Updated by Github Bot

EXP-Tools · Jun 30, 2024 · f5ae344 · f5ae344
1 parent 7bbf38c
commit f5ae344
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 73 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -126,3 +126,9 @@ a24880093145de3bb6ed849766e175f3
 00bf97708885881e3cc110f73c190d23
 7ca594adf36457753464e1b7e03b1a3b
 ed8e3d082bba0507118f33253565ef17
+04948b47c2c5cf6ca5b263a13d52b8fb
+4e58b2192572fe324d1e65ccec8b8b18
+9b10a66072ccf63d5e2b7b6cf97db3bf
+1fda643624d3c091d8d867024ced12aa
+803351db6e5b5e13559c67afdc334331
+e228ab0cad3d8607093fa072e3a61ff0
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-06-29 18:25:49 -->
+<!-- RELEASE TIME : 2024-06-30 18:27:37 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,54 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>04948b47c2c5cf6ca5b263a13d52b8fb</td>
+       <td>CVE-2024-6415</td>
+       <td>2024-06-30 04:15:02 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6415">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4e58b2192572fe324d1e65ccec8b8b18</td>
+       <td>CVE-2024-6414</td>
+       <td>2024-06-30 03:15:02 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-270000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6414">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>9b10a66072ccf63d5e2b7b6cf97db3bf</td>
+       <td>CVE-2024-5926</td>
+       <td>2024-06-30 01:15:09 <img src="imgs/new.gif" /></td>
+       <td>Path Traversal: '\..\filename' in GitHub repository stitionai/devika prior to -.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-5926">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>1fda643624d3c091d8d867024ced12aa</td>
+       <td>CVE-2024-39848</td>
+       <td>2024-06-29 22:15:02 <img src="imgs/new.gif" /></td>
+       <td>Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web Services" before 4.13.1.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39848">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>803351db6e5b5e13559c67afdc334331</td>
+       <td>CVE-2024-39846</td>
+       <td>2024-06-29 21:15:09 <img src="imgs/new.gif" /></td>
+       <td>NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during use.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39846">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>e228ab0cad3d8607093fa072e3a61ff0</td>
+       <td>CVE-2024-39840</td>
+       <td>2024-06-29 17:15:09 <img src="imgs/new.gif" /></td>
+       <td>Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39840">详情</a></td>
+      </tr>
+
       <tr>
        <td>44b6cfec136896f12e266aedcc840ab3</td>
        <td>CVE-2024-25943</td>
@@ -475,54 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39156">详情</a></td>
       </tr>
 
-      <tr>
-       <td>de051cde67987654b660cba5ce3073c6</td>
-       <td>CVE-2024-39155</td>
-       <td>2024-06-27 14:15:15</td>
-       <td>idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39155">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4874458875c0a65e5fcd00bc97a3f073</td>
-       <td>CVE-2024-39154</td>
-       <td>2024-06-27 14:15:15</td>
-       <td>idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39154">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e97103dd07bec60d514bf2cbce2781a7</td>
-       <td>CVE-2024-39153</td>
-       <td>2024-06-27 14:15:15</td>
-       <td>idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-39153">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6708a673f548c15f7d8dbbdd613cf22a</td>
-       <td>CVE-2024-1153</td>
-       <td>2024-06-27 14:15:12</td>
-       <td>Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-1153">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>36d3d1c1921836f21f9bbb1187704feb</td>
-       <td>CVE-2024-6373</td>
-       <td>2024-06-27 13:16:02</td>
-       <td>A vulnerability has been found in itsourcecode Online Food Ordering System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /addproduct.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-269806 is the identifier assigned to this vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6373">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f20d744667e2bedecc9279d6265c0fac</td>
-       <td>CVE-2024-6372</td>
-       <td>2024-06-27 13:16:02</td>
-       <td>A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file customeradd.php. The manipulation of the argument fullname/address/phonenumber/sex/email/city/comment leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269805 was assigned to this vulnerability.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-6372">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>
@@ -1982,191 +1982,191 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>3ec6544d8ce4cdbdaacee55b7a6a9f40</td>
        <td>CVE-2024-31860</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>Apache Zeppelin输入验证错误漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97660">详情</a></td>
       </tr>
 
       <tr>
        <td>061f6f0ef3eb34a98d4ec05999cad567</td>
        <td>CVE-2024-31544</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>Computer Laboratory Management System跨站脚本漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97659">详情</a></td>
       </tr>
 
       <tr>
        <td>153354567152d82666ef15293f5eee37</td>
        <td>CVE-2024-3046</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>Eclipse Kura LogServlet身份认证算法实施错误漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97658">详情</a></td>
       </tr>
 
       <tr>
        <td>dd4fb5b0c57ffee820593a2df78db35e</td>
        <td>CVE-2024-2224</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>Bitdefender多款产品路径遍历漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97657">详情</a></td>
       </tr>
 
       <tr>
        <td>7cc111b8f957939115be056e03002895</td>
        <td>CVE-2024-31978</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>Siemens SINEC NMS路径遍历漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97656">详情</a></td>
       </tr>
 
       <tr>
        <td>755a89f061af1e557f02e1d7e090ff5f</td>
        <td>CVE-2023-6320</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>LG webOS命令注入漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97655">详情</a></td>
       </tr>
 
