CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2017-20061

A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：61 | 回复：0
CVE-2017-20062

A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：66 | 回复：0
CVE-2017-20063

A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：134 | 回复：0
CVE-2017-20064

A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation lead ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：375 | 回复：0
CVE-2021-45918

NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：163 | 回复：0
CVE-2022-21742

Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：85 | 回复：0
CVE-2022-26668

ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：74 | 回复：0
CVE-2022-26669

ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：77 | 回复：0
CVE-2022-2130

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：45 | 回复：0
CVE-2022-31734

** Unsupported When Assigned ** Cisco Catalyst 2940 Series Switches provided by Cisco Systems, Inc. contain a reflected cross-site scripting vulnerability regarding error page generation. An arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：60 | 回复：0
CVE-2021-25088

The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting at ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：49 | 回复：0
CVE-2021-25104

The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：77 | 回复：0
CVE-2021-25121

The Rating by BestWebSoft WordPress plugin through 1.5 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：55 | 回复：0
CVE-2022-0663

The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：59 | 回复：0
CVE-2022-1266

The Post Grid, Slider Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks eve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：79 | 回复：0
CVE-2022-1472

The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：64 | 回复：0
CVE-2022-1603

The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and de ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：77 | 回复：0
CVE-2022-1610

The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：75 | 回复：0
CVE-2022-1614

The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：63 | 回复：0
CVE-2022-1630

The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：63 | 回复：0
CVE-2022-1717

The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cro ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：54 | 回复：0
CVE-2022-1801

The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very ea ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：68 | 回复：0
CVE-2022-1818

The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：54 | 回复：0
CVE-2022-1823

Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：43 | 回复：0
CVE-2022-1824

An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：50 | 回复：0
CVE-2022-1826

The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：53 | 回复：0
CVE-2022-1827

The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attac ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：34 | 回复：0
CVE-2022-1828

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：51 | 回复：0
CVE-2022-1829

The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：43 | 回复：0
CVE-2022-1830

The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF at ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：36 | 回复：0
CVE-2022-1831

The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：40 | 回复：0
CVE-2022-1832

The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：31 | 回复：0
CVE-2022-1889

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：33 | 回复：0
CVE-2022-1895

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：33 | 回复：0
CVE-2022-1896

The underConstruction WordPress plugin before 1.21 does not sanitise or escape the Display a custom page using your own HTML setting before outputting it, allowing high privilege users to perform Cros ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：28 | 回复：0
CVE-2022-1905

The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：33 | 回复：0
CVE-2022-1915

The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capabil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：49 | 回复：0
CVE-2022-1939

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：121 | 回复：0
CVE-2022-1945

The Coming Soon Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Script ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：278 | 回复：0
CVE-2022-25772

A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript……

作者：菜鸟教程小白 | 时间：2022-6-23 09:07 | 阅读：136 | 回复：0