• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-24648
    CVE-2021-24648
    The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:34 | 回复:0
  • CVE-2021-24686
    CVE-2021-24686
    The SVG Support WordPress plugin before 2.3.20 does not escape the CSS Class to target setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Script ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:31 | 回复:0
  • CVE-2021-24707
    CVE-2021-24707
    The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:31 | 回复:0
  • CVE-2021-24761
    CVE-2021-24761
    The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in ad ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:35 | 回复:0
  • CVE-2021-24762
    CVE-2021-24762
    The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:35 | 回复:0
  • CVE-2021-24763
    CVE-2021-24763
    The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify se ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:41 | 回复:0
  • CVE-2021-24764
    CVE-2021-24764
    The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters of single_statistics page, type and message of importexport page) before outputting th ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:42 | 回复:0
  • CVE-2021-24765
    CVE-2021-24765
    The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:50 | 回复:0
  • CVE-2021-24775
    CVE-2021-24775
    The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:40 | 回复:0
  • CVE-2021-24814
    CVE-2021-24814
    The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an application/j ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:42 | 回复:0
  • CVE-2021-24868
    CVE-2021-24868
    The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:56 | 回复:0
  • CVE-2021-24900
    CVE-2021-24900
    The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfil ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:59 | 回复:0
  • CVE-2021-24919
    CVE-2021-24919
    The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:93 | 回复:0
  • CVE-2021-24926
    CVE-2021-24926
    The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:124 | 回复:0
  • CVE-2021-24934
    CVE-2021-24934
    The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripti ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:285 | 回复:0
  • CVE-2021-24937
    CVE-2021-24937
    The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:103 | 回复:0
  • CVE-2021-24944
    CVE-2021-24944
    The Custom Dashboard Login Page WordPress plugin before 7.0 does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:83 | 回复:0
  • CVE-2021-24975
    CVE-2021-24975
    The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenti ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:63 | 回复:0
  • CVE-2021-24983
    CVE-2021-24983
    The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to adm ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:48 | 回复:0
  • CVE-2021-25063
    CVE-2021-25063
    The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:46 | 回复:0
  • CVE-2021-25072
    CVE-2021-25072
    The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts vi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:36 | 回复:0
  • CVE-2021-25085
    CVE-2021-25085
    The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:30 | 回复:0
  • CVE-2021-25089
    CVE-2021-25089
    The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:30 | 回复:0
  • CVE-2021-25091
    CVE-2021-25091
    The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:27 | 回复:0
  • CVE-2021-25092
    CVE-2021-25092
    The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:25 | 回复:0
  • CVE-2021-25093
    CVE-2021-25093
    The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:26 | 回复:0
  • CVE-2021-25097
    CVE-2021-25097
    The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrar ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:27 | 回复:0
  • CVE-2021-41571
    CVE-2021-41571
    In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a top ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:22 | 回复:0
  • CVE-2021-43848
    CVE-2021-43848
    h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:19 | 回复:0
  • CVE-2021-45416
    CVE-2021-45416
    Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:19 | 回复:0
  • CVE-2021-46253
    CVE-2021-46253
    A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:20 | 回复:0
  • CVE-2022-0220
    CVE-2022-0220
    The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an application/j ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:17 | 回复:0
  • CVE-2022-0320
    CVE-2022-0320
    The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:18 | 回复:0
  • CVE-2022-0401
    CVE-2022-0401
    Path Traversal in NPM w-zip prior to 1.0.12.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:19 | 回复:0
  • CVE-2022-0417
    CVE-2022-0417
    Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:18 | 回复:0
  • CVE-2022-23601
    CVE-2022-23601
    Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in th ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:20 | 回复:0
  • CVE-2021-43509
    CVE-2021-43509
    SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:17 | 回复:0
  • CVE-2021-43510
    CVE-2021-43510
    SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:15 | 回复:0
  • CVE-2021-44451
    CVE-2021-44451
    Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgra ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:17 | 回复:0
  • CVE-2021-44746
    CVE-2021-44746
    UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:20 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap