• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2020-20495
    CVE-2020-20495
    bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:86 | 回复:0
  • CVE-2021-36235
    CVE-2021-36235
    An issue was discovered in Ivanti Workspace Control before 10.6.30.0. A locally authenticated user with low privileges can bypass File and Folder Security by leveraging an unspecified attack vector. A ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:90 | 回复:0
  • CVE-2021-40353
    CVE-2021-40353
    A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the index.php USERNAME para ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:38 | 阅读:76 | 回复:0
  • CVE-2021-33582
    CVE-2021-33582
    Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:20 | 回复:0
  • CVE-2021-37415
    CVE-2021-37415
    Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:28 | 回复:0
  • CVE-2021-39109
    CVE-2021-39109
    The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:27 | 回复:0
  • CVE-2020-9000
    CVE-2020-9000
    An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file on the remote server ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:13 | 回复:0
  • CVE-2020-9002
    CVE-2020-9002
    An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Admin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:33 | 回复:0
  • CVE-2021-35238
    CVE-2021-35238
    User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:31 | 回复:0
  • CVE-2021-38703
    CVE-2021-38703
    Wireless devices running certain Arcadyan-derived firmware (such as KPN Experia WiFi 1.00.15) do not properly sanitise user input to the syslog configuration form. An authenticated remote attacker cou ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:22 | 回复:0
  • CVE-2021-37151
    CVE-2021-37151
    CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:23 | 回复:0
  • CVE-2021-39373
    CVE-2021-39373
    Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to passwor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:27 | 回复:0
  • CVE-2021-39377
    CVE-2021-39377
    A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:15 | 回复:0
  • CVE-2021-39378
    CVE-2021-39378
    A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:28 | 回复:0
  • CVE-2021-39379
    CVE-2021-39379
    A SQL Injection vulnerability exists in openSIS 8.0 when MySQL (MariaDB) is being used as the application database. A malicious attacker can issue SQL commands to the MySQL (MariaDB) database through ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-40352
    CVE-2021-40352
    OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-35508
    CVE-2021-35508
    NMSAccess32.exe in TeraRecon AQNetClient 4.4.13 allows attackers to execute a malicious binary with SYSTEM privileges via a low-privileged user account. To exploit this, a low-privileged user must cha ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:14 | 回复:0
  • CVE-2021-39166
    CVE-2021-39166
    Pimcore is an open source data experience management platform. Prior to version 10.1.2, text-values were not properly escaped before printed in the version preview. This allowed XSS by authenticated ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:19 | 回复:0
  • CVE-2021-39170
    CVE-2021-39170
    Pimcore is an open source data experience management platform. Prior to version 10.1.2, an authenticated user could add XSS code as a value of custom metadata on assets. There is a patch for this iss ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:24 | 回复:0
  • CVE-2021-23426
    CVE-2021-23426
    This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:15 | 回复:0
  • CVE-2021-23427
    CVE-2021-23427
    This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:10 | 回复:0
  • CVE-2021-23428
    CVE-2021-23428
    This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the gene ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-35215
    CVE-2021-35215
    Insecure deserialization leading to Remote Code Execution was detected in the Orion Platform version 2020.2.5. Authentication is required to exploit this vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-35216
    CVE-2021-35216
    Insecure Deserialization of untrusted data remote code execution vulnerability was discovered in Patch Manager Orion Platform Integration module. An Authenticated Attacker with network access via HTTP ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:12 | 回复:0
  • CVE-2021-35218
    CVE-2021-35218
    Deserialization of Untrusted Data in the Web Console Chart Endpoint can lead to remote code execution. An unauthorized attacker who has network access to the Orion Patch Manager Web Console could pote ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-36002
    CVE-2021-36002
    Adobe Captivate version 11.5.5 (and earlier) is affected by an Creation of Temporary File In Directory With Incorrect Permissions vulnerability that could result in privilege escalation in the context ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-36012
    CVE-2021-36012
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can l ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:15 | 回复:0
  • CVE-2021-36020
    CVE-2021-36020
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the 'City' field. An unauthenticated attacker ca ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:21 | 回复:0
  • CVE-2021-36022
    CVE-2021-36022
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Update Layout. An attacker with admin privil ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:16 | 回复:0
  • CVE-2021-36024
    CVE-2021-36024
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-36025
    CVE-2021-36025
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability while saving a customer's details with a sp ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:14 | 回复:0
  • CVE-2021-36026
    CVE-2021-36026
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that co ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:14 | 回复:0
  • CVE-2021-36027
    CVE-2021-36027
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:23 | 回复:0
  • CVE-2021-36028
    CVE-2021-36028
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability when saving a configurable product. An attacker with admin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-36029
    CVE-2021-36029
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-36030
    CVE-2021-36030
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability during the checkout process. An unauthenticated ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:26 | 回复:0
  • CVE-2021-36031
    CVE-2021-36031
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a Path Traversal vulnerability via the `theme` parameter. An attacker with admin privilege ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:15 | 回复:0
  • CVE-2021-36032
    CVE-2021-36032
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-36033
    CVE-2021-36033
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. An attacker with admin privileges ca ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:28 | 回复:0
  • CVE-2021-36034
    CVE-2021-36034
    Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An attacker with admin privileges can upload a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:27 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap