CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-21719

GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：84 | 回复：0
CVE-2022-0394

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：93 | 回复：0
CVE-2022-21720

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：105 | 回复：0
CVE-2022-24071

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：81 | 回复：0
CVE-2020-28884

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：88 | 回复：0
CVE-2020-28885

Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Lifer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：105 | 回复：0
CVE-2021-42791

An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：114 | 回复：0
CVE-2021-44249

Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：107 | 回复：0
CVE-2021-45435

An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：77 | 回复：0
CVE-2020-25905

An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：127 | 回复：0
CVE-2022-23096

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：105 | 回复：0
CVE-2022-23097

An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：92 | 回复：0
CVE-2022-23098

An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：95 | 回复：0
CVE-2022-23863

Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：88 | 回复：0
CVE-2021-34073

A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：105 | 回复：0
CVE-2021-45897

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：93 | 回复：0
CVE-2021-45898

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：93 | 回复：0
CVE-2021-45899

SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows PHAR deserialization that can lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：101 | 回复：0
CVE-2022-22294

A SQL injection vulnerability exists in ZFAKA=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：80 | 回复：0
CVE-2021-40395

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：98 | 回复：0
CVE-2021-41608

A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：116 | 回复：0
CVE-2021-41609

SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：82 | 回复：0
CVE-2021-44971

Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05.20_multi?AC5V1.0 Firmware V15.03.06.48_multi and so on. an attacker can obtain sensitive information, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：89 | 回复：0
CVE-2022-22868

Gibbon CMS v22.0.01 was discovered to contain a cross-site scripting (XSS) vulnerability, that allows attackers to inject arbitrary script via name parameters.……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：88 | 回复：0
CVE-2016-3735

Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：87 | 回复：0
CVE-2021-22724

A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：95 | 回复：0
CVE-2021-22725

A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitt ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：78 | 回复：0
CVE-2021-22799

A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：91 | 回复：0
CVE-2021-22807

A CWE-787: Out-of-bounds Write vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：99 | 回复：0
CVE-2021-22808

A CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by Schnei ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：79 | 回复：0
CVE-2021-22809

A CWE-125:Out-of-Bounds Read vulnerability exists that could cause unintended data disclosure when a malicious *.gd1 configuration file is loaded into the GUIcon tool. Affected Product: Eurotherm by S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：85 | 回复：0
CVE-2021-22810

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account click ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：70 | 回复：0
CVE-2021-22811

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause script execution when the request of a privileged account a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：83 | 回复：0
CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account click ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：108 | 回复：0
CVE-2021-22813

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists that could cause arbritrary script execution when a privileged account click ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：110 | 回复：0
CVE-2021-22814

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists which could cause arbritrary script execution when a malicious file is read ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：97 | 回复：0
CVE-2021-22815

A CWE-200: Information Exposure vulnerability exists which could cause the troubleshooting archive to be accessed. Affected Products: 1-Phase Uninterruptible Power Supply (UPS) using NMC2 including Sm ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：86 | 回复：0
CVE-2021-22816

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause a Denial of Service of the RTU when receiving a specially crafted request over Modbus, and the RTU ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：81 | 回复：0
CVE-2021-22818

A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to gain unauthorized access to the charging station web interface by performing br ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：90 | 回复：0
CVE-2021-22819

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 13:09 | 阅读：89 | 回复：0