Updated by Github Bot

EXP-Tools · Jun 27, 2024 · a6e403c · a6e403c
1 parent 7182c0e
commit a6e403c
Show file tree

Hide file tree

Showing 3 changed files with 73 additions and 65 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -198,3 +198,11 @@ e97103dd07bec60d514bf2cbce2781a7
 6708a673f548c15f7d8dbbdd613cf22a
 36d3d1c1921836f21f9bbb1187704feb
 f20d744667e2bedecc9279d6265c0fac
+eeea53a7b5ca82f7d34ea9bccde779d0
+01b38aa63a7c181f44adb099ab0a4c3a
+37fa1ae0584dd61814df8743c4313a10
+14dfbd1d1fcdfc69d245483a420401f2
+3e2bad140d080413a4a48d32d1a95a01
+31661febd1eab5aec60f5afb7b3b9c4e
+dc431a9e2c63dd8e3a80208312c9c177
+7c81eadaaa3f0423f64263b10dbebeac
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-06-27 18:26:06 -->
+<!-- RELEASE TIME : 2024-06-27 21:19:46 -->
 <html lang="zh-cn">
 
  <head>
@@ -363,6 +363,70 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6372">详情</a></td>
       </tr>
 
+      <tr>
+       <td>eeea53a7b5ca82f7d34ea9bccde779d0</td>
+       <td>CVE-2024-6371</td>
+       <td>2024-06-27 13:16:01 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability, which was classified as critical, has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument rmtype_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269804.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6371">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>01b38aa63a7c181f44adb099ab0a4c3a</td>
+       <td>CVE-2024-38515</td>
+       <td>2024-06-27 13:16:00 <img src="imgs/new.gif" /></td>
+       <td>Rejected reason: This CVE is a duplicate of CVE-2024-38374.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-38515">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>37fa1ae0584dd61814df8743c4313a10</td>
+       <td>CVE-2024-1107</td>
+       <td>2024-06-27 13:15:54 <img src="imgs/new.gif" /></td>
+       <td>Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1107">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>14dfbd1d1fcdfc69d245483a420401f2</td>
+       <td>CVE-2024-6370</td>
+       <td>2024-06-27 12:15:31 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument bulletinbody leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269803.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6370">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3e2bad140d080413a4a48d32d1a95a01</td>
+       <td>CVE-2024-6369</td>
+       <td>2024-06-27 12:15:30 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=page&sdcid=LV_ReagentLot of the component POST Request Handler. The manipulation of the argument mode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269802 is the identifier assigned to this vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6369">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>31661febd1eab5aec60f5afb7b3b9c4e</td>
+       <td>CVE-2024-6368</td>
+       <td>2024-06-27 12:15:30 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269801 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6368">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>dc431a9e2c63dd8e3a80208312c9c177</td>
+       <td>CVE-2024-6367</td>
+       <td>2024-06-27 12:15:29 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument sdcid/keyid1/keyid2/keyid3 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6367">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>7c81eadaaa3f0423f64263b10dbebeac</td>
+       <td>CVE-2024-6262</td>
+       <td>2024-06-27 11:15:25 <img src="imgs/new.gif" /></td>
+       <td>The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6262">详情</a></td>
+      </tr>
+
       <tr>
        <td>1365bdf27a5951d32da0f85d73799495</td>
        <td>CVE-2024-6344</td>
@@ -459,70 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4959">详情</a></td>
       </tr>
 
-      <tr>
-       <td>194ee1eacf7808ff82536e998cfbce04</td>
-       <td>CVE-2024-4957</td>
-       <td>2024-06-26 06:15:16 <img src="imgs/new.gif" /></td>
-       <td>The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4957">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>560cdaf211f246118d2a2e5bad391688</td>
-       <td>CVE-2024-4758</td>
-       <td>2024-06-26 06:15:16 <img src="imgs/new.gif" /></td>
-       <td>The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-4758">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f7f26f0469e715576f45de8a29b6295e</td>
-       <td>CVE-2024-6303</td>
-       <td>2024-06-25 13:15:51</td>
-       <td>Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6303">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d48d24c986f96356ad78bd0a5a6c7eb7</td>
-       <td>CVE-2024-6302</td>
-       <td>2024-06-25 13:15:51</td>
-       <td>Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6302">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>42f05dcc2e702a2e7f11d150351518c2</td>
-       <td>CVE-2024-6301</td>
-       <td>2024-06-25 13:15:51</td>
-       <td>Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6301">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>7ff94efb013c15b4ea05cf52e52b4676</td>
-       <td>CVE-2024-6300</td>
-       <td>2024-06-25 13:15:50</td>
-       <td>Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6300">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a434d75fa8e8054652906662e434bef7</td>
-       <td>CVE-2024-6299</td>
-       <td>2024-06-25 13:15:50</td>
-       <td>Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6299">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>060452eecce1f0be1651a50354201305</td>
-       <td>CVE-2024-5261</td>
-       <td>2024-06-25 13:15:50</td>
-       <td>Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers. In affected versions of LibreOffice, when used in LibreOfficeKit mode only, then curl's TLS certification verification was disabled (CURLOPT_SSL_VERIFYPEER of false) In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true. This issue affects LibreOffice before version 24.2.4.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5261">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>