Updated by Github Bot

EXP-Tools · Sep 19, 2024 · 5ea2ee0 · 5ea2ee0
1 parent cd0053f
commit 5ea2ee0
Show file tree

Hide file tree

Showing 3 changed files with 91 additions and 81 deletions.
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
@@ -134,3 +134,13 @@ ce17165355e2250a3f6fd789dbb066c2
 2610a1a830f3f0f6224ac3a226eed987
 47c2ad1057dd9273d7a3fbbec499f02b
 991bf53479db289a840b14a07040f12f
+0d302c0890b01dbd1f38561fb8f2a0f0
+5b3e7ec354e602f4b80149c53c20230c
+b07200eb1482432c94396052254b6dd6
+4e54047bc04475b44942d38007f8a910
+9043f3825cdc1523918c337609e90dce
+ed5e5a2e7f49bfc0240a4df359a29455
+59532b321fcb4ef970c9f317cd23ce52
+843d84404dbe72282484b8b47e435b14
+548d7c000115388a8c34f00cbc82dcc7
+56ca26c19a0f8c57d37bad8a147b5c1c
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-09-19 12:43:31 -->
+<!-- RELEASE TIME : 2024-09-19 21:21:36 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>0d302c0890b01dbd1f38561fb8f2a0f0</td>
+       <td>CVE-2024-40125</td>
+       <td>2024-09-19 19:15:24 <img src="imgs/new.gif" /></td>
+       <td>An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-40125">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>5b3e7ec354e602f4b80149c53c20230c</td>
+       <td>CVE-2024-33109</td>
+       <td>2024-09-19 19:15:24 <img src="imgs/new.gif" /></td>
+       <td>Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-33109">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b07200eb1482432c94396052254b6dd6</td>
+       <td>CVE-2024-25673</td>
+       <td>2024-09-19 19:15:24 <img src="imgs/new.gif" /></td>
+       <td>Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-25673">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4e54047bc04475b44942d38007f8a910</td>
+       <td>CVE-2024-8963</td>
+       <td>2024-09-19 18:15:10 <img src="imgs/new.gif" /></td>
+       <td>Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8963">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>9043f3825cdc1523918c337609e90dce</td>
+       <td>CVE-2024-47162</td>
+       <td>2024-09-19 18:15:10 <img src="imgs/new.gif" /></td>
+       <td>In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47162">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ed5e5a2e7f49bfc0240a4df359a29455</td>
+       <td>CVE-2024-47160</td>
+       <td>2024-09-19 18:15:10 <img src="imgs/new.gif" /></td>
+       <td>In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47160">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>59532b321fcb4ef970c9f317cd23ce52</td>
+       <td>CVE-2024-47159</td>
+       <td>2024-09-19 18:15:09 <img src="imgs/new.gif" /></td>
+       <td>In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-47159">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>843d84404dbe72282484b8b47e435b14</td>
+       <td>CVE-2024-8653</td>
+       <td>2024-09-19 17:15:15 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8653">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>548d7c000115388a8c34f00cbc82dcc7</td>
+       <td>CVE-2024-8652</td>
+       <td>2024-09-19 17:15:15 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific path on the site. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8652">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>56ca26c19a0f8c57d37bad8a147b5c1c</td>
+       <td>CVE-2024-8651</td>
+       <td>2024-09-19 17:15:15 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8651">详情</a></td>
+      </tr>
+
       <tr>
        <td>8b7fb1d26b72293cb9663e21d399ed9d</td>
        <td>CVE-2024-44589</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8948">详情</a></td>
       </tr>
 
-      <tr>
-       <td>e932dab7aaf442789b80e57a592b5b0c</td>
-       <td>CVE-2024-8767</td>
-       <td>2024-09-17 09:15:03</td>
-       <td>Sensitive data disclosure and manipulation due to unnecessary privileges assignment. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 619, Acronis Backup extension for Plesk (Linux) before build 555, Acronis Backup plugin for DirectAdmin (Linux) before build 147.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8767">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>140ac72b15da9851168e70e125501d26</td>
-       <td>CVE-2024-8761</td>
-       <td>2024-09-17 09:15:03</td>
-       <td>The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.03. This is due to insufficient validation on the redirect url supplied via the link parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8761">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>409124273b3597aca6e65d808ce13b34</td>
-       <td>CVE-2024-8490</td>
-       <td>2024-09-17 08:15:02</td>
-       <td>The PropertyHive plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.19. This is due to missing or incorrect nonce validation on the 'save_account_details' function. This makes it possible for unauthenticated attackers to edit the name, email address, and password of an administrator account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8490">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3f65274f230f4e6e5722a54f01f629e6</td>
-       <td>CVE-2024-8093</td>
-       <td>2024-09-17 06:15:02</td>
-       <td>The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8093">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6564b5e7004571aabc32c75a63842dfb</td>
-       <td>CVE-2024-8092</td>
-       <td>2024-09-17 06:15:02</td>
-       <td>The Accordion Image Menu WordPress plugin through 3.1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8092">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d13c34c54aaea1ecc2e8f09e1740d7a0</td>
-       <td>CVE-2024-8091</td>
-       <td>2024-09-17 06:15:02</td>
-       <td>The Enhanced Search Box WordPress plugin through 0.6.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8091">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>115914a55a46498e45b2cd5fd75051a0</td>
-       <td>CVE-2024-8052</td>
-       <td>2024-09-17 06:15:02</td>
-       <td>The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8052">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b1b73d015db8e66f0405380f123fda2e</td>
-       <td>CVE-2024-8051</td>
-       <td>2024-09-17 06:15:02</td>
-       <td>The Special Feed Items WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8051">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8af7f8f1659163fd6c2a06ca7e73d6dd</td>
-       <td>CVE-2024-8047</td>
-       <td>2024-09-17 06:15:02</td>
-       <td>The Visual Sound (old) WordPress plugin through 1.06 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8047">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b9f0c5bdb47c46eee149c6f24ed9d208</td>
-       <td>CVE-2024-8044</td>
-       <td>2024-09-17 06:15:02</td>
-       <td>The infolinks Ad Wrap WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8044">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>