CVE漏洞

OGeek|极客世界-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-27147

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / admin credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：37 | 回复：0
CVE-2021-27148

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded telecomadmin / nE7jA%5m credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：31 | 回复：0
CVE-2021-27149

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded adminpldt / z6dUABtl270qRxt7a2uGTiw credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：30 | 回复：0
CVE-2021-27150

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded gestiontelebucaramanga / t3l3buc4r4m4ng42013 credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：39 | 回复：0
CVE-2021-27151

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded rootmet / m3tr0r00t credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：28 | 回复：0
CVE-2021-27152

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded awnfibre / fibre@dm!n credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：48 | 回复：0
CVE-2021-27153

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded trueadmin / admintrue credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：33 | 回复：0
CVE-2021-27154

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / G0R2U1P2ag credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：33 | 回复：0
CVE-2021-27155

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 3UJUh2VemEfUtesEchEC2d2e credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：32 | 回复：0
CVE-2021-27156

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains credentials for an ISP that equal the last part of the MAC address of the br0 interface.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：29 | 回复：0
CVE-2021-27157

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 888888 credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：34 | 回复：0
CVE-2021-27158

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded L1vt1m4eng / 888888 credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：33 | 回复：0
CVE-2021-27159

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded useradmin / 888888 credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：32 | 回复：0
CVE-2021-27160

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / 888888 credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：29 | 回复：0
CVE-2021-27161

An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / 1234 credentials for an ISP.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:40 | 阅读：30 | 回复：0
CVE-2021-25122

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：70 | 回复：0
CVE-2021-25329

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61 or 7.0.0. to 7.0.107 with a configuration edge case that was highly unlikely ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：91 | 回复：0
CVE-2020-7929

A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions pr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：82 | 回复：0
CVE-2020-9479

When loading a UDF, a specially crafted zip file could allow files to be placed outside of the UDF deployment directory. This issue affected Apache AsterixDB unreleased builds between commits 580b81aa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：86 | 回复：0
CVE-2021-25829

An improper binary stream data handling issue was found in the module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. Using this bug, an attacker is able to produce a denial of service attack that can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：84 | 回复：0
CVE-2021-25830

A file extension handling issue was found in module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：122 | 回复：0
CVE-2021-25831

A file extension handling issue was found in module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the cha ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：90 | 回复：0
CVE-2021-25832

A heap buffer overflow vulnerability inside of BMP image processing was found at module of ONLYOFFICE DocumentServer v4.0.0-9-v6.0.0. Using this vulnerability, an attacker is able to gain remote code ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：100 | 回复：0
CVE-2021-25833

A file extension handling issue was found in module of ONLYOFFICE DocumentServer v4.2.0.71-v5.6.0.21. The file extension is controlled by an attacker through the request data and leads to arbitrary f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：109 | 回复：0
CVE-2018-25004

A user authorized to performing a specific type of query may trigger a denial of service by issuing a generic explain command on a find query. This issue affects: MongoDB Inc. MongoDB Server v4.0 vers ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：90 | 回复：0
CVE-2020-36240

The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF di ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：79 | 回复：0
CVE-2021-22114

Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：86 | 回复：0
CVE-2021-25914

Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：80 | 回复：0
CVE-2021-21515

Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user session ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：87 | 回复：0
CVE-2021-21517

SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A rem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：94 | 回复：0
CVE-2021-27317

Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：87 | 回复：0
CVE-2021-27318

Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：75 | 回复：0
CVE-2021-3332

WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：104 | 回复：0
CVE-2021-26475

EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：104 | 回复：0
CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：103 | 回复：0
CVE-2021-26702

EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：90 | 回复：0
CVE-2021-26703

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：104 | 回复：0
CVE-2021-26704

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：100 | 回复：0
CVE-2021-27876

An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communica ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：106 | 回复：0
CVE-2021-27877

An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current ver ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:39 | 阅读：100 | 回复：0