• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-41563
    CVE-2021-41563
    Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:14 | 回复:0
  • CVE-2021-41564
    CVE-2021-41564
    Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:18 | 回复:0
  • CVE-2021-41565
    CVE-2021-41565
    TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:21 | 回复:0
  • CVE-2021-41566
    CVE-2021-41566
    The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:17 | 回复:0
  • CVE-2021-41567
    CVE-2021-41567
    The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:16 | 回复:0
  • CVE-2021-41568
    CVE-2021-41568
    Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the vulnerability to use the original function of viewing bulletin boards and uploading files in the system.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:6 | 回复:0
  • CVE-2021-41825
    CVE-2021-41825
    Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:13 | 回复:0
  • CVE-2021-41916
    CVE-2021-41916
    A Cross-Site Request Forgery (CSRF) vulnerability in webTareas version 2.4 and earlier allows a remote attacker to create a new administrative profile and add a new user to the new profile. without th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:21 | 回复:0
  • CVE-2021-41917
    CVE-2021-41917
    webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user- ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:16 | 回复:0
  • CVE-2021-41918
    CVE-2021-41918
    webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:11 | 回复:0
  • CVE-2021-41919
    CVE-2021-41919
    webTareas version 2.4 and earlier allows an authenticated user to arbitrarily upload potentially dangerous files without restrictions. This is working by adding or replacing a personal profile picture ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:8 | 回复:0
  • CVE-2021-41920
    CVE-2021-41920
    webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ord ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:10 | 回复:0
  • CVE-2021-41974
    CVE-2021-41974
    Tad Book3 editing book page does not perform identity verification. Remote attackers can use the vulnerability to view and modify arbitrary content of books without permission.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:7 | 回复:0
  • CVE-2021-41975
    CVE-2021-41975
    TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary files in the system without logging in.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:9 | 回复:0
  • CVE-2021-41976
    CVE-2021-41976
    Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:15 | 回复:0
  • CVE-2021-20600
    CVE-2021-20600
    Uncontrolled resource consumption in MELSEC iQ-R series C Controller Module R12CCPU-V all versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a la ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:7 | 回复:0
  • CVE-2021-32029
    CVE-2021-32029
    A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:19 | 回复:0
  • CVE-2021-41802
    CVE-2021-41802
    HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount accessor with another user to acquire this other user’s policie ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:15 | 回复:0
  • CVE-2020-4654
    CVE-2020-4654
    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:13 | 回复:0
  • CVE-2021-29906
    CVE-2021-29906
    IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to clou ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:14 | 回复:0
  • CVE-2021-42109
    CVE-2021-42109
    VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:9 | 回复:0
  • CVE-2020-22617
    CVE-2020-22617
    Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:28 | 回复:0
  • CVE-2021-30625
    CVE-2021-30625
    Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a craft ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:23 | 回复:0
  • CVE-2021-30626
    CVE-2021-30626
    Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:23 | 回复:0
  • CVE-2021-30627
    CVE-2021-30627
    Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:26 | 回复:0
  • CVE-2021-30628
    CVE-2021-30628
    Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:35 | 回复:0
  • CVE-2021-30629
    CVE-2021-30629
    Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:22 | 回复:0
  • CVE-2021-30630
    CVE-2021-30630
    Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:15 | 回复:0
  • CVE-2021-30632
    CVE-2021-30632
    Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:22 | 回复:0
  • CVE-2021-30633
    CVE-2021-30633
    Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:22 | 回复:0
  • CVE-2021-42112
    CVE-2021-42112
    The File upload question functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:22 | 回复:0
  • CVE-2021-37956
    CVE-2021-37956
    Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:17 | 回复:0
  • CVE-2021-37957
    CVE-2021-37957
    Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:24 | 回复:0
  • CVE-2021-37958
    CVE-2021-37958
    Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:22 | 回复:0
  • CVE-2021-37959
    CVE-2021-37959
    Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafte ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:22 | 回复:0
  • CVE-2021-37961
    CVE-2021-37961
    Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:12 | 回复:0
  • CVE-2021-37962
    CVE-2021-37962
    Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTM ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:11 | 回复:0
  • CVE-2021-37963
    CVE-2021-37963
    Side-channel information leakage in DevTools in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to bypass site isolation via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:17 | 回复:0
  • CVE-2021-37964
    CVE-2021-37964
    Inappropriate implementation in ChromeOS Networking in Google Chrome on ChromeOS prior to 94.0.4606.54 allowed an attacker with a rogue wireless access point to to potentially carryout a wifi imperson ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:10 | 回复:0
  • CVE-2021-37965
    CVE-2021-37965
    Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:6 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap