漏洞 - 第103页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-25766

The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-24237

The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-24236

An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-24235

A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-26960

connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-22394

The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-26494

An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a wo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-45117

The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：29 | 回复：0
CVE漏洞

CVE-2020-24772

In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. W ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-25570

In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has writ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-1035

Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-24656

HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-0415

Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-45878

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-45877

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-45876

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-1004

Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-0475

Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x ve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-36100

Specially crafted string in OTRS system configuration can allow the execution of any system command.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-25505

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \include\Model\Category.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：41 | 回复：0
CVE漏洞

CVE-2022-26555

A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:55 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-42194

The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：83 | 回复：0
CVE漏洞

CVE-2021-39384

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：84 | 回复：0
CVE漏洞

CVE-2021-39383

DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：114 | 回复：0
CVE漏洞

CVE-2020-26008

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploadin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：65 | 回复：0
CVE漏洞

CVE-2020-26007

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：57 | 回复：0
CVE漏洞

CVE-2022-25462

Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-26247

TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-26246

TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-25464

A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-44345

Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-24125

The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-24126

A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a differ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：55 | 回复：0
CVE漏洞

CVE-2022-0991

Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-27226

A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-26267

Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：119 | 回复：0
CVE漏洞

CVE-2022-26266

Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-26265

Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：70 | 回复：0
CVE漏洞

CVE-2022-25581

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:54 | 阅读：80 | 回复：0