CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-43456

An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：246 | 回复：0
CVE-2021-43457

An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：133 | 回复：0
CVE-2021-43458

An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：87 | 回复：0
CVE-2022-1026

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：60 | 回复：0
CVE-2021-25048

The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：80 | 回复：0
CVE-2021-25113

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：88 | 回复：0
CVE-2021-43459

A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：65 | 回复：0
CVE-2021-43460

An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：68 | 回复：0
CVE-2021-43461

Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：58 | 回复：0
CVE-2021-43462

A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：57 | 回复：0
CVE-2021-43463

An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：71 | 回复：0
CVE-2022-0403

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any aut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：74 | 回复：0
CVE-2022-0404

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：137 | 回复：0
CVE-2022-0431

The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leadi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：242 | 回复：0
CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：108 | 回复：0
CVE-2022-0709

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：119 | 回复：0
CVE-2022-0825

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive infor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：155 | 回复：0
CVE-2022-0830

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：85 | 回复：0
CVE-2022-0837

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：63 | 回复：0
CVE-2022-0864

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.22.9 does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：58 | 回复：0
CVE-2022-0884

The Profile Builder WordPress plugin before 3.6.8 does not sanitise and escape Form Fields titles and description, which could allow high privilege user such as admin to perform Criss-Site Scripting a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：72 | 回复：0
CVE-2022-0887

The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：88 | 回复：0
CVE-2022-0901

The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in brows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：166 | 回复：0
CVE-2022-0958

The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：124 | 回复：0
CVE-2022-1164

The Wyzi Theme was affected by reflected XSS vulnerabilities in the business search feature……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：101 | 回复：0
CVE-2022-1165

The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：57 | 回复：0
CVE-2022-1166

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data suc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：54 | 回复：0
CVE-2022-1167

There are unauthenticated reflected Cross-Site Scripting (XSS) vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：43 | 回复：0
CVE-2022-1168

There is a Cross-Site Scripting vulnerability in the JobSearch WP JobSearch WordPress plugin before 1.5.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：35 | 回复：0
CVE-2022-1169

There is a XSS vulnerability in Careerfy.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：30 | 回复：0
CVE-2022-1170

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：33 | 回复：0
CVE-2020-28062

An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：35 | 回复：0
CVE-2022-24785

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：37 | 回复：0
CVE-2021-43464

A Remiote Code Execution (RCE) vulnerability exiss in Subrion CMS 4.2.1 via modified code in a background field; when the information is modified, the data in it will be executed through eval().……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：36 | 回复：0
CVE-2022-0990

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：56 | 回复：0
CVE-2022-24787

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：34 | 回复：0
CVE-2022-24801

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed sev ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：41 | 回复：0
CVE-2022-24813

CreateWiki is Miraheze's MediaWiki extension for requesting creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：46 | 回复：0
CVE-2022-24814

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.7.0, unauthorized JavaScript (JS) can be executed by inserting an iframe into the rich text html int ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：51 | 回复：0
CVE-2022-25569

Bettini Srl GAMS Product Line v4.3.0 was discovered to re-use static SSH keys across installations, allowing unauthenticated attackers to login as root users via extracting a key from the software.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：59 | 回复：0