CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0471

The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：49 | 回复：0
CVE-2022-0531

The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE-2022-0728

The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：40 | 回复：0
CVE-2022-0828

The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：36 | 回复：0
CVE-2022-0840

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：44 | 回复：0
CVE-2022-0892

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：53 | 回复：0
CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：66 | 回复：0
CVE-2022-0919

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：52 | 回复：0
CVE-2022-0920

The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer&#3 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：44 | 回复：0
CVE-2022-0949

The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：47 | 回复：0
CVE-2022-0969

The Image optimization Lazy Load by Optimole WordPress plugin before 3.3.2 does not sanitise and escape its Lazyload background images for selectors settings, which could allow high privilege users s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：48 | 回复：0
CVE-2022-0989

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：48 | 回复：0
CVE-2022-1006

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the id parameter when editing Calendars, which could allow high privilege users such as admin to perform SQL in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：52 | 回复：0
CVE-2022-1007

The Advanced Booking Calendar WordPress plugin before 1.7.1 does not sanitise and escape the room parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：47 | 回复：0
CVE-2022-1008

The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：61 | 回复：0
CVE-2022-1023

The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：66 | 回复：0
CVE-2022-27111

Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：67 | 回复：0
CVE-2022-27156

Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：61 | 回复：0
CVE-2021-40219

Bolt CMS = 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code executio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：61 | 回复：0
CVE-2022-1098

Delta Electronics DIAEnergie (all versions prior to 1.8.02.004) are vulnerable to a DLL hijacking condition. When combined with the Incorrect Default Permissions vulnerability of 4.2.2 above, this mak ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：37 | 回复：0
CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：36 | 回复：0
CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：44 | 回复：0
CVE-2022-25155

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：50 | 回复：0
CVE-2022-25156

Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：66 | 回复：0
CVE-2022-25157

Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：64 | 回复：0
CVE-2022-25158

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi E ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：67 | 回复：0
CVE-2022-25159

Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Elec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：47 | 回复：0
CVE-2022-25160

Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi E ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：51 | 回复：0
CVE-2022-25959

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：64 | 回复：0
CVE-2022-26022

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：68 | 回复：0
CVE-2022-26417

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：82 | 回复：0
CVE-2022-26419

Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：80 | 回复：0
CVE-2022-27177

A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：73 | 回复：0
CVE-2022-27534

Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：79 | 回复：0
CVE-2022-1201

NULL Pointer Dereference in mrb_vm_exec with super in GitHub repository mruby/mruby prior to 3.2. This vulnerability is capable of making the mruby interpreter crash, thus affecting the availability o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：131 | 回复：0
CVE-2022-28352

WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-mi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：163 | 回复：0
CVE-2022-28355

randomUUID in Scala.js before 1.10.0 generates predictable values.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：96 | 回复：0
CVE-2022-28356

In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：96 | 回复：0
CVE-2022-28368

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：80 | 回复：0
CVE-2022-28376

Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：84 | 回复：0