CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2019-12354

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：13 | 回复：0
CVE-2019-12355

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：17 | 回复：0
CVE-2019-12356

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE-2019-12357

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：18 | 回复：0
CVE-2019-12358

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：17 | 回复：0
CVE-2019-12359

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：14 | 回复：0
CVE-2020-36547

A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which itroduces hard-coded credentials. Attacking locally is a requirement. It is reco ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：15 | 回复：0
CVE-2020-36548

A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and eleva ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE-2020-36549

A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the lo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：25 | 回复：0
CVE-2021-41408

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the api.php file and user parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：22 | 回复：0
CVE-2021-41490

Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：24 | 回复：0
CVE-2021-45024

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：25 | 回复：0
CVE-2022-28217

Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2022-29455

DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin = 3.5.5 versions.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2021-40036

The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2021-40604

A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when gen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2021-41663

A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：6 | 回复：0
CVE-2022-33174

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an H ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2022-33175

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2022-22259

There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful exploitation of this vulnerability may lead to a control of the victim device.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2022-29797

There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2022-29798

There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2022-31053

Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid ?- ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2022-31054

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：6 | 回复：0
CVE-2022-29247

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2022-32193

Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：7 | 回复：0
CVE-2022-32558

An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：8 | 回复：0
CVE-2022-32560

An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：8 | 回复：0
CVE-2022-32564

An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：8 | 回复：0
CVE-2022-29257

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：11 | 回复：0
CVE-2022-32278

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：20 | 回复：0
CVE-2021-41661

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：23 | 回复：0
CVE-2021-41662

The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：39 | 回复：0
CVE-2022-32192

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：111 | 回复：0
CVE-2022-32562

An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：46 | 回复：0
CVE-2022-32565

An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：55 | 回复：0
CVE-2022-31415

Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：20 | 回复：0
CVE-2022-31446

Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：20 | 回复：0
CVE-2022-31447

An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：20 | 回复：0
CVE-2022-25167

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:05 | 阅读：11 | 回复：0