       <tr>
        <td>df569d99cd474cd2df8863f3d92953b5</td>
        <td>CVE-2023-6319</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>LG webOS命令注入漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97654">详情</a></td>
       </tr>
 
       <tr>
        <td>be54c3e9ca941d511dd488c53760d482</td>
        <td>CVE-2024-28190</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>Contao跨站脚本漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97653">详情</a></td>
       </tr>
 
       <tr>
        <td>791a0796c82f47c0558027cf93dd4a6f</td>
        <td>CVE-2024-30190</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>Siemens SCALANCE多款产品身份认证绕过漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97652">详情</a></td>
       </tr>
 
       <tr>
        <td>ec1b8dfe2551937d71f809da14513db6</td>
        <td>CVE-2023-6318</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>LG webOS命令注入漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97651">详情</a></td>
       </tr>
 
       <tr>
        <td>c34ee79416e2a5e45fb69e6a6dfee07f</td>
        <td></td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>WordPress plugin Shortcodes and extra features for Phlox theme存储型跨站脚本漏洞（CVE-2024</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97650">详情</a></td>
       </tr>
 
       <tr>
        <td>0d9b4cd17c8a36e7a2055545eed90cb3</td>
        <td></td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>WordPress plugin Shortcodes and extra features for Phlox theme存储型跨站脚本漏洞（CVE-2024</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97649">详情</a></td>
       </tr>
 
       <tr>
        <td>5e6f254d7ff9295c39279069f836f399</td>
        <td>CVE-2023-7030</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>WordPress plugin Collapse-O-Matic存储型跨站脚本漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97648">详情</a></td>
       </tr>
 
       <tr>
        <td>73a15316a6b63bc0735ec631675552f9</td>
        <td>CVE-2024-1055</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>WordPress Plugin PowerPack Addons for Elementor跨站脚本漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97647">详情</a></td>
       </tr>
 
       <tr>
        <td>4e4b3a9ac9630bea5e40f6d632db9503</td>
        <td>CVE-2023-6962</td>
-       <td>2024-06-28 09:20:30 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 09:20:30</td>
        <td>WordPress plugin WP Meta SEO信息泄露漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97646">详情</a></td>
       </tr>
 
       <tr>
        <td>fbbcd28fc349cba29a12d49061832b2c</td>
        <td>CVE-2024-24131</td>
-       <td>2024-06-28 06:26:45 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 06:26:45</td>
        <td>Superwebmailer跨站脚本漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97625">详情</a></td>
       </tr>
 
       <tr>
        <td>d2ba6c11d297af2c6f7b8af19a1358be</td>
        <td>CVE-2024-24019</td>
-       <td>2024-06-28 06:26:45 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 06:26:45</td>
        <td>Novel-Plus SQL注入漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97624">详情</a></td>
       </tr>
 
       <tr>
        <td>1808a9f8149bb1a9261e46ddc8fd80ec</td>
        <td>CVE-2024-0710</td>
-       <td>2024-06-28 06:26:45 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 06:26:45</td>
        <td>WordPress Plugin GP Unique ID输入验证错误漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97623">详情</a></td>
       </tr>
 
       <tr>
        <td>e0ca39c91ccc76b4b58075f5a4a2976d</td>
        <td>CVE-2024-0848</td>
-       <td>2024-06-28 06:26:45 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 06:26:45</td>
        <td>WordPress plugin AA Cash Calculator反射型跨站脚本漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97622">详情</a></td>
       </tr>
 
       <tr>
        <td>0f66e9396665a6f4e098d77833db9be1</td>
        <td>CVE-2024-25200</td>
-       <td>2024-06-28 06:26:45 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 06:26:45</td>
        <td>Espruino缓冲区溢出漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97621">详情</a></td>
       </tr>
 
       <tr>
        <td>fb2934d1da1d19dc89199c37dc6cf13a</td>
        <td>CVE-2024-0613</td>
-       <td>2024-06-28 06:26:45 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 06:26:45</td>
        <td>WordPress plugin Delete Custom Fields跨站请求伪造漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97620">详情</a></td>
       </tr>
 
       <tr>
        <td>5cd6db88170aa1b245f64cf19b73a19c</td>
        <td>CVE-2024-1079</td>
-       <td>2024-06-28 06:26:45 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 06:26:45</td>
        <td>WordPress Plugin Quiz Maker未授权数据访问漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97619">详情</a></td>
       </tr>
 
       <tr>
        <td>d0045130906e7e8c0f27defc221649d4</td>
        <td>CVE-2024-24304</td>
-       <td>2024-06-28 06:26:45 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 06:26:45</td>
        <td>PrestaShop未授权访问漏洞</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97618">详情</a></td>
       </tr>
 
       <tr>
        <td>6ba09a046799195b5fc217fccbb7ab2f</td>
        <td></td>
-       <td>2024-06-28 06:26:45 <img src="imgs/new.gif" /></td>
+       <td>2024-06-28 06:26:45</td>
        <td>WordPress plugin Shortcodes and extra features for Phlox theme PHP对象注入漏洞（CVE-202</td>
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/97617">详情</a></td>
       </tr>