CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0935

Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：16 | 回复：0
CVE-2022-22513

An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：14 | 回复：0
CVE-2022-22514

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the at ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：16 | 回复：0
CVE-2022-22515

A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：17 | 回复：0
CVE-2022-22516

The SysDrv3S driver in the CODESYS Control runtime system on Microsoft Windows allows any system user to read and write within restricted memory space.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：17 | 回复：0
CVE-2022-22517

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. This results in the communication channel ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：13 | 回复：0
CVE-2022-22518

A bug in CmpUserMgr component can lead to only partially applied security policies. This can result in enabled, anonymous access to components part of the applied security policy.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：18 | 回复：0
CVE-2022-22519

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：21 | 回复：0
CVE-2022-23970

ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a syst ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：29 | 回复：0
CVE-2022-23971

ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a syst ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0
CVE-2022-23972

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and de ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：54 | 回复：0
CVE-2022-23973

ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：35 | 回复：0
CVE-2022-25594

Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration informati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：31 | 回复：0
CVE-2022-25595

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：28 | 回复：0
CVE-2022-25596

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：28 | 回复：0
CVE-2022-25597

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：20 | 回复：0
CVE-2022-26612

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：21 | 回复：0
CVE-2022-26670

D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：21 | 回复：0
CVE-2022-26671

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：20 | 回复：0
CVE-2022-26675

aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：35 | 回复：0
CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：21 | 回复：0
CVE-2021-36202

Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：17 | 回复：0
CVE-2021-43453

A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is sim ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：20 | 回复：0
CVE-2021-43474

An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：36 | 回复：0
CVE-2022-24681

Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：23 | 回复：0
CVE-2022-28796

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：22 | 回复：0
CVE-2022-28805

singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：23 | 回复：0
CVE-2022-1219

SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：22 | 回复：0
CVE-2022-26624

Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：30 | 回复：0
CVE-2022-27061

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：28 | 回复：0
CVE-2022-27062

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：21 | 回复：0
CVE-2022-27063

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：22 | 回复：0
CVE-2022-27064

Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：19 | 回复：0
CVE-2022-27346

Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：19 | 回复：0
CVE-2022-27348

Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a cra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：22 | 回复：0
CVE-2022-27349

Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：27 | 回复：0
CVE-2022-27351

Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：29 | 回复：0
CVE-2022-27352

Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：33 | 回复：0
CVE-2022-27357

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0
CVE-2022-27991

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0