CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-45900

Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：194 | 回复：0
CVE-2022-24790

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the R ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：157 | 回复：0
CVE-2021-33523

MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：199 | 回复：0
CVE-2021-43664

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component processnbsp;forceugpo.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：212 | 回复：0
CVE-2021-46006

In Totolink A3100R V5.9c.4577, test.asp contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：249 | 回复：0
CVE-2021-46007

totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the ping command, and the input field does not adequately filter special symbols. This can lead to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：193 | 回复：0
CVE-2021-46008

In totolink a3100r V5.9c.4577, the hard-coded telnet password can be discovered from official released firmware. An attacker, who has connected to the Wi-Fi, can easily telnet into the target with roo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：207 | 回复：0
CVE-2021-46009

In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：213 | 回复：0
CVE-2021-46010

Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：218 | 回复：0
CVE-2022-25008

totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：187 | 回复：0
CVE-2022-26644

Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：206 | 回复：0
CVE-2022-26645

A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：206 | 回复：0
CVE-2022-26646

Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：214 | 回复：0
CVE-2021-43661

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：245 | 回复：0
CVE-2021-43662

totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：246 | 回复：0
CVE-2021-43663

totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：260 | 回复：0
CVE-2021-20729

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inj ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：289 | 回复：0
CVE-2022-22986

Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：270 | 回复：0
CVE-2022-23183

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the inform ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：256 | 回复：0
CVE-2022-24299

Improper input validation vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：210 | 回复：0
CVE-2022-25348

Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：268 | 回复：0
CVE-2022-26019

Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：260 | 回复：0
CVE-2022-27496

Cross-site scripting vulnerability in Zero-channel BBS Plus v0.7.4 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：248 | 回复：0
CVE-2022-28128

Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：270 | 回复：0
CVE-2022-1191

SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：226 | 回复：0
CVE-2022-25915

Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmwa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：226 | 回复：0
CVE-2022-1176

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：251 | 回复：0
CVE-2022-24136

Hospital Management System v1.0 is affected by an unrestricted upload of dangerous file type vulerability in treatmentrecord.php. To exploit, an attacker can upload any PHP file, and then execute it.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：278 | 回复：0
CVE-2021-34257

Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder ima ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：314 | 回复：0
CVE-2022-0350

Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：269 | 回复：0
CVE-2021-43505

Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：281 | 回复：0
CVE-2021-43506

An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：282 | 回复：0
CVE-2021-36625

An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：364 | 回复：0
CVE-2021-42866

A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：385 | 回复：0
CVE-2021-42867

A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：369 | 回复：0
CVE-2021-42868

A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：379 | 回复：0
CVE-2021-42869

A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：395 | 回复：0
CVE-2021-42946

A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：433 | 回复：0
CVE-2022-22311

IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：417 | 回复：0
CVE-2021-37517

An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：395 | 回复：0