CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2010-4816

It was found in FreeBSD 8.0, 6.3 and 4.9, and OpenBSD 4.6 that a null pointer dereference in ftpd/popen.c may lead to remote denial of service of the ftpd service.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：26 | 回复：0
CVE-2021-34243

A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Mana ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：8 | 回复：0
CVE-2021-34244

A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users' passwords.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：19 | 回复：0
CVE-2021-35045

Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：26 | 回复：0
CVE-2021-35046

A session fixation vulnerability was discovered in Ice Hrm 29.0.0 OS which allows an attacker to hijack a valid user session via a crafted session cookie.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：9 | 回复：0
CVE-2021-35206

Gitpod before 0.6.0 allows unvalidated redirects.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：17 | 回复：0
CVE-2020-15732

Improper Certificate Validation vulnerability in the Online Threat Prevention module as used in Bitdefender Total Security allows an attacker to potentially bypass HTTP Strict Transport Security (HSTS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：17 | 回复：0
CVE-2020-18646

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component /public/index.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：14 | 回复：0
CVE-2020-18647

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component /nonecms/vendor.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：9 | 回复：0
CVE-2020-18648

Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote attackers to gain local privileges via the component JuQingCMS_v1.0/admin/index.php?c=administratora=add.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：15 | 回复：0
CVE-2020-22164

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\check_availability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：22 | 回复：0
CVE-2020-22165

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive info ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：29 | 回复：0
CVE-2020-22166

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：24 | 回复：0
CVE-2020-22167

PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cross-Site Scripting vulnerability in \hms\admin\appointment-history.php. Remote registered users can exploit the vulnerability to ob ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：7 | 回复：0
CVE-2020-22168

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\change-emaild.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：20 | 回复：0
CVE-2020-22169

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\appointment-history.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：21 | 回复：0
CVE-2020-22170

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive info ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：14 | 回复：0
CVE-2020-22171

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\registration.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：6 | 回复：0
CVE-2020-22172

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\get_doctor.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive info ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：12 | 回复：0
CVE-2020-22173

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\edit-profile.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive in ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：15 | 回复：0
CVE-2020-22174

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\book-appointment.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitiv ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：10 | 回复：0
CVE-2020-22175

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\admin\betweendates-detailsreports.php. Remote unauthenticated users can exploit the vulnerability to obtain ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：6 | 回复：0
CVE-2020-22176

PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sens ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：21 | 回复：0
CVE-2021-34428

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：22 | 回复：0
CVE-2020-18654

Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers to execute arbitrary code via the Title parameter in the component /coreframe/app/guestbook/myissue.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：27 | 回复：0
CVE-2021-22361

There is an improper authorization vulnerability in eCNS280 V100R005C00, V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200. A file access is not authorized correctly. Attacker with low ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：17 | 回复：0
CVE-2021-22365

There is an out of bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. A local attacker can exploit this vulnerability by sending specific message to the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：11 | 回复：0
CVE-2021-22366

There is an out-of-bounds read vulnerability in eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a function that handles an internal message contains a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：12 | 回复：0
CVE-2021-32644

Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：6 | 回复：0
CVE-2021-3044

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions thro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：8 | 回复：0
CVE-2021-22342

There is an information leak vulnerability in Huawei products. A module does not deal with specific input sufficiently. High privilege attackers can exploit this vulnerability by performing some opera ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：9 | 回复：0
CVE-2021-22363

There is a resource management error vulnerability in eCNS280_TD V100R005C10SPC650. An attacker needs to perform specific operations to exploit the vulnerability on the affected device. Due to imprope ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：15 | 回复：0
CVE-2021-22377

There is a command injection vulnerability in S12700 V200R019C00SPC500, S2700 V200R019C00SPC500, S5700 V200R019C00SPC500, S6700 V200R019C00SPC500 and S7700 V200R019C00SPC500. A module does not verify ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：6 | 回复：0
CVE-2021-22378

There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrentl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：9 | 回复：0
CVE-2021-22382

Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. Afte ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：9 | 回复：0
CVE-2021-22383

There is an out-of-bounds read vulnerability in eCNS280_TD V100R005C10 and eSE620X vESS V100R001C10SPC200, V100R001C20SPC200, V200R001C00SPC300. The vulnerability is due to a message-handling function ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：10 | 回复：0
CVE-2021-32699

Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to impro ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：18 | 回复：0
CVE-2021-32700

Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via M ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：7 | 回复：0
CVE-2021-32701

ORY Oathkeeper is an Identity Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. When you make a request to an endpoint that requires the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：13 | 回复：0
CVE-2020-36394

pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home dire ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:51 | 阅读：5 | 回复：0