Updated by Github Bot

EXP-Tools · Jun 17, 2024 · 74d4076 · 74d4076
1 parent 3cc9ffc
commit 74d4076
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 12 deletions.
diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat
@@ -123,3 +123,5 @@ e931320dc7e9495c3de6fe2b53cdeabf
 1d16869d758290db1f57ae0b71a7c5f4
 e2c92c9de042d97490c76eb5f11a8370
 9b13fa8a9ec1935a32dafe94dbbf540b
+a0b64ae641fda184c64f3228fa1ef598
+816b4abadfa1f026f7458c1c011567a9
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-06-16 21:22:21 -->
+<!-- RELEASE TIME : 2024-06-17 01:26:41 -->
 <html lang="zh-cn">
 
  <head>
@@ -438,87 +438,87 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>be6cbc4f13d40166e0294211bfd12fe5</td>
        <td>CVE-2024-6016</td>
-       <td>2024-06-15 19:15:48 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 19:15:48</td>
        <td>A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268724.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6016">详情</a></td>
       </tr>
 
       <tr>
        <td>23893de5688cb99fbac4ed6eca1cc11e</td>
        <td>CVE-2024-6007</td>
-       <td>2024-06-15 13:15:51 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 13:15:51</td>
        <td>A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6007">详情</a></td>
       </tr>
 
       <tr>
        <td>a1cbb77115f361438e8be3b2ef46320e</td>
        <td>CVE-2024-6006</td>
-       <td>2024-06-15 12:15:49 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 12:15:49</td>
        <td>A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6006">详情</a></td>
       </tr>
 
       <tr>
        <td>935295b1cab401bcf2795cee08780174</td>
        <td>CVE-2024-6005</td>
-       <td>2024-06-15 10:15:11 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 10:15:11</td>
        <td>A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6005">详情</a></td>
       </tr>
 
       <tr>
        <td>c59ba42b84db9618e92c3ee415827b80</td>
        <td>CVE-2024-5611</td>
-       <td>2024-06-15 10:15:11 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 10:15:11</td>
        <td>The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5611">详情</a></td>
       </tr>
 
       <tr>
        <td>49acaabcbb06b7002cbb863255fd28d6</td>
        <td>CVE-2024-5858</td>
-       <td>2024-06-15 09:15:12 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 09:15:12</td>
        <td>The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post titles.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5858">详情</a></td>
       </tr>
 
       <tr>
        <td>b0131b32bf24059fe84061c3cf81b5c4</td>
        <td>CVE-2024-4551</td>
-       <td>2024-06-15 09:15:12 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 09:15:12</td>
        <td>The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4551">详情</a></td>
       </tr>
 
       <tr>
        <td>439e0113cc64901bd2c697d816ba0142</td>
        <td>CVE-2024-4258</td>
-       <td>2024-06-15 09:15:12 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 09:15:12</td>
        <td>The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4258">详情</a></td>
       </tr>
 
       <tr>
        <td>8d7864e14005c6bd354c49d177c844c1</td>
        <td>CVE-2024-4095</td>
-       <td>2024-06-15 09:15:12 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 09:15:12</td>
        <td>The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4095">详情</a></td>
       </tr>
 
       <tr>
        <td>bf24e1ea9138d4ab8b4c3d0fa18c1bb9</td>
        <td>CVE-2024-3105</td>
-       <td>2024-06-15 09:15:11 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 09:15:11</td>
        <td>The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3105">详情</a></td>
       </tr>
 
       <tr>
        <td>5af9de2d37d0e8d18e88aa90f96c2897</td>
        <td>CVE-2024-2695</td>
-       <td>2024-06-15 09:15:11 <img src="imgs/new.gif" /></td>
+       <td>2024-06-15 09:15:11</td>
        <td>The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2695">详情</a></td>
       </tr>