• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞CVE漏洞

CVE漏洞

RSS
  • CVE-2021-43682
    CVE-2021-43682
    thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:20 | 回复:0
  • CVE-2021-43679
    CVE-2021-43679
    ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:17 | 回复:0
  • CVE-2021-23258
    CVE-2021-23258
    Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:21 | 回复:0
  • CVE-2021-23259
    CVE-2021-23259
    Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, whi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:26 | 回复:0
  • CVE-2021-23260
    CVE-2021-23260
    Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:22 | 回复:0
  • CVE-2021-23261
    CVE-2021-23261
    Authenticated administrators may override the system configuration file and cause a denial of service.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:30 | 回复:0
  • CVE-2021-23262
    CVE-2021-23262
    Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:29 | 回复:0
  • CVE-2021-23263
    CVE-2021-23263
    Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:24 | 回复:0
  • CVE-2021-23264
    CVE-2021-23264
    Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:19 | 回复:0
  • CVE-2021-3944
    CVE-2021-3944
    bookstack is vulnerable to Cross-Site Request Forgery (CSRF)……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:26 | 回复:0
  • CVE-2021-44518
    CVE-2021-44518
    An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. Th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:21 | 回复:0
  • CVE-2015-20105
    CVE-2015-20105
    The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:15 | 回复:0
  • CVE-2015-20106
    CVE-2015-20106
    The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowe ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:16 | 回复:0
  • CVE-2021-43795
    CVE-2021-43795
    Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:19 | 回复:0
  • CVE-2021-40333
    CVE-2021-40333
    Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affect ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:15 | 回复:0
  • CVE-2021-40334
    CVE-2021-40334
    Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 55 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:20 | 回复:0
  • CVE-2021-44050
    CVE-2021-44050
    CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:14 | 回复:0
  • CVE-2021-43327
    CVE-2021-43327
    An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:26 | 回复:0
  • CVE-2020-36129
    CVE-2020-36129
    AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:23 | 回复:0
  • CVE-2020-36130
    CVE-2020-36130
    AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:19 | 回复:0
  • CVE-2020-36131
    CVE-2020-36131
    AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:22 | 回复:0
  • CVE-2020-36133
    CVE-2020-36133
    AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:17 | 回复:0
  • CVE-2020-36134
    CVE-2020-36134
    AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:20 | 回复:0
  • CVE-2020-36135
    CVE-2020-36135
    AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:21 | 回复:0
  • CVE-2021-28236
    CVE-2021-28236
    LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:16 | 回复:0
  • CVE-2021-28237
    CVE-2021-28237
    LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:16 | 回复:0
  • CVE-2020-29176
    CVE-2020-29176
    An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:16 | 回复:0
  • CVE-2020-29177
    CVE-2020-29177
    Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:19 | 回复:0
  • CVE-2021-25783
    CVE-2021-25783
    Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:16 | 回复:0
  • CVE-2021-25784
    CVE-2021-25784
    Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:20 | 回复:0
  • CVE-2021-25785
    CVE-2021-25785
    Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:21 | 回复:0
  • CVE-2021-43772
    CVE-2021-43772
    Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:5 | 回复:0
  • CVE-2021-44019
    CVE-2021-44019
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:7 | 回复:0
  • CVE-2021-44020
    CVE-2021-44020
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:15 | 回复:0
  • CVE-2021-44021
    CVE-2021-44021
    An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:10 | 回复:0
  • CVE-2021-44022
    CVE-2021-44022
    A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:9 | 回复:0
  • CVE-2021-4000
    CVE-2021-4000
    showdoc is vulnerable to URL Redirection to Untrusted Site……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:8 | 回复:0
  • CVE-2021-43673
    CVE-2021-43673
    dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:17 | 回复:0
  • CVE-2021-43674
    CVE-2021-43674
    ** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. NOTE: This vulnerability only affects products that are no longer supported by ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:8 | 回复:0
  • CVE-2021-44278
    CVE-2021-44278
    Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:33 | 阅读:31 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap