CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-36867

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher user rights.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：172 | 回复：0
CVE-2021-36895

Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin = 5.1.4 on WordPress via SVG image upload.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：204 | 回复：0
CVE-2022-1466

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：156 | 回复：0
CVE-2022-24866

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：130 | 回复：0
CVE-2022-27854

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher role via wpt_test_ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：112 | 回复：0
CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：96 | 回复：0
CVE-2022-28058

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：76 | 回复：0
CVE-2022-28059

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：61 | 回复：0
CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：48 | 回复：0
CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the Text parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：42 | 回复：0
CVE-2022-28521

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=homec=homea=sp_set_config.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：46 | 回复：0
CVE-2022-28522

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=homec=messagea=add.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：32 | 回复：0
CVE-2022-28523

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE-2022-28524

ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：35 | 回复：0
CVE-2022-28525

ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_userid=1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：30 | 回复：0
CVE-2022-28527

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：36 | 回复：0
CVE-2022-28528

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=contentpage=mediaaction=edit.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：35 | 回复：0
CVE-2022-28918

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=adminc=customa=plugindelhandleplugin_name=.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：29 | 回复：0
CVE-2022-26564

HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：27 | 回复：0
CVE-2022-27888

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：29 | 回复：0
CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：29 | 回复：0
CVE-2022-27332

An access control issue in Zammad v5.0.3 allows attackers to write entries to the CTI caller log without authentication. This vulnerability can allow attackers to execute phishing attacks or cause a D ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：31 | 回复：0
CVE-2022-28085

A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：26 | 回复：0
CVE-2022-29700

A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE-2022-29701

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：26 | 回复：0
CVE-2022-29810

The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE-2022-1503

A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：29 | 回复：0
CVE-2021-46420

Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：26 | 回复：0
CVE-2021-46421

Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：27 | 回复：0
CVE-2021-46441

In the webupg binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use cmd parameters to execute arbitrary system commands after obtaining authorization.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE-2021-46442

In the webupg binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters autoupgrade.asp, and perform functions such as downloading configuration files and updating firmware w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：30 | 回复：0
CVE-2022-1504

XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE-2021-46422

Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：51 | 回复：0
CVE-2021-46423

Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：48 | 回复：0
CVE-2021-46424

Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE-2022-24885

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：36 | 回复：0
CVE-2022-24886

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextclo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：32 | 回复：0
CVE-2022-24887

Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the met ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：50 | 回复：0
CVE-2022-27239

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：62 | 回复：0