td>2024-06-11 13:15:51</td>
-       <td>By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5696">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>88af31d92ceac08939afd9155664db84</td>
-       <td>CVE-2024-5695</td>
-       <td>2024-06-11 13:15:51</td>
-       <td>If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5695">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>954e493bb68a7c450adeafb91fc39bf0</td>
-       <td>CVE-2024-5694</td>
-       <td>2024-06-11 13:15:50</td>
-       <td>An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5694">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>2baae96bfaca3dfcc04d0652cd7e3891</td>
-       <td>CVE-2024-5693</td>
-       <td>2024-06-11 13:15:50</td>
-       <td>Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5693">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>