CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-0346

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：18 | 回复：0
CVE-2022-0781

The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：19 | 回复：0
CVE-2022-1014

The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：19 | 回复：0
CVE-2022-1093

The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：22 | 回复：0
CVE-2022-1192

The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 09:37 | 阅读：25 | 回复：0
CVE-2021-27768

Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted. In this specific scenario, th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：18 | 回复：0
CVE-2021-27769

Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system. This information may or may not be sensitive and does not automatically mean a b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：16 | 回复：0
CVE-2021-27770

The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-func ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：13 | 回复：0
CVE-2021-27771

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service. When interacting in a normal matter with the Sametime chat application, users hol ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：12 | 回复：0
CVE-2021-27772

Users are able to read group conversations without actively taking part in them. Next to one to one conversations, users are able to start group conversations with multiple users. It was found possibl ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：12 | 回复：0
CVE-2021-27773

This vulnerability allows users to execute a clickjacking attack in the meeting's chat.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：10 | 回复：0
CVE-2021-27777

XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to mani ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：10 | 回复：0
CVE-2022-27134

EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：11 | 回复：0
CVE-2022-29218

RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, li ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：12 | 回复：0
CVE-2022-25762

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：14 | 回复：0
CVE-2021-42967

Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：14 | 回复：0
CVE-2021-42969

Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the termin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：19 | 回复：0
CVE-2020-22983

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：17 | 回复：0
CVE-2022-29383

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：18 | 回复：0
CVE-2022-30370

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：19 | 回复：0
CVE-2022-30371

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：19 | 回复：0
CVE-2022-30372

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：22 | 回复：0
CVE-2022-30373

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：22 | 回复：0
CVE-2022-30374

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transactionid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：29 | 回复：0
CVE-2022-30489

WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：32 | 回复：0
CVE-2022-29854

A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：55 | 回复：0
CVE-2022-30367

Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：84 | 回复：0
CVE-2022-30375

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：45 | 回复：0
CVE-2022-30376

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：48 | 回复：0
CVE-2022-30378

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_postid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：42 | 回复：0
CVE-2022-30379

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_userid=.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：32 | 回复：0
CVE-2021-22275

Buffer Overflow vulnerability in BR Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：25 | 回复：0
CVE-2021-46785

The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：23 | 回复：0
CVE-2021-46786

The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：23 | 回复：0
CVE-2021-46787

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：25 | 回复：0
CVE-2021-46788

Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：24 | 回复：0
CVE-2021-46789

Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：23 | 回复：0
CVE-2022-1714

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：24 | 回复：0
CVE-2022-22260

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：22 | 回复：0
CVE-2022-22261

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:36 | 阅读：23 | 回复：0