diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index d454d94dfbd..d227b93b21a 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -132,3 +132,10 @@ ed8e3d082bba0507118f33253565ef17 1fda643624d3c091d8d867024ced12aa 803351db6e5b5e13559c67afdc334331 e228ab0cad3d8607093fa072e3a61ff0 +c471d502cd5db88f83ff496bcdb81aa0 +aa6fd912d0b542a61e5b23af4cbd64b3 +dd1f83522d698106b8be438344986dd4 +522a2dcf88ece5c4b7d33e18a7d25bb3 +a211a848e7c4095555a40dd5bab41c3f +720c71976c910f1ec5725f83d56bfb71 +f766b54ca0a64748f3d409a56387b138 diff --git a/data/cves.db b/data/cves.db index 5b83890e737..225caf66bf6 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 803c1f8812f..89ecf9e72fe 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,62 @@

眈眈探求 | TITLE URL + + c471d502cd5db88f83ff496bcdb81aa0 + CVE-2024-35119 + 2024-06-30 17:15:03 + IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. IBM X-Force ID: 290342. + 详情 + + + + aa6fd912d0b542a61e5b23af4cbd64b3 + CVE-2024-31902 + 2024-06-30 17:15:02 + IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234. + 详情 + + + + dd1f83522d698106b8be438344986dd4 + CVE-2024-28798 + 2024-06-30 17:15:02 + IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 287172. + 详情 + + + + 522a2dcf88ece5c4b7d33e18a7d25bb3 + CVE-2023-50954 + 2024-06-30 17:15:02 + IBM InfoSphere Information Server 11.7 returns sensitive information in URL information that could be used in further attacks against the system. IBM X-Force ID: 275776. + 详情 + + + + a211a848e7c4095555a40dd5bab41c3f + CVE-2024-5062 + 2024-06-30 16:15:03 + A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a specified URL after completing a survey, without proper validation of the 'redirect' parameter. Consequently, an attacker can execute arbitrary JavaScript code in the context of the user's browser session. This vulnerability could be exploited to steal cookies, potentially leading to account takeover. + 详情 + + + + 720c71976c910f1ec5725f83d56bfb71 + CVE-2024-28795 + 2024-06-30 16:15:02 + IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286832. + 详情 + + + + f766b54ca0a64748f3d409a56387b138 + CVE-2023-35022 + 2024-06-30 16:15:02 + IBM InfoSphere Information Server 11.7 could allow a local user to update projects that they do not have the authorization to access. IBM X-Force ID: 258254. + 详情 + + 04948b47c2c5cf6ca5b263a13d52b8fb CVE-2024-6415 @@ -467,62 +523,6 @@

眈眈探求 | 详情 - - dafb147056acdb7907846e3877546cbd - CVE-2024-39209 - 2024-06-27 21:15:15 - luci-app-sms-tool v1.9-6 was discovered to contain a command injection vulnerability via the score parameter. - 详情 - - - - 82c07e3d80afdf4d1216562365a53309 - CVE-2024-39134 - 2024-06-27 21:15:15 - A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service via the __zzip_fetch_disk_trailer() function at /zzip/zip.c. - 详情 - - - - 5f890c739b8718dd54674ed014876ee1 - CVE-2024-39132 - 2024-06-27 21:15:15 - A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp. - 详情 - - - - e4577f8d7c4d4648ec18dfdb49019814 - CVE-2024-6374 - 2024-06-27 14:15:17 - A vulnerability was found in lahirudanushka School Management System 1.0.0/1.0.1 and classified as problematic. This issue affects some unknown processing of the file /subject.php of the component Subject Page. The manipulation of the argument Subject Title/Sybillus Details leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269807. - 详情 - - - - 864faf359211c3e2cff22b2e4fa592f6 - CVE-2024-39158 - 2024-06-27 14:15:16 - idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet. - 详情 - - - - f7cd31be716429709333cbf98645b11d - CVE-2024-39157 - 2024-06-27 14:15:16 - idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. - 详情 - - - - a325556ff3f3e3b8af5ff2681c70dedb - CVE-2024-39156 - 2024-06-27 14:15:16 - idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add. - 详情 - -