• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

CVE漏洞

RSS
  • CVE-2021-32991
    CVE-2021-32991
    Delta Electronics DIAEnergie Version 1.7.5 and prior is vulnerable to cross-site request forgery, which may allow an attacker to cause a user to carry out an action unintentionally.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:12 | 回复:0
  • CVE-2021-33003
    CVE-2021-33003
    Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to retrieve passwords in cleartext due to a weak hashing algorithm.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:7 | 回复:0
  • CVE-2021-33007
    CVE-2021-33007
    A heap-based buffer overflow in Delta Electronics TPEditor: v1.98.06 and prior may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:10 | 回复:0
  • CVE-2021-33019
    CVE-2021-33019
    A stack-based buffer overflow vulnerability in Delta Electronics DOPSoft Version 4.00.11 and prior may be exploited by processing a specially crafted project file, which may allow an attacker to execu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:8 | 回复:0
  • CVE-2021-38390
    CVE-2021-38390
    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerEnergyType.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:14 | 回复:0
  • CVE-2021-38391
    CVE-2021-38391
    A Blind SQL injection vulnerability exists in the /DataHandler/AM/AM_Handler.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the user- ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:25 | 回复:0
  • CVE-2021-38393
    CVE-2021-38393
    A Blind SQL injection vulnerability exists in the /DataHandler/HandlerAlarmGroup.ashx endpoint of Delta Electronics DIAEnergie Version 1.7.5 and prior. The application does not properly validate the u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:15 | 回复:0
  • CVE-2021-3628
    CVE-2021-3628
    OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid par ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:13 | 回复:0
  • CVE-2021-22021
    CVE-2021-22021
    VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malic ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-29630
    CVE-2021-29630
    In FreeBSD 13.0-STABLE before n246938-0729ba2f49c9, 12.2-STABLE before r370383, 11.4-STABLE before r370381, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, the ggatec dae ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-33055
    CVE-2021-33055
    Zoho ManageEngine ADSelfService Plus through 6102 allows unauthenticated remote code execution in non-English editions.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:21 | 回复:0
  • CVE-2021-34066
    CVE-2021-34066
    An issue was discovered in EdgeGallery/developer before v1.0. There is a Deserialization of yaml file vulnerability that can allow attackers to execute system command through uploading the malicious c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:16 | 回复:0
  • CVE-2021-34646
    CVE-2021-34646
    Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generati ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:33 | 回复:0
  • CVE-2021-34668
    CVE-2021-34668
    The WordPress Real Media Library WordPress plugin is vulnerable to Stored Cross-Site Scripting via the name parameter in the ~/inc/overrides/lite/rest/Folder.php file which allows author-level attacke ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:19 | 回复:0
  • CVE-2021-35061
    CVE-2021-35061
    Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:13 | 回复:0
  • CVE-2021-36370
    CVE-2021-36370
    An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-37416
    CVE-2021-37416
    Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:14 | 回复:0
  • CVE-2021-37417
    CVE-2021-37417
    Zoho ManageEngine ADSelfService Plus version 6103 and prior allows CAPTCHA bypass due to improper parameter validation.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:9 | 回复:0
  • CVE-2021-37421
    CVE-2021-37421
    Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access-restriction bypass.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:6 | 回复:0
  • CVE-2021-38342
    CVE-2021-38342
    The Nested Pages WordPress plugin = 3.1.15 was vulnerable to Cross-Site Request Forgery via the `npBulkAction`s and `npBulkEdit` `admin_post` actions, which allowed attackers to trash or permanently p ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:12 | 回复:0
  • CVE-2021-38343
    CVE-2021-38343
    The Nested Pages WordPress plugin = 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:22 | 回复:0
  • CVE-2021-34434
    CVE-2021-34434
    In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then exis ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:8 | 回复:0
  • CVE-2021-35062
    CVE-2021-35062
    A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:6 | 回复:0
  • CVE-2021-36691
    CVE-2021-36691
    libjxl v0.5.0 is affected by a Assertion failed issue in lib/jxl/image.cc jxl::PlaneBase::PlaneBase(). When encoding a malicous GIF file using cjxl, an attacker can trigger a denial of service.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:12 | 回复:0
  • CVE-2021-39132
    CVE-2021-39132
    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a cr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-39133
    CVE-2021-39133
    Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with `admin` access to the `system` resource type is ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:11 | 回复:0
  • CVE-2021-32831
    CVE-2021-32831
    Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework befor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:12 | 回复:0
  • CVE-2021-32832
    CVE-2021-32832
    Rocket.Chat is an open-source fully customizable communications platform developed in JavaScript. In Rocket.Chat before versions 3.11.3, 3.12.2, and 3.13 an issue with certain regular expressions coul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:12 | 回复:0
  • CVE-2021-36692
    CVE-2021-36692
    libjxl v0.3.7 is affected by a Divide By Zero in issue in lib/extras/codec_apng.cc jxl::DecodeImageAPNG(). When encoding a malicous APNG file using cjxl, an attacker can trigger a denial of service.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-39175
    CVE-2021-39175
    HedgeDoc is a platform to write and share markdown. In versions prior to 1.9.0, an unauthenticated attacker can inject arbitrary JavaScript into the speaker-notes of the slide-mode feature by embeddin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:20 | 回复:0
  • CVE-2020-22848
    CVE-2020-22848
    A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-39177
    CVE-2021-39177
    Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Versions of Geyser prior to 1.4.2-SNAPSHOT allow anyone that can connect to the server to forge a LoginPacket with ma ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:17 | 回复:0
  • CVE-2021-39178
    CVE-2021-39178
    Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:23 | 回复:0
  • CVE-2021-27556
    CVE-2021-27556
    The Cron job tab in EasyCorp ZenTao 12.5.3 allows remote attackers (who have admin access) to execute arbitrary code by setting the type parameter to System.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:16 | 回复:0
  • CVE-2021-27557
    CVE-2021-27557
    A cross-site request forgery (CSRF) vulnerability in the Cron job tab in EasyCorp ZenTao 12.5.3 allows attackers to update the fields of a Cron job.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:27 | 回复:0
  • CVE-2021-27558
    CVE-2021-27558
    A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:28 | 回复:0
  • CVE-2020-13639
    CVE-2020-13639
    A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store ma ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:21 | 回复:0
  • CVE-2021-36356
    CVE-2021-36356
    KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:13 | 回复:0
  • CVE-2021-36981
    CVE-2021-36981
    In the server in SerNet verinice before 1.22.2, insecure Java deserialization allows remote authenticated attackers to execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:25 | 回复:0
  • CVE-2021-40330
    CVE-2021-40330
    git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character, which may result in unexpected cross-protocol requests, as demonstrated by the git://localhos ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:37 | 阅读:18 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap