CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-46824

Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：85 | 回复：0
CVE-2022-22967

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still r ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：72 | 回复：0
CVE-2022-22980

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value bi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：82 | 回复：0
CVE-2022-29299

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 ins ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：78 | 回复：0
CVE-2022-29301

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 ins ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：71 | 回复：0
CVE-2022-29526

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:54 | 阅读：66 | 回复：0
CVE-2021-26637

There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：110 | 回复：0
CVE-2021-26638

Improper Authentication vulnerability in SD smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：111 | 回复：0
CVE-2021-29055

Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：102 | 回复：0
CVE-2021-40954

Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：94 | 回复：0
CVE-2021-40955

SQL injection exists in LaiKetui v3.5.0 the background administrator list.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：86 | 回复：0
CVE-2021-40956

LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:53 | 阅读：84 | 回复：0
CVE-2017-20089

A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The atta ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：224 | 回复：0
CVE-2017-20090

A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：176 | 回复：0
CVE-2017-20091

A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to ini ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：151 | 回复：0
CVE-2022-31009

wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multi ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：143 | 回复：0
CVE-2022-34305

In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data witho ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：309 | 回复：0
CVE-2022-2175

Buffer Over-read in GitHub repository vim/vim prior to 8.2.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：137 | 回复：0
CVE-2021-26636

Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-7-7 07:52 | 阅读：124 | 回复：0
CVE-2017-20085

A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The a ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:51 | 阅读：341 | 回复：0
CVE-2017-20086

A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack r ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:51 | 阅读：705 | 回复：0
CVE-2017-20087

A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to b ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:51 | 阅读：237 | 回复：0
CVE-2017-20088

A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack ...……

作者：菜鸟教程小白 | 时间：2022-7-7 07:51 | 阅读：222 | 回复：0
CVE-2022-0331

An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：76 | 回复：0
CVE-2022-25521

UNNO v03.11.00 was discovered to contain access control issue.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：72 | 回复：0
CVE-2022-26269

Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：80 | 回复：0
CVE-2022-23937

In Wind River VxWorks 6.9 and 7, a specific crafted packet may lead to an out-of-bounds read during an IKE initial exchange scenario.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：103 | 回复：0
CVE-2022-24956

An issue was discovered in Shopware B2B-Suite through 4.4.1. The sort-by parameter of the search functionality of b2border and b2borderlist allows SQL injection. Possible techniques are boolean-based ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：100 | 回复：0
CVE-2022-24957

DHC Vision eQMS through 5.4.8.322 has Persistent XSS due to insufficient encoding of untrusted input/output. To exploit the vulnerability, the attacker has to create or edit a new information object a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：96 | 回复：0
CVE-2022-25420

NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：98 | 回复：0
CVE-2022-1072

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-26254. Reason: This candidate is a reservation duplicate of CVE-2022-26254. Notes: All CVE users should reference CVE-2022-26254 ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：78 | 回复：0
CVE-2022-1073

A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：83 | 回复：0
CVE-2022-1074

A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input h1HTML Injection/h1 in the WiFi settings of the dashboard leads to html injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：87 | 回复：0
CVE-2022-1075

A vulnerability was found in College Website Management System 1.0 and classified as problematic. Affected by this issue is the file /cwms/classes/Master.php?f=save_contact of the component Contact Ha ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：94 | 回复：0
CVE-2022-1076

A vulnerability was found in Automatic Question Paper Generator System 1.0. It has been classified as problematic. This affects the file /aqpg/users/login.php of the component My Account Page. The man ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：88 | 回复：0
CVE-2022-1077

A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：95 | 回复：0
CVE-2022-1078

A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：83 | 回复：0
CVE-2022-1079

A vulnerability classified as problematic has been found in SourceCodester One Church Management System. Affected are multiple files and parameters which are prone to to cross site scripting. It is po ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：74 | 回复：0
CVE-2022-1080

A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the ar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：79 | 回复：0
CVE-2022-1081

A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been declared as problematic. This vulnerability affects the file /mims/app/addcustomerHandler.php. The manipulat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：69 | 回复：0