• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-27662
    CVE-2021-27662
    The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and incl ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:7 | 回复:0
  • CVE-2021-30137
    CVE-2021-30137
    Assyst 10 SP7.5 has authenticated XXE leading to SSRF via XML unmarshalling. The application allows users to send JSON or XML data to the server. It was possible to inject malicious XML data through s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:27 | 回复:0
  • CVE-2021-39307
    CVE-2021-39307
    PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:25 | 回复:0
  • CVE-2021-3794
    CVE-2021-3794
    vuelidate is vulnerable to Inefficient Regular Expression Complexity……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:37 | 回复:0
  • CVE-2021-3796
    CVE-2021-3796
    vim is vulnerable to Use After Free……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:24 | 回复:0
  • CVE-2021-3797
    CVE-2021-3797
    hestiacp is vulnerable to Use of Wrong Operator in String Comparison……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:17 | 回复:0
  • CVE-2021-3801
    CVE-2021-3801
    prism is vulnerable to Inefficient Regular Expression Complexity……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:25 | 回复:0
  • CVE-2021-40845
    CVE-2021-40845
    The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:23 | 回复:0
  • CVE-2021-41076
    CVE-2021-41076
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:31 | 回复:0
  • CVE-2020-19146
    CVE-2020-19146
    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/ ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:15 | 回复:0
  • CVE-2020-19147
    CVE-2020-19147
    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileM ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:21 | 回复:0
  • CVE-2020-19148
    CVE-2020-19148
    Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profil ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:22 | 回复:0
  • CVE-2020-19150
    CVE-2020-19150
    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the com ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:24 | 回复:0
  • CVE-2020-19151
    CVE-2020-19151
    Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/lis ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:15 | 回复:0
  • CVE-2020-19154
    CVE-2020-19154
    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/fileman ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:21 | 回复:0
  • CVE-2020-19155
    CVE-2020-19155
    Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the co ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:25 | 回复:0
  • CVE-2020-19156
    CVE-2020-19156
    Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()&#39 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:10 | 回复:0
  • CVE-2020-19157
    CVE-2020-19157
    Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucentera=index'. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:12 | 回复:0
  • CVE-2020-19158
    CVE-2020-19158
    Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/ ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:13 | 回复:0
  • CVE-2020-19159
    CVE-2020-19159
    Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=memberaction=add'.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:10 | 回复:0
  • CVE-2021-21798
    CVE-2021-21798
    An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:20 | 回复:0
  • CVE-2021-38156
    CVE-2021-38156
    In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:23 | 回复:0
  • CVE-2021-39189
    CVE-2021-39189
    Pimcore is an open source data experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:14 | 回复:0
  • CVE-2021-27044
    CVE-2021-27044
    A Out-Of-Bounds Read/Write Vulnerability in Autodesk FBX Review version 1.4.0 may lead to remote code execution through maliciously crafted DLL files or information disclosure.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:16 | 回复:0
  • CVE-2021-40157
    CVE-2021-40157
    A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:16 | 回复:0
  • CVE-2021-39209
    CVE-2021-39209
    GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery (CSRF) protection in many places. This could ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:23 | 回复:0
  • CVE-2020-21121
    CVE-2020-21121
    Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via the $recordIDValue parameter in the admin_update_module_widgets.php file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:24 | 回复:0
  • CVE-2020-21122
    CVE-2020-21122
    UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:26 | 回复:0
  • CVE-2020-21124
    CVE-2020-21124
    UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:11 | 回复:0
  • CVE-2020-21125
    CVE-2020-21125
    An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:9 | 回复:0
  • CVE-2020-21126
    CVE-2020-21126
    MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/?n=adminc=indexa=doSaveInfo.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:15 | 回复:0
  • CVE-2020-21127
    CVE-2020-21127
    MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logsc=indexa=dodel.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:12 | 回复:0
  • CVE-2021-27045
    CVE-2021-27045
    A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:13 | 回复:0
  • CVE-2021-27046
    CVE-2021-27046
    A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:16 | 回复:0
  • CVE-2021-37412
    CVE-2021-37412
    The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:14 | 回复:0
  • CVE-2021-39210
    CVE-2021-39210
    GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, the cookie used to store the autologin cookie (when a user uses the remember me feature) is accessible by scripts. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:21 | 回复:0
  • CVE-2021-39211
    CVE-2021-39211
    GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in versio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:9 | 回复:0
  • CVE-2021-39213
    CVE-2021-39213
    GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:14 | 回复:0
  • CVE-2021-39392
    CVE-2021-39392
    The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:18 | 回复:0
  • CVE-2021-3795
    CVE-2021-3795
    semver-regex is vulnerable to Inefficient Regular Expression Complexity……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:10 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap