• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-24581
    CVE-2021-24581
    The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its Logo Title setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:12 | 回复:0
  • CVE-2021-24592
    CVE-2021-24592
    The Sitewide Notice WP WordPress plugin before 2.3 does not sanitise some of its settings before outputting them in frontend pages, allowing high privilege users to perform Cross-Site Scripting attack ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:7 | 回复:0
  • CVE-2021-24593
    CVE-2021-24593
    The Business Hours Indicator WordPress plugin before 2.3.5 does not sanitise or escape its 'Now closed message setting when outputting it in the backend and frontend, leading to an Authenticated S ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:13 | 回复:0
  • CVE-2021-24665
    CVE-2021-24665
    The WP Video Lightbox WordPress plugin before 1.9.3 does not escape the attributes of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:9 | 回复:0
  • CVE-2021-24667
    CVE-2021-24667
    A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 below). The vulnerability exists in the Lightbox functionality where a user ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:8 | 回复:0
  • CVE-2021-37911
    CVE-2021-37911
    The management interface of BenQ smart wireless conference projector does not properly control user's privilege. Attackers can access any system directory of this device through the interface and ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:19 | 回复:0
  • CVE-2021-27909
    CVE-2021-27909
    For Mautic versions prior to 3.3.4/4.0.0, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, bundle, in the URL could allow an attacker to execute Javascri ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-27910
    CVE-2021-27910
    Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the error and error_related_to paramete ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:7 | 回复:0
  • CVE-2021-27911
    CVE-2021-27911
    Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-27912
    CVE-2021-27912
    Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can on ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:9 | 回复:0
  • CVE-2021-27913
    CVE-2021-27913
    The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:9 | 回复:0
  • CVE-2021-29722
    CVE-2021-29722
    IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 20 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:7 | 回复:0
  • CVE-2021-29723
    CVE-2021-29723
    IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-ForceID: 201 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:13 | 回复:0
  • CVE-2021-29728
    CVE-2021-29728
    IBM Sterling Secure Proxy 6.0.1, 6.0.2, 2.4.3.2, and 3.4.3.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound commun ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-29743
    CVE-2021-29743
    IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:13 | 回复:0
  • CVE-2020-18121
    CVE-2020-18121
    A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:10 | 回复:0
  • CVE-2020-18123
    CVE-2020-18123
    A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily delete admin accounts.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:16 | 回复:0
  • CVE-2020-18124
    CVE-2020-18124
    A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 allows attackers to arbitrarily reset account passwords.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:19 | 回复:0
  • CVE-2020-18125
    CVE-2020-18125
    A reflected cross-site scripting (XSS) vulnerability in the /plugin/ajax.php component of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:30 | 回复:0
  • CVE-2020-18126
    CVE-2020-18126
    Multiple stored cross-site scripting (XSS) vulnerabilities in the Sections module of Indexhibit 2.1.5 allows attackers to execute arbitrary web scripts or HTML.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:28 | 回复:0
  • CVE-2020-18127
    CVE-2020-18127
    An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:15 | 回复:0
  • CVE-2020-35633
    CVE-2020-35633
    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parserEW::read_sface() stor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:22 | 回复:0
  • CVE-2020-35634
    CVE-2020-35634
    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parserEW::read_sface() sfh- ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2020-35635
    CVE-2020-35635
    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB re ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-21741
    CVE-2021-21741
    A conference management system of ZTE is impacted by a command execution vulnerability. Since the soapmonitor's java object service is enabled by default, the attacker could exploit this vulnerabi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:37 | 回复:0
  • CVE-2021-21774
    CVE-2021-21774
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-21773. Reason: This candidate is a reservation duplicate of CVE-2021-21773. Notes: All CVE users should reference CVE-2021-21773 ins ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-22022
    CVE-2021-22022
    The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary file read vulnerability. A malicious actor with administrative access to vRealize Operations Manager API can read any arbit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-22023
    CVE-2021-22023
    The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. A malicious actor with administrative access to vRealize Operations Manager API may be able to modif ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:22 | 回复:0
  • CVE-2021-22024
    CVE-2021-22024
    The vRealize Operations Manager API (8.x prior to 8.5) contains an arbitrary log-file read vulnerability. An unauthenticated malicious actor with network access to the vRealize Operations Manager API ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-22025
    CVE-2021-22025
    The vRealize Operations Manager API (8.x prior to 8.5) contains a broken access control vulnerability leading to unauthenticated API access. An unauthenticated malicious actor with network access to t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:27 | 回复:0
  • CVE-2021-22026
    CVE-2021-22026
    The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0
  • CVE-2021-22027
    CVE-2021-22027
    The vRealize Operations Manager API (8.x prior to 8.5) contains a Server Side Request Forgery in an end point. An unauthenticated malicious actor with network access to the vRealize Operations Manager ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:14 | 回复:0
  • CVE-2021-27018
    CVE-2021-27018
    The mechanism which performs certificate validation was discovered to have a flaw that resulted in certificates signed by an internal certificate authority to not be properly validated. This issue onl ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:16 | 回复:0
  • CVE-2021-27019
    CVE-2021-27019
    PuppetDB logging included potentially sensitive system information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:16 | 回复:0
  • CVE-2021-27020
    CVE-2021-27020
    Puppet Enterprise presented a security risk by not sanitizing user input when doing a CSV export.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-27663
    CVE-2021-27663
    A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a remote attacker to access to the system without adequate authorization. This issue affects: Johnson Contro ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:10 | 回复:0
  • CVE-2021-29631
    CVE-2021-29631
    In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:27 | 回复:0
  • CVE-2021-32955
    CVE-2021-32955
    Delta Electronics DIAEnergie Version 1.7.5 and prior allows unrestricted file uploads, which may allow an attacker to remotely execute code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-32967
    CVE-2021-32967
    Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new administrative user without being authenticated or authorized, which may allow the attacker to log in and use th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:15 | 回复:0
  • CVE-2021-32983
    CVE-2021-32983
    A Blind SQL injection vulnerability exists in the /DataHandler/Handler_CFG.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user-co ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:20 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap