• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-43925
    CVE-2021-43925
    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 al ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:18 | 回复:0
  • CVE-2021-43926
    CVE-2021-43926
    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 al ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2021-43927
    CVE-2021-43927
    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:17 | 回复:0
  • CVE-2021-43928
    CVE-2021-43928
    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2021-43929
    CVE-2021-43929
    Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-4221 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:17 | 回复:0
  • CVE-2022-22679
    CVE-2022-22679
    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows rem ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:17 | 回复:0
  • CVE-2022-23184
    CVE-2022-23184
    In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2022-0473
    CVE-2022-0473
    OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exe ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:19 | 回复:0
  • CVE-2022-0474
    CVE-2022-0474
    Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affect ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:19 | 回复:0
  • CVE-2022-23320
    CVE-2022-23320
    XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:29 | 回复:0
  • CVE-2021-46359
    CVE-2021-46359
    FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:29 | 回复:0
  • CVE-2021-46389
    CVE-2021-46389
    IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:30 | 回复:0
  • CVE-2021-24839
    CVE-2021-24839
    The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tick ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:40 | 回复:0
  • CVE-2021-24843
    CVE-2021-24843
    The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:39 | 回复:0
  • CVE-2021-24878
    CVE-2021-24878
    The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the shortcode embed, leading to a Reflected Cross-Site Scripting i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:46 | 回复:0
  • CVE-2021-24879
    CVE-2021-24879
    The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:45 | 回复:0
  • CVE-2021-24880
    CVE-2021-24880
    The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripti ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:62 | 回复:0
  • CVE-2021-24928
    CVE-2021-24928
    The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL sta ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:79 | 回复:0
  • CVE-2021-24947
    CVE-2021-24947
    The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:55 | 回复:0
  • CVE-2021-24993
    CVE-2021-24993
    The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:56 | 回复:0
  • CVE-2021-25004
    CVE-2021-25004
    The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server wit ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:35 | 回复:0
  • CVE-2021-25029
    CVE-2021-25029
    The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:29 | 回复:0
  • CVE-2021-25077
    CVE-2021-25077
    The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cr ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:24 | 回复:0
  • CVE-2021-25084
    CVE-2021-25084
    The Advanced Cron Manager WordPress plugin before 2.4.2 and Advanced Cron Manager Pro WordPress plugin before 2.5.3 do not have authorisation checks in some of their AJAX actions, allowing any authent ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:27 | 回复:0
  • CVE-2021-25095
    CVE-2021-25095
    The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:25 | 回复:0
  • CVE-2021-25096
    CVE-2021-25096
    The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:26 | 回复:0
  • CVE-2021-25103
    CVE-2021-25103
    The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:19 | 回复:0
  • CVE-2021-25105
    CVE-2021-25105
    The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html c ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:20 | 回复:0
  • CVE-2021-25106
    CVE-2021-25106
    The Privacy Policy Generator, Terms Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its set ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:19 | 回复:0
  • CVE-2021-25108
    CVE-2021-25108
    The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block ar ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:19 | 回复:0
  • CVE-2021-25114
    CVE-2021-25114
    The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2022-0148
    CVE-2022-0148
    The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:17 | 回复:0
  • CVE-2022-0149
    CVE-2022-0149
    The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2022-23261
    CVE-2022-23261
    Microsoft Edge (Chromium-based) Tampering Vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:17 | 回复:0
  • CVE-2022-23262
    CVE-2022-23262
    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2022-23263
    CVE-2022-23263
    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2021-42833
    CVE-2021-42833
    A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2022-22931
    CVE-2022-22931
    Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:18 | 回复:0
  • CVE-2022-21813
    CVE-2022-21813
    NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:14 | 回复:0
  • CVE-2022-21814
    CVE-2022-21814
    NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limite ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:15 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap