• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2020-19957
    CVE-2020-19957
    A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:60 | 回复:0
  • CVE-2020-19959
    CVE-2020-19959
    A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:52 | 回复:0
  • CVE-2020-19960
    CVE-2020-19960
    A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:35 | 回复:0
  • CVE-2020-19961
    CVE-2020-19961
    A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:34 | 回复:0
  • CVE-2020-19962
    CVE-2020-19962
    A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:37 | 回复:0
  • CVE-2020-19964
    CVE-2020-19964
    A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:29 | 回复:0
  • CVE-2021-20599
    CVE-2021-20599
    Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:26 | 回复:0
  • CVE-2021-22963
    CVE-2021-22963
    A redirect vulnerability in the fastify-static module version 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000// ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:24 | 回复:0
  • CVE-2021-22964
    CVE-2021-22964
    A redirect vulnerability in the `fastify-static` module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:9 | 回复:0
  • CVE-2021-33177
    CVE-2021-33177
    The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but on ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:7 | 回复:0
  • CVE-2021-33178
    CVE-2021-33178
    The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:10 | 回复:0
  • CVE-2021-33179
    CVE-2021-33179
    The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:12 | 回复:0
  • CVE-2021-37933
    CVE-2021-37933
    An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The v ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:10 | 回复:0
  • CVE-2021-38344
    CVE-2021-38344
    The Brizy Page Builder plugin = 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:11 | 回复:0
  • CVE-2021-38345
    CVE-2021-38345
    The Brizy Page Builder plugin = 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:14 | 回复:0
  • CVE-2021-38346
    CVE-2021-38346
    The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:5 | 回复:0
  • CVE-2021-39330
    CVE-2021-39330
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-24608. Reason: This candidate is a duplicate of CVE-2021-24608. Notes: All CVE users should reference CVE-2021-24608 instead of this ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:18 | 回复:0
  • CVE-2021-41132
    CVE-2021-41132
    OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of saniti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:16 | 回复:0
  • CVE-2021-41142
    CVE-2021-41142
    Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 1 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:11 | 回复:0
  • CVE-2021-42087
    CVE-2021-42087
    An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:44 | 回复:0
  • CVE-2021-42088
    CVE-2021-42088
    An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:41 | 回复:0
  • CVE-2021-42089
    CVE-2021-42089
    An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:40 | 回复:0
  • CVE-2021-42090
    CVE-2021-42090
    An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:45 | 回复:0
  • CVE-2021-42091
    CVE-2021-42091
    An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:49 | 回复:0
  • CVE-2021-42095
    CVE-2021-42095
    Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:44 | 回复:0
  • CVE-2020-21725
    CVE-2020-21725
    OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:38 | 回复:0
  • CVE-2020-21726
    CVE-2020-21726
    OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:54 | 回复:0
  • CVE-2020-21729
    CVE-2020-21729
    JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:38 | 回复:0
  • CVE-2021-38298
    CVE-2021-38298
    Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:38 | 回复:0
  • CVE-2021-41115
    CVE-2021-41115
    Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure linkifiers that automatically create links from messages that users sen ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:42 | 回复:0
  • CVE-2021-25270
    CVE-2021-25270
    A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:41 | 回复:0
  • CVE-2021-25271
    CVE-2021-25271
    A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:54 | 回复:0
  • CVE-2021-33603
    CVE-2021-33603
    A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:31 | 回复:0
  • CVE-2021-40832
    CVE-2021-40832
    A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The ex ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:14 | 回复:0
  • CVE-2021-41947
    CVE-2021-41947
    A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:12 | 回复:0
  • CVE-2021-41133
    CVE-2021-41133
    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:15 | 回复:0
  • CVE-2021-35977
    CVE-2021-35977
    An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:17 | 回复:0
  • CVE-2021-35979
    CVE-2021-35979
    An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:18 | 回复:0
  • CVE-2021-36767
    CVE-2021-36767
    In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthen ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:33 | 回复:0
  • CVE-2021-3312
    CVE-2021-3312
    An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by up ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:21 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap