From b7aacdaa305151a0f4cf29bda90eea4cbb0d18ca Mon Sep 17 00:00:00 2001 From: Github-Bot Date: Mon, 24 Jun 2024 18:27:22 +0000 Subject: [PATCH] Updated by Github Bot --- cache/Tenable (Nessus).dat | 10 +++ data/cves.db | Bin 48156672 -> 48160768 bytes docs/index.html | 162 ++++++++++++++++++------------------- 3 files changed, 91 insertions(+), 81 deletions(-) diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index b561b17ea12..226bcc7eda2 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -154,3 +154,13 @@ eb7fc32b39199aefc374db1acd6f1021 416b136909a016e4948e759b17bf19a1 1fcee9b080c8d2926478ce7a25ae4e0a a43499c8aab0d26ca783c9c658ca517a +7de89a3de59e9801c17de151a145ea64 +65ee62800aa4582440e7feb97a2bee24 +c0946bb440b579fcb08a0ee8b0d398e2 +6762b4689bfde24f805b07b03370ebe9 +698e403dae8aeec3df231f60292de920 +a1a20feca6978ef75b6ef6b750f0f352 +69c8f91a14cb06c3b07573e25e0e8334 +e88b3fba55c466c08a51856bc524c897 +430683c3155dbbeaae12f8a33cafbd59 +f9241e09be7111c9a6846d83edda7001 diff --git a/data/cves.db b/data/cves.db index c52fb428512052b1d525051d8926fcc7e99e32b9..1b601c48afc489fd234f25e2740480dfd159d122 100644 GIT binary patch delta 5940 zcmeI!X>=4-8U|pxNJ50L1VSPPun;h8X{x$<#T8KY2$~>>3SV`1HEGjHhwcstiY&>C z#yyI(idv|sC@z2-xUoc3R76Bj6m*<%W?WFgZ5C#nc{_2AGe?Hwnc>fzGe4etPTj7) z+jr}Jcj1b|g$p+wF1)cgduf|CrC&CwXE>HF5{Lt$K-xmGAlZ-{NIOU_2T6AufmkaYH;1FT@A&LjsUtkW(P1LQaF64mksICS*8d z1Y{)SEXdiAQIOG)F_5v4aggzl36L_#Igp8vNsx0P=RwLL6_Cl0^C43pQy~{Xra>-* zTm-ooG95Al!u2sBK}ZM^hFFjYWG18%5`|m>se;5H)sPxU98wFJ1xY}XkQAg2G8-}n zaw%jkWFF))$mNjvkSibyAPXUjAd4aOkOl}KOCVQ5u7Wf|u7+F#xfXIArkQ*UQ zkeeVkLzY5rfh>chA-6(qgWL{T4!HwzC*&@O4Os!X8*&fiUdT$weUSSh4?tEy9)vsu zSq*s@@(AQn$YYQ-khPF?kjEiUK%Rs=1$i2>9<$k&i>Am2j1 zgM1J91LTj8KSBNsISly=@kE3aC33QV|_bJ?I1~rk>P`dee!dQXe{r`cgmYPbX6e4WNNEhz8RTDkUckC5?1) zkwI?qke7VqrvMG3Q|MGWjZUXC=u8?;BWNU@MQ76}8ckzpERCb_G=a+K9GXaz=v+FF z%Bg}T)A=-orqTs8jV`2%=wg~qGbpqECIu-(VX`PfGpUlIbO}{ajH;=I;#5nsC_za| zQ60^uIdmz_rFnE2T~71q3R*x5X%Q`^dTJoh61tMEqDH!!uAyt`I=Y^2pc|=)ZlarM zDcwTLC{4H0ZFD;=r#t9Qx{GXDL3h(VbT6%>`{;gpfL76i^boD4hv^Y|lpdosw3gP< zw2?N^X4*o{^dfDgm*{1Bg|^YF^cuZR+vyG3L2uGd zdW&|^+q9eZ&^z=l?WOnVecDI+=>z(ZenlVAujx1RG5wZ)N57{}=u`TPKBoip1${|h z(Lp*yU(+}AEqzDd(;w)M^e6f=9j3p~U+D+>o1;+_e*UCTTgswr%At0YOUF@r>Ogta zkvdUl>O%R{mAX*@b*DlqqT{Itoj}FZlX_8aI+0ZBLnl#R>PP+QWGbNnG>`_-U>ZWD z2wC2NyBLbjij^aY#K$QX$*~}aWtMLP#K*= z6KN8iOXpEJRnTNQpQg}Mx`3w9g>(^JOw(xwW!B%MAcZJQ7DZ?#RZ^5Lp(=_|HPuj@ zYH1cFC`l=*quDfvE~U9Nk1nIjX+B*+3uqxNqQz8C4Fp<3SJG9~NLSM}bS+&+*V7Gj zBQ?=YbTcibTWA@j=~lXpZl~pR2i-|`kxeV;Zn}r=rImCa-A@nDDteF}qSf>;JwlJt zW3-0W(mHyao}ee`DSDdL(*}Bmo~7sLd3u31(k9wWTd0{{q^m2crJ}7PE1kb$-M87LU!b}D4bvKSDlFd06uUCT z+nHi_rr47y-pLg2W{SO;;=N4qex}%$DfTNHr!{<_JakI8+&1Ahovlu9c5>#m$$2sB zYvuknc0N;RS!u&*?5BNMX-WNPqki-ZZ@_Q4H6v_Ve$%o-MmXX!^oUn;1zce(V9z?R zLn+QOTwb@maLKI>{q`zHzWsgTGe_s%V{1ZAwJd6umRVtSjAh1BmFn=?STtm&qVXDg z$HThP+a3|S#?j4ws{i#$fvqM#bF}mP{MBJ<(2B$pma027r|x#TG?