• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞CVE漏洞

CVE漏洞

RSS
  • CVE-2021-24474
    CVE-2021-24474
    The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (X ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:24 | 回复:0
  • CVE-2021-24476
    CVE-2021-24476
    The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its Steam Group Address settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:16 | 回复:0
  • CVE-2021-24477
    CVE-2021-24477
    The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:7 | 回复:0
  • CVE-2021-24478
    CVE-2021-24478
    The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its Paypal email address setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:8 | 回复:0
  • CVE-2021-24479
    CVE-2021-24479
    The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:13 | 回复:0
  • CVE-2021-24480
    CVE-2021-24480
    The Event Geek WordPress plugin through 2.5.2 does not sanitise or escape its Use your own setting before outputting it in the page, leading to an authenticated (admin+) stored Cross-Site Scripting i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:20 | 回复:0
  • CVE-2021-24481
    CVE-2021-24481
    The Any Hostname WordPress plugin through 1.0.6 does not sanitise or escape its Allowed hosts setting, leading to an authenticated stored XSS issue as high privilege users are able to set XSS payloads ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:9 | 回复:0
  • CVE-2021-24483
    CVE-2021-24483
    The get_poll_categories(), get_polls() and get_reports() functions in the Poll Maker WordPress plugin before 3.2.1 did not use whitelist or validate the orderby parameter before using it in SQL statem ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:22 | 回复:0
  • CVE-2021-24484
    CVE-2021-24484
    The get_reports() function in the Secure Copy Content Protection and Content Locking WordPress plugin before 2.6.7 did not use whitelist or validate the orderby parameter before using it in SQL statem ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:18 | 回复:0
  • CVE-2021-24488
    CVE-2021-24488
    The slider import search feature and tab parameter of the Post Grid WordPress plugin before 2.1.8 settings are not properly sanitised before being output back in the pages, leading to Reflected Cross- ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:13 | 回复:0
  • CVE-2021-24492
    CVE-2021-24492
    The hndtst_action_instance_callback AJAX call of the Handsome Testimonials Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndts ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:8 | 回复:0
  • CVE-2021-24496
    CVE-2021-24496
    The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:14 | 回复:0
  • CVE-2021-24498
    CVE-2021-24498
    The Calendar Event Multi View WordPress plugin before 1.4.01 does not sanitise or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php), lea ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:17 | 回复:0
  • CVE-2021-24503
    CVE-2021-24503
    The Popular Brand Icons – Simple Icons WordPress plugin before 2.7.8 does not sanitise or validate some of its shortcode parameters, such as color, size or class, allowing users with a role as lo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:15 | 回复:0
  • CVE-2021-24504
    CVE-2021-24504
    The WP LMS – Best WordPress LMS Plugin WordPress plugin through 1.1.2 does not properly sanitise or validate its User Field Titles, allowing XSS payload to be used in them. Furthermore, no CSRF a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:15 | 回复:0
  • CVE-2021-33526
    CVE-2021-33526
    In MB connect line mbDIALUP versions = 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configura ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:15 | 回复:0
  • CVE-2021-33527
    CVE-2021-33527
    In MB connect line mbDIALUP versions = 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM that won't be validated correctly and allows for a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:40 | 回复:0
  • CVE-2021-34574
    CVE-2021-34574
    In MB connect line mymbCONNECT24, mbCONNECT24 in versions = 2.8.0 an authenticated attacker can change the password of his account into a new password that violates the password policy by intercepting ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:16 | 回复:0
  • CVE-2021-34575
    CVE-2021-34575
    In MB connect line mymbCONNECT24, mbCONNECT24 in versions = 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:12 | 回复:0
  • CVE-2021-37165
    CVE-2021-37165
    A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the H ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:9 | 回复:0
  • CVE-2021-37216
    CVE-2021-37216
    QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:22 | 回复:0
  • CVE-2021-20332
    CVE-2021-20332
    Specific MongoDB Rust Driver versions can include credentials used by the connection pool to authenticate connections in the monitoring event that is emitted when the pool is created. The user's l ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:18 | 回复:0
  • CVE-2021-37160
    CVE-2021-37160
    A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware valida ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:17 | 回复:0
  • CVE-2021-37161
    CVE-2021-37161
    A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:14 | 回复:0
  • CVE-2021-37162
    CVE-2021-37162
    A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malforme ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:7 | 回复:0
  • CVE-2021-37163
    CVE-2021-37163
    An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user account ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:9 | 回复:0
  • CVE-2021-37164
    CVE-2021-37164
    A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:11 | 回复:0
  • CVE-2021-37166
    CVE-2021-37166
    A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. Wh ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:9 | 回复:0
  • CVE-2021-37167
    CVE-2021-37167
    An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:9 | 回复:0
  • CVE-2021-37840
    CVE-2021-37840
    aaPanel through 6.8.12 allows Cross-Site WebSocket Hijacking (CSWH) involving OS commands within WebSocket messages at a ws:// URL for /webssh (the victim must have configured Terminal with at least o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:5 | 回复:0
  • CVE-2021-29741
    CVE-2021-29741
    IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in Korn Shell (ksh) to gain root privileges. IBM X-Force ID: 201478.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:6 | 回复:0
  • CVE-2021-22552
    CVE-2021-22552
    An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:11 | 回复:0
  • CVE-2021-29757
    CVE-2021-29757
    IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:13 | 回复:0
  • CVE-2021-20539
    CVE-2021-20539
    IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information coul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:20 | 回复:0
  • CVE-2021-20540
    CVE-2021-20540
    IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information coul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:24 | 回复:0
  • CVE-2021-20541
    CVE-2021-20541
    IBM Cloud Pak for Security (CP4S) 1.5.0.0, 1.5.1.0, 1.6.0.0, 1.6.1.0, 1.7.0.0, and 1.7.1.0 could disclose sensitive information to an unauthorized user through HTTP GET requests. This information coul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:20 | 回复:0
  • CVE-2021-22379
    CVE-2021-22379
    There is an Integer Underflow (Wrap or Wraparound) Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS of Samgr.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:23 | 回复:0
  • CVE-2021-22381
    CVE-2021-22381
    There is an Input Verification Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause an infinite loop in DoS.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:12 | 回复:0
  • CVE-2021-22384
    CVE-2021-22384
    There is an Information Disclosure Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to authentication bypass.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:21 | 回复:0
  • CVE-2021-22387
    CVE-2021-22387
    There is an Improper Control of Dynamically Managing Code Resources Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to remotely execute commands.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:24 | 阅读:20 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap