• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-24712
    CVE-2021-24712
    The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:16 | 回复:0
  • CVE-2021-24719
    CVE-2021-24719
    The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:15 | 回复:0
  • CVE-2021-24720
    CVE-2021-24720
    The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS).……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:12 | 回复:0
  • CVE-2021-24737
    CVE-2021-24737
    The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:26 | 回复:0
  • CVE-2021-40884
    CVE-2021-40884
    Projectsend version r1295 is affected by sensitive information disclosure. Because of not checking authorization in ids parameter in files-edit.php and id parameter in process.php function, a user wit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:23 | 回复:0
  • CVE-2021-40886
    CVE-2021-40886
    Projectsend version r1295 is affected by a directory traversal vulnerability. A user with Uploader role can add value `2` for `chunks` parameter to bypass `fileName` sanitization.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:29 | 回复:0
  • CVE-2021-40887
    CVE-2021-40887
    Projectsend version r1295 is affected by a directory traversal vulnerability. Because of lacking sanitization input for files parameter, an attacker can add ../ to move all PHP files or any file on th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:14 | 回复:0
  • CVE-2021-40888
    CVE-2021-40888
    Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:14 | 回复:0
  • CVE-2021-29004
    CVE-2021-29004
    rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:11 | 回复:0
  • CVE-2021-29005
    CVE-2021-29005
    Insecure permission of chmod command on rConfig server 3.9.6 exists. After installing rConfig apache user may execute chmod as root without password which may let an attacker with low privilege to gai ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:25 | 回复:0
  • CVE-2021-29006
    CVE-2021-29006
    rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:15 | 回复:0
  • CVE-2021-40542
    CVE-2021-40542
    Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:11 | 回复:0
  • CVE-2021-40543
    CVE-2021-40543
    Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET and $_GET in the PasswordCheck.php file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:11 | 回复:0
  • CVE-2021-40191
    CVE-2021-40191
    Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong respo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:9 | 回复:0
  • CVE-2021-40541
    CVE-2021-40541
    PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without // in descript() function An authenticated user can trigger XSS by appending // in the end of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:13 | 回复:0
  • CVE-2021-0583
    CVE-2021-0583
    In onCreate of BluetoothPairingDialog, there is a possible way to enable Bluetooth without user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:17 | 回复:0
  • CVE-2021-27664
    CVE-2021-27664
    Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:18 | 回复:0
  • CVE-2021-27665
    CVE-2021-27665
    An unauthenticated remote user could exploit a potential integer overflow condition in the exacqVision Server with a specially crafted script and cause denial-of-service condition.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:6 | 回复:0
  • CVE-2021-37123
    CVE-2021-37123
    There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently vali ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:29 | 回复:0
  • CVE-2021-39317
    CVE-2021-39317
    A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the plugin_offline_installer AJAX action due to a missing capability check ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:17 | 回复:0
  • CVE-2021-20121
    CVE-2021-20121
    The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:17 | 回复:0
  • CVE-2021-20122
    CVE-2021-20122
    The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is affected by an authenticated command injection vulnerability in multiple parameters passed to tr69_cmd.cgi. A remote attacker con ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:14 | 回复:0
  • CVE-2021-22263
    CVE-2021-22263
    An issue has been discovered in GitLab affecting all versions starting from 13.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. A user acc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:12 | 回复:0
  • CVE-2021-25633
    CVE-2021-25633
    LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:11 | 回复:0
  • CVE-2021-26588
    CVE-2021-26588
    A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low co ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:8 | 回复:0
  • CVE-2021-27002
    CVE-2021-27002
    NetApp Cloud Manager versions prior to 3.9.10 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to retrieve sensitive data via the web proxy.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:10 | 回复:0
  • CVE-2021-32028
    CVE-2021-32028
    A flaw was found in postgresql. Using an INSERT ... ON CONFLICT ... DO UPDATE command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highes ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:19 | 回复:0
  • CVE-2021-41117
    CVE-2021-41117
    keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. A ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:20 | 回复:0
  • CVE-2020-27372
    CVE-2020-27372
    A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:17 | 回复:0
  • CVE-2021-25738
    CVE-2021-25738
    Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:15 | 回复:0
  • CVE-2021-40188
    CVE-2021-40188
    PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as .php, .php7, .phtml, .php5, .... An attack ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:11 | 回复:0
  • CVE-2021-40189
    CVE-2021-40189
    PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary cod ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:51 | 回复:0
  • CVE-2021-40239
    CVE-2021-40239
    A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:22 | 回复:0
  • CVE-2021-40617
    CVE-2021-40617
    An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:19 | 回复:0
  • CVE-2021-42252
    CVE-2021-42252
    An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwri ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:18 | 回复:0
  • CVE-2021-42257
    CVE-2021-42257
    check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored r ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:29 | 回复:0
  • CVE-2021-42260
    CVE-2021-42260
    TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:29 | 回复:0
  • CVE-2021-23448
    CVE-2021-23448
    All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:26 | 回复:0
  • CVE-2021-42009
    CVE-2021-42009
    An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:30 | 回复:0
  • CVE-2021-27395
    CVE-2021-27395
    A vulnerability has been identified in SIMATIC Process Historian 2013 and earlier (All versions), SIMATIC Process Historian 2014 (All versions SP3 Update 6), SIMATIC Process Historian 2019 (All versi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:19 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap