Updated by Github Bot

EXP-Tools · Jun 17, 2024 · 79ab13a · 79ab13a
1 parent 27d2b47
commit 79ab13a
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -147,3 +147,13 @@ c28a6537f52ec8f2444dd279383e40ec
 b28c9d35ce5169e5c24fd9c1c40443b7
 77359cdf07122364a25186684877416d
 31903eec7be53d2678fdb947cf5c363b
+1ba34eb8bf4f88b8e1d2501e07a78f21
+7bcd40e61638f34ea6bad1772bccd7c7
+dcbc1bbed2cc82f4a1ec81fb437c7b96
+d96077eb5f113d3f25327c65c748e70b
+16b31b48da98a5c7707c39addc33e8bd
+a42fef46d65fe176cee367dbccaf787d
+7dd4deec5ff80520ac12c84a0acc901e
+86d64e94fbb0f829fd5df8495b6db80c
+37760a17c263186827c1871536405e07
+ff64334c57d3dcc82a0e392857242c59
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-06-17 09:23:22 -->
+<!-- RELEASE TIME : 2024-06-17 18:27:30 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>1ba34eb8bf4f88b8e1d2501e07a78f21</td>
+       <td>CVE-2024-4032</td>
+       <td>2024-06-17 15:15:52 <img src="imgs/new.gif" /></td>
+       <td>The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4032">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>7bcd40e61638f34ea6bad1772bccd7c7</td>
+       <td>CVE-2024-36582</td>
+       <td>2024-06-17 15:15:51 <img src="imgs/new.gif" /></td>
+       <td>alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js)</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36582">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>dcbc1bbed2cc82f4a1ec81fb437c7b96</td>
+       <td>CVE-2024-36581</td>
+       <td>2024-06-17 15:15:51 <img src="imgs/new.gif" /></td>
+       <td>A Prototype Pollution issue in abw badger-database 1.2.1 allows an attacker to execute arbitrary code via dist/badger-database.esm.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-36581">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d96077eb5f113d3f25327c65c748e70b</td>
+       <td>CVE-2024-1469</td>
+       <td>2024-06-17 15:15:50 <img src="imgs/new.gif" /></td>
+       <td>Rejected reason: ** REJECT ** Duplicate assignment. Please use CVE-2024-0845 instead.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1469">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>16b31b48da98a5c7707c39addc33e8bd</td>
+       <td>CVE-2024-38470</td>
+       <td>2024-06-17 14:15:12 <img src="imgs/new.gif" /></td>
+       <td>zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /own.php.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38470">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a42fef46d65fe176cee367dbccaf787d</td>
+       <td>CVE-2024-38469</td>
+       <td>2024-06-17 14:15:12 <img src="imgs/new.gif" /></td>
+       <td>zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /pay.php.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38469">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>7dd4deec5ff80520ac12c84a0acc901e</td>
+       <td>CVE-2024-37848</td>
+       <td>2024-06-17 14:15:11 <img src="imgs/new.gif" /></td>
+       <td>SQL Injection vulnerability in Online-Bookstore-Project-In-PHP v1.0 allows a local attacker to execute arbitrary code via the admin_delete.php component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37848">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>86d64e94fbb0f829fd5df8495b6db80c</td>
+       <td>CVE-2024-37625</td>
+       <td>2024-06-17 14:15:11 <img src="imgs/new.gif" /></td>
+       <td>zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /index.php.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37625">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>37760a17c263186827c1871536405e07</td>
+       <td>CVE-2024-37624</td>
+       <td>2024-06-17 14:15:11 <img src="imgs/new.gif" /></td>
+       <td>Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /chajian/inputChajian.php. component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37624">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ff64334c57d3dcc82a0e392857242c59</td>
+       <td>CVE-2024-37623</td>
+       <td>2024-06-17 14:15:11 <img src="imgs/new.gif" /></td>
+       <td>Xinhu RockOA v2.6.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the /kaoqin/tpl_kaoqin_locationchange.html component.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-37623">详情</a></td>
+      </tr>
+
       <tr>
        <td>2022b8875db6ba4b1d40901f13fc0aca</td>
        <td>CVE-2024-38468</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6016">详情</a></td>
       </tr>
 
-      <tr>
-       <td>23893de5688cb99fbac4ed6eca1cc11e</td>
-       <td>CVE-2024-6007</td>
-       <td>2024-06-15 13:15:51</td>
-       <td>A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /protocol/iscgwtunnel/deleteiscgwrouteconf.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6007">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a1cbb77115f361438e8be3b2ef46320e</td>
-       <td>CVE-2024-6006</td>
-       <td>2024-06-15 12:15:49</td>
-       <td>A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Summer Schedule Handler. The manipulation of the argument Schedule Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-268694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6006">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>935295b1cab401bcf2795cee08780174</td>
-       <td>CVE-2024-6005</td>
-       <td>2024-06-15 10:15:11</td>
-       <td>A vulnerability was found in ZKTeco ZKBio CVSecurity V5000 4.1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Department Section. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6005">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c59ba42b84db9618e92c3ee415827b80</td>
-       <td>CVE-2024-5611</td>
-       <td>2024-06-15 10:15:11</td>
-       <td>The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘label_years’ attribute within the Countdown widget in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5611">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>49acaabcbb06b7002cbb863255fd28d6</td>
-       <td>CVE-2024-5858</td>
-       <td>2024-06-15 09:15:12</td>
-       <td>The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcld_openai_title_generate_desc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary post titles.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5858">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b0131b32bf24059fe84061c3cf81b5c4</td>
-       <td>CVE-2024-4551</td>
-       <td>2024-06-15 09:15:12</td>
-       <td>The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, with contributor access and higher, to include and execute arbitrary php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4551">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>439e0113cc64901bd2c697d816ba0142</td>
-       <td>CVE-2024-4258</td>
-       <td>2024-06-15 09:15:12</td>
-       <td>The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4258">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8d7864e14005c6bd354c49d177c844c1</td>
-       <td>CVE-2024-4095</td>
-       <td>2024-06-15 09:15:12</td>
-       <td>The Collapse-O-Matic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'expand' and 'expandsub' shortcode in all versions up to, and including, 1.8.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4095">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>bf24e1ea9138d4ab8b4c3d0fa18c1bb9</td>
-       <td>CVE-2024-3105</td>
-       <td>2024-06-15 09:15:11</td>
-       <td>The Woody code snippets – Insert Header Footer Code, AdSense Ads plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.5.0 via the 'insert_php' shortcode. This is due to the plugin not restricting the usage of the functionality to high level authorized users. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3105">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>5af9de2d37d0e8d18e88aa90f96c2897</td>
-       <td>CVE-2024-2695</td>
-       <td>2024-06-15 09:15:11</td>
-       <td>The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.13 due to insufficient input sanitization and output escaping on user supplied attributes such as 'borderradius' and 'timestamp'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-2695">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>