• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-21705
    CVE-2021-21705
    In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:27 | 回复:0
  • CVE-2021-21706
    CVE-2021-21706
    In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:10 | 回复:0
  • CVE-2021-40323
    CVE-2021-40323
    Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:8 | 回复:0
  • CVE-2021-40324
    CVE-2021-40324
    Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:16 | 回复:0
  • CVE-2021-40325
    CVE-2021-40325
    Cobbler before 3.3.0 allows authorization bypass for modification of settings.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:15 | 回复:0
  • CVE-2021-41285
    CVE-2021-41285
    Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:19 | 回复:0
  • CVE-2021-41322
    CVE-2021-41322
    Poly VVX 400/410 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:13 | 回复:0
  • CVE-2021-41869
    CVE-2021-41869
    SuiteCRM 7.10.x before 7.10.33 and 7.11.x before 7.11.22 is vulnerable to privilege escalation.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:16 | 回复:0
  • CVE-2021-22557
    CVE-2021-22557
    SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past http ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:20 | 回复:0
  • CVE-2021-24465
    CVE-2021-24465
    The Meow Gallery WordPress plugin before 4.1.9 does not sanitise, validate or escape the ids attribute of its gallery shortcode (available for users as low as Contributor) before using it in an SQL st ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:28 | 回复:0
  • CVE-2021-24654
    CVE-2021-24654
    The User Registration WordPress plugin before 2.0.2 does not properly sanitise the user_registration_profile_pic_url value when submitted directly via the user_registration_update_profile_details AJAX ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:14 | 回复:0
  • CVE-2021-24673
    CVE-2021-24673
    The Appointment Hour Booking WordPress plugin before 1.3.16 does not escape some of the Calendar Form settings, allowing high privilege users to perform Stored Cross-Site Scripting attacks even when t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:30 | 回复:0
  • CVE-2021-24676
    CVE-2021-24676
    The Better Find and Replace WordPress plugin before 1.2.9 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scriptin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:21 | 回复:0
  • CVE-2021-24678
    CVE-2021-24678
    The CM Tooltip Glossary WordPress plugin before 3.9.21 does not escape some glossary_tooltip shortcode attributes, which could allow users a role as low as Contributor to perform Stored Cross-Site Scr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:10 | 回复:0
  • CVE-2021-24679
    CVE-2021-24679
    The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Ref ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:14 | 回复:0
  • CVE-2021-24687
    CVE-2021-24687
    The Modern Events Calendar Lite WordPress plugin before 5.22.2 does not escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:30 | 回复:0
  • CVE-2021-41878
    CVE-2021-41878
    A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based we ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:14 | 回复:0
  • CVE-2021-41511
    CVE-2021-41511
    The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:18 | 回复:0
  • CVE-2021-36051
    CVE-2021-36051
    XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:19 | 回复:0
  • CVE-2021-37330
    CVE-2021-37330
    Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javasc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:16 | 回复:0
  • CVE-2021-37331
    CVE-2021-37331
    Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:29 | 回复:0
  • CVE-2021-37333
    CVE-2021-37333
    Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:12 | 回复:0
  • CVE-2021-37777
    CVE-2021-37777
    Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by one site owner are visible by another site owner just by knowing the other site name and fuzzing for pic ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:20 | 回复:0
  • CVE-2021-38822
    CVE-2021-38822
    A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:19 | 回复:0
  • CVE-2021-38823
    CVE-2021-38823
    The IceHrm 30.0.0 OS website was found vulnerable to Session Management Issue. A signout from an admin account does not invalidate an admin session that is opened in a different browser.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:14 | 回复:0
  • CVE-2021-39486
    CVE-2021-39486
    A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:23 | 回复:0
  • CVE-2021-41867
    CVE-2021-41867
    An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat fe ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:23 | 回复:0
  • CVE-2021-41868
    CVE-2021-41868
    OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:24 | 回复:0
  • CVE-2021-25964
    CVE-2021-25964
    In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the desc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:23 | 回复:0
  • CVE-2020-28119
    CVE-2020-28119
    Cross site scripting vulnerability in 53KF 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:18 | 回复:0
  • CVE-2021-22259
    CVE-2021-22259
    A potential DOS vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:29 | 回复:0
  • CVE-2021-35296
    CVE-2021-35296
    An issue in the administrator authentication panel of PTCL HG150-Ub v3.0 allows attackers to bypass authentication via modification of the cookie value and Response Path.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:18 | 回复:0
  • CVE-2021-36850
    CVE-2021-36850
    Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto Manual Rename plugin (versions = 5.1.9). Affected parameters post_title, filename, lock. This allows changing t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:26 | 回复:0
  • CVE-2021-39868
    CVE-2021-39868
    In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:30 | 回复:0
  • CVE-2021-39871
    CVE-2021-39871
    In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker making a crafted API call.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:19 | 回复:0
  • CVE-2021-39873
    CVE-2021-39873
    In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious website by spoofing the content in an error ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:16 | 回复:0
  • CVE-2021-39874
    CVE-2021-39874
    In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:22 | 回复:0
  • CVE-2021-39877
    CVE-2021-39877
    A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:20 | 回复:0
  • CVE-2021-39879
    CVE-2021-39879
    Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:11 | 回复:0
  • CVE-2021-39883
    CVE-2021-39883
    Improper authorization checks in GitLab EE 13.11 allows subgroup members to see epics from all parent subgroups.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:08 | 阅读:11 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap