diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 6a6911f4544..ef21f169cc4 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -198,3 +198,11 @@ e97103dd07bec60d514bf2cbce2781a7 6708a673f548c15f7d8dbbdd613cf22a 36d3d1c1921836f21f9bbb1187704feb f20d744667e2bedecc9279d6265c0fac +eeea53a7b5ca82f7d34ea9bccde779d0 +01b38aa63a7c181f44adb099ab0a4c3a +37fa1ae0584dd61814df8743c4313a10 +14dfbd1d1fcdfc69d245483a420401f2 +3e2bad140d080413a4a48d32d1a95a01 +31661febd1eab5aec60f5afb7b3b9c4e +dc431a9e2c63dd8e3a80208312c9c177 +7c81eadaaa3f0423f64263b10dbebeac diff --git a/data/cves.db b/data/cves.db index c9bc595eeeb..4fb9b60daad 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index eec0e34ae80..33797b43a14 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -363,6 +363,70 @@

眈眈探求 | 详情 + + eeea53a7b5ca82f7d34ea9bccde779d0 + CVE-2024-6371 + 2024-06-27 13:16:01 + A vulnerability, which was classified as critical, has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument rmtype_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269804. + 详情 + + + + 01b38aa63a7c181f44adb099ab0a4c3a + CVE-2024-38515 + 2024-06-27 13:16:00 + Rejected reason: This CVE is a duplicate of CVE-2024-38374. + 详情 + + + + 37fa1ae0584dd61814df8743c4313a10 + CVE-2024-1107 + 2024-06-27 13:15:54 + Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68. + 详情 + + + + 14dfbd1d1fcdfc69d245483a420401f2 + CVE-2024-6370 + 2024-06-27 12:15:31 + A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument bulletinbody leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269803. + 详情 + + + + 3e2bad140d080413a4a48d32d1a95a01 + CVE-2024-6369 + 2024-06-27 12:15:30 + A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=page&sdcid=LV_ReagentLot of the component POST Request Handler. The manipulation of the argument mode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269802 is the identifier assigned to this vulnerability. + 详情 + + + + 31661febd1eab5aec60f5afb7b3b9c4e + CVE-2024-6368 + 2024-06-27 12:15:30 + A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269801 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + dc431a9e2c63dd8e3a80208312c9c177 + CVE-2024-6367 + 2024-06-27 12:15:29 + A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument sdcid/keyid1/keyid2/keyid3 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. + 详情 + + + + 7c81eadaaa3f0423f64263b10dbebeac + CVE-2024-6262 + 2024-06-27 11:15:25 + The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + 1365bdf27a5951d32da0f85d73799495 CVE-2024-6344 @@ -459,70 +523,6 @@

眈眈探求 | 详情 - - 194ee1eacf7808ff82536e998cfbce04 - CVE-2024-4957 - 2024-06-26 06:15:16 - The Frontend Checklist WordPress plugin through 2.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) - 详情 - - - - 560cdaf211f246118d2a2e5bad391688 - CVE-2024-4758 - 2024-06-26 06:15:16 - The Muslim Prayer Time BD WordPress plugin through 2.4 does not have CSRF check in place when reseting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack - 详情 - - - - f7f26f0469e715576f45de8a29b6295e - CVE-2024-6303 - 2024-06-25 13:15:51 - Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more - 详情 - - - - d48d24c986f96356ad78bd0a5a6c7eb7 - CVE-2024-6302 - 2024-06-25 13:15:51 - Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction events. - 详情 - - - - 42f05dcc2e702a2e7f11d150351518c2 - CVE-2024-6301 - 2024-06-25 13:15:51 - Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most EDUs - 详情 - - - - 7ff94efb013c15b4ea05cf52e52b4676 - CVE-2024-6300 - 2024-06-25 13:15:50 - Incomplete cleanup when performing redactions in Conduit, allowing an attacker to check whether certain strings were present in the PDU before redaction - 详情 - - - - a434d75fa8e8054652906662e434bef7 - CVE-2024-6299 - 2024-06-25 13:15:50 - Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry date - 详情 - - - - 060452eecce1f0be1651a50354201305 - CVE-2024-5261 - 2024-06-25 13:15:50 - Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents. LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers. In affected versions of LibreOffice, when used in LibreOfficeKit mode only, then curl's TLS certification verification was disabled (CURLOPT_SSL_VERIFYPEER of false) In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true. This issue affects LibreOffice before version 24.2.4. - 详情 - -