diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index e5161eb9282..72e23c65cad 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -117,3 +117,13 @@ a93dcb8a0cf18d818c4aa0a9e6e0a0ff 11454e8ccc3789541af99de589b7a557 93b30d718aee6197297c7e82548c10c8 13b1586065447e11e057703aa57db529 +23893de5688cb99fbac4ed6eca1cc11e +a1cbb77115f361438e8be3b2ef46320e +935295b1cab401bcf2795cee08780174 +c59ba42b84db9618e92c3ee415827b80 +49acaabcbb06b7002cbb863255fd28d6 +b0131b32bf24059fe84061c3cf81b5c4 +439e0113cc64901bd2c697d816ba0142 +8d7864e14005c6bd354c49d177c844c1 +bf24e1ea9138d4ab8b4c3d0fa18c1bb9 +5af9de2d37d0e8d18e88aa90f96c2897 diff --git a/data/cves.db b/data/cves.db index efd0ca559e2..2547525ed29 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index ac8636f6cf9..ec092315596 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 23893de5688cb99fbac4ed6eca1cc11e + CVE-2024-6007 + 2024-06-15 13:15:51 + A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + a1cbb77115f361438e8be3b2ef46320e + CVE-2024-6006 + 2024-06-15 12:15:49 + A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 935295b1cab401bcf2795cee08780174 + CVE-2024-6005 + 2024-06-15 10:15:11 + A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + c59ba42b84db9618e92c3ee415827b80 + CVE-2024-5611 + 2024-06-15 10:15:11 + The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + 49acaabcbb06b7002cbb863255fd28d6 + CVE-2024-5858 + 2024-06-15 09:15:12 + The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post titles. + 详情 + + + + b0131b32bf24059fe84061c3cf81b5c4 + CVE-2024-4551 + 2024-06-15 09:15:12 + The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + 详情 + + + + 439e0113cc64901bd2c697d816ba0142 + CVE-2024-4258 + 2024-06-15 09:15:12 + The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. + 详情 + + + + 8d7864e14005c6bd354c49d177c844c1 + CVE-2024-4095 + 2024-06-15 09:15:12 + The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + bf24e1ea9138d4ab8b4c3d0fa18c1bb9 + CVE-2024-3105 + 2024-06-15 09:15:11 + The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. + 详情 + + + + 5af9de2d37d0e8d18e88aa90f96c2897 + CVE-2024-2695 + 2024-06-15 09:15:11 + The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + 43c333e3eedbed06e2905ee40ccd43e5 CVE-2024-2024 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 50962c6423c92d79bf3eb91d622eef4d - CVE-2024-5702 - 2024-06-11 13:15:51 - Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125 and Firefox ESR < 115.12. - 详情 - - - - 15c7dd82cba467fcb1f0e9ab76220e7d - CVE-2024-5701 - 2024-06-11 13:15:51 - Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127. - 详情 - - - - b474ad87d2a1c8b10f9a1328b81972cf - CVE-2024-5700 - 2024-06-11 13:15:51 - Memory safety bugs present in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12. - 详情 - - - - 08a289b0f9252f3445659e081a6bc76c - CVE-2024-5699 - 2024-06-11 13:15:51 - In violation of spec, cookie prefixes such as `__Secure` were being ignored if they were not correctly capitalized - by spec they should be checked with a case-insensitive comparison. This could have resulted in the browser not correctly honoring the behaviors specified by the prefix. This vulnerability affects Firefox < 127. - 详情 - - - - 8096e402c0b5868a1de8a0c06a68cf49 - CVE-2024-5698 - 2024-06-11 13:15:51 - By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 127. - 详情 - - - - 57d6749782d9051bff0310e5357b9c6e - CVE-2024-5697 - 2024-06-11 13:15:51 - A website was able to detect when a user took a screenshot of a page using the built-in Screenshot functionality in Firefox. This vulnerability affects Firefox < 127. - 详情 - - - - 2c7dbb56713db3fd0fbf4cb514840637 - CVE-2024-5696 - 2024-06-11 13:15:51 - By manipulating the text in an `<input>` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12. - 详情 - - - - 88af31d92ceac08939afd9155664db84 - CVE-2024-5695 - 2024-06-11 13:15:51 - If an out-of-memory condition occurs at a specific point using allocations in the probabilistic heap checker, an assertion could have been triggered, and in rarer situations, memory corruption could have occurred. This vulnerability affects Firefox < 127. - 详情 - - - - 954e493bb68a7c450adeafb91fc39bf0 - CVE-2024-5694 - 2024-06-11 13:15:50 - An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127. - 详情 - - - - 2baae96bfaca3dfcc04d0652cd7e3891 - CVE-2024-5693 - 2024-06-11 13:15:50 - Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127 and Firefox ESR < 115.12. - 详情 - -