%+n^Om~Ys%{L^ zJ;QYU7GgSCLATc*2u8w|%N_A+ zo}lInYKGy{te}1Fz0WAc*@lmcXX}NF98yqj#^N>VhVIyE4GWRLH+VXF9pLv6oLG32R%(>1n zDSO(My-Gz+>yy26<%3FLq1Sn&*x8e&Z*?5)f9bB-8%o^n(#+x+SNqW1F0(ruhZ~K< zXLvo9<#qWr%{1K}zl&qEd=V=c@R_clW!X*Zw{v&8{YD@?t6)aI^rq#jk56lxM`ZOY zDYp`{twd5C8Lx>%XVxWJHf6FzjnvhIGW%1FM{K)%uhO$u<~3F%)qvBhrs8U<(o$n) z%1Wl3YDId|;kgA1l4`Uj6srqc>e(?fnTm$gq-7>Tm1?G!Xvk6r)YXKogc@QqsYG2% z2Lp$wQ!6UU`DV*2L)1xD%8Vs{dY(ODLfKDGW=&Wvi?@tyWGWH+>4!O$(XQ+%W`?TN zk>%%&Qfm|Olx63KMmn4e!dA$N&bHJ#_L3PShhJASCz?ue&&B4lBFR2unGKkk)jy9% zHLK&Sj3bv668cQhVw6xo|%4UXJyNBFq^AG`mF*bTO| zOLi++P9xAT5Y0I)Da0`9jTyeMXumC_heqqw|dq zl(!sRIx_obXCG|S@rS(W?Z@Q?H+I=%IX=oBQjO-$E%~O-sIN040he31v_R1E>AD^Y zm|nlz8}=JkIBfbfd+owKE%`{&bZDxRah(X=XajvGwFKmSbawexOsn8&W0^sb3pN|@-GKLf7%5Slx+q@*fiah2&d zG_T(X8M?<44hAjLv~*X*ZyH9(jM({UQz>qj`J=A+()kCr4((rNRR?+UR7Pvn@^~aQ z$K+*VN;FwHA(~97tv{+$ZGF{lMa%zr{pO1OoVCZPA7R#Meb2fR?KR7mJMxc3FSg^k zuNxkG+?^SIZQo>`nU zZ)F$dD&v3Qc-C&)s|@;gvo1RFthHm;!@tZpP+yGZyp}lkH5T_Zy@8NF6384Bymfd( z25(dzpJBN?mS*{lbkoPSbK6yfLt#B-vNb9S$qHh delta 2781 zcmWmGV|N`06oujDrbcSpPHo$Enzp;P?G(GVZQH3++xB$Kj@=I4`{8+iz+UUDb)wF_ zPZPD_eVPRs+Dc=kwbEJXtqfL1E0dMk%3@`;vRT=!99B*%mzCSfW97B-S^2F3Rza(f zRoDu*idaRhVpeghgjLciWtFzdSY@qpR(Y#}Rne+sRko^FRjq1Pb*qL|)2e0Fw(3}Q zt$J2{tAW+fYGgIGnpjP(W>#~nh1Jq(Wwo~2SZ%F#R)p2winKad9j#6l`*gOtSY54d zR(Gq1)zj)_^|tz0eXV|0e`|m>&>Cb7wuV?ktzp)1YlJn@8fA^P##m#man^Wif;G{K zvL;!Rttr-2%hoh&x;4X^Y0a``TXU?r);w#zwZK|vEwUC{ORS~VGHbcD!dhvqvQ}Gb zthLrUYrVC>+GuUEHd|Y)t=2YcyS2mGY3;IhTYId%);?>$b-+4k9kLEvN35gPF)P|S zZk@1BTBoej)*0)p6=R*V&RZ9(i`FIUvUSC}YF)FgTQ{tm)-CI{b;r7E-Lvjn53GmQ zBkQsC#CmEyvz}Wote4g+>$Ua9`p9}~eQbSVeQJGXeQteWeQAAVeQkYXeQSMZy|ccz zez1PDezJbHezAVFezShJ{;>YE{<8kI-di86f2@D4|7I#=u0jw%C}JZH;vyd6BLNa3 z5fUQ_!jKfnkQ^zH5~+|HX^fQqPu%BX^>sD|pOftsj=+NguNsE7J!fQD#<#%O}3 zXolu!ftF~6)@XyaXom>2M;hy6H!gE)l4ID(@%hG-ne z37o_!oW>cPMGVg2JTBlOF5xn+;3}@+I&R=5Zs9iW;4bdrJ|5s99^o;b;3=NrIbPr; zUg0&~;3K@n$M^)F;xl}XFYqP4!q@l)-{L#G!}s_BKjJ6+j9>68e#7th1ApQ#{Ehec zfPe5W{tKC@0OyYYLJ=Er5EtOR7Mq4 zMKx4M4b(&})J7fDMLpC<12jY1WMLR^GJtENo9nlHF{X3%z zx}qDpqX&AT7kZ-)`l28DV*mzX5C&rihGH0oV+2NG6h>nV#$p`CV*(~33X?DyQ!o|A zG)%_~%)~6r#vIJWJj}-eEW{!##u6;WGAzdmti&p;#u}`}I;_VAY{VvP#ujYFHf+ZZ z?8GkY#vbg&KJ3Q<9K<0U#t|IFF+}4yPT(X?;WW + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + 7de89a3de59e9801c17de151a145ea64 + CVE-2024-5862 + 2024-06-24 13:15:12 + Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before 1.0.14. + 详情 + + + + 65ee62800aa4582440e7feb97a2bee24 + CVE-2024-4839 + 2024-06-24 13:15:11 + A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful exploitation results in attackers tricking users into performing actions without their consent. + 详情 + + + + c0946bb440b579fcb08a0ee8b0d398e2 + CVE-2024-37233 + 2024-06-24 13:15:11 + Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through 3.6.4. + 详情 + + + + 6762b4689bfde24f805b07b03370ebe9 + CVE-2024-37231 + 2024-06-24 13:15:11 + Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through 9.9. + 详情 + + + + 698e403dae8aeec3df231f60292de920 + CVE-2024-3264 + 2024-06-24 13:15:11 + Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation.This issue affects Mia-Med Health Aplication: before 1.0.14. + 详情 + + + + a1a20feca6978ef75b6ef6b750f0f352 + CVE-2024-37228 + 2024-06-24 13:15:10 + Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through 0.1.0.38. + 详情 + + + + 69c8f91a14cb06c3b07573e25e0e8334 + CVE-2024-37111 + 2024-06-24 13:15:10 + Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through 3.25.1. + 详情 + + + + e88b3fba55c466c08a51856bc524c897 + CVE-2024-37109 + 2024-06-24 13:15:10 + Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through 3.25.1. + 详情 + + + + 430683c3155dbbeaae12f8a33cafbd59 + CVE-2024-37107 + 2024-06-24 13:15:10 + Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through 3.25.1. + 详情 + + + + f9241e09be7111c9a6846d83edda7001 + CVE-2024-37092 + 2024-06-24 13:15:10 + Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. + 详情 + + cd99aee8c48e943becdaba74cec3de59 CVE-2024-6269 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - b528fadc9d837858e20cd62eaa6da96c - CVE-2024-35771 - 2024-06-21 13:15:11 - Cross-Site Request Forgery (CSRF) vulnerability in presscustomizr Customizr.This issue affects Customizr: from n/a through 4.4.21. - 详情 - - - - d8996c9174c4ee022158e80f77e946df - CVE-2024-35770 - 2024-06-21 13:15:11 - Cross-Site Request Forgery (CSRF) vulnerability in Dave Kiss Vimeography: Vimeo Video Gallery WordPress Plugin.This issue affects Vimeography: Vimeo Video Gallery WordPress Plugin: from n/a through 2.4.1. - 详情 - - - - 655d7c544108b0b1eea4704bca99bb72 - CVE-2024-35768 - 2024-06-21 13:15:11 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.42. - 详情 - - - - 12ef3ac23fdfe16de53f239e99546cd0 - CVE-2024-35766 - 2024-06-21 13:15:11 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ollybach WPPizza allows Reflected XSS.This issue affects WPPizza: from n/a through 3.18.13. - 详情 - - - - 9d3375cb032f298108647d4802618d77 - CVE-2024-35764 - 2024-06-21 13:15:10 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.4.4. - 详情 - - - - 4fd816ce9e63c33f2b31b9fc26e82897 - CVE-2024-35763 - 2024-06-21 13:15:10 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Excellent allows Stored XSS.This issue affects Excellent: from n/a through 1.2.9. - 详情 - - - - 46d95bb43f83b0511c3fc0c0fb1b67fd - CVE-2024-35762 - 2024-06-21 13:15:10 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cryout Creations Serious Slider allows Stored XSS.This issue affects Serious Slider: from n/a through 1.2.4. - 详情 - - - - 309fe26991f1857c68892f8d00363c1c - CVE-2024-5756 - 2024-06-21 05:15:10 - The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. - 详情 - - - - e44d93a41a3399068b81daee96ed5010 - CVE-2024-5455 - 2024-06-21 04:15:11 - The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. - 详情 - - - - 57bf54961c2c61017871e00cd721ee2b - CVE-2024-3961 - 2024-06-21 04:15:11 - The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for unauthenticated attackers to subscribe users to tags. Financial damages may occur to site owners if their API quota is exceeded. - 详情 - -