• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2022-22344
    CVE漏洞
    CVE-2022-22344
    IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct v ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:69 | 回复:0
  • CVE-2021-39055
    CVE漏洞
    CVE-2021-39055
    IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:104 | 回复:0
  • CVE-2021-39051
    CVE漏洞
    CVE-2021-39051
    IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could e ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:208 | 回复:0
  • CVE-2021-38971
    CVE漏洞
    CVE-2021-38971
    IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:114 | 回复:0
  • CVE-2022-0962
    CVE漏洞
    CVE-2022-0962
    Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:93 | 回复:0
  • CVE-2022-24577
    CVE漏洞
    CVE-2022-24577
    GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen. (gf_utf8_wcslen is a renamed Unicode utf8_wcslen function.)……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:94 | 回复:0
  • CVE-2022-22735
    CVE漏洞
    CVE-2022-22735
    The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:88 | 回复:0
  • CVE-2022-22734
    CVE漏洞
    CVE-2022-22734
    The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:92 | 回复:0
  • CVE-2022-0960
    CVE漏洞
    CVE-2022-0960
    Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:56 | 回复:0
  • CVE-2022-0703
    CVE漏洞
    CVE-2022-0703
    The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfilt ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:84 | 回复:0
  • CVE-2022-0702
    CVE漏洞
    CVE-2022-0702
    The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html c ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:102 | 回复:0
  • CVE-2022-0701
    CVE漏洞
    CVE-2022-0701
    The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:82 | 回复:0
  • CVE-2022-0700
    CVE漏洞
    CVE-2022-0700
    The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_ ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:80 | 回复:0
  • CVE-2022-0684
    CVE漏洞
    CVE-2022-0684
    The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltere ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:70 | 回复:0
  • CVE-2022-0674
    CVE漏洞
    CVE-2022-0674
    The Kunze Law WordPress plugin before 2.1 does not escape its 'E-Mail Error From Address' settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even whe ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:53 | 回复:0
  • CVE-2022-0659
    CVE漏洞
    CVE-2022-0659
    The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_htm ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:49 | 回复:0
  • CVE-2022-0658
    CVE漏洞
    CVE-2022-0658
    The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamica ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:57 | 回复:0
  • CVE-2022-0648
    CVE漏洞
    CVE-2022-0648
    The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross- ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:47 | 回复:0
  • CVE-2022-0601
    CVE漏洞
    CVE-2022-0601
    The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scri ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:58 | 回复:0
  • CVE-2022-0593
    CVE漏洞
    CVE-2022-0593
    The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated use ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:54 | 回复:0
  • CVE-2022-0503
    CVE漏洞
    CVE-2022-0503
    The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site S ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:57 | 回复:0
  • CVE-2022-0478
    CVE漏洞
    CVE-2022-0478
    The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/ed ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:45 | 回复:0
  • CVE-2022-0449
    CVE漏洞
    CVE-2022-0449
    The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:55 | 回复:0
  • CVE-2022-0399
    CVE漏洞
    CVE-2022-0399
    The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener A ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:61 | 回复:0
  • CVE-2022-0327
    CVE漏洞
    CVE-2022-0327
    The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX acti ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:76 | 回复:0
  • CVE-2022-0321
    CVE漏洞
    CVE-2022-0321
    The WP Voting Contest WordPress plugin before 3.0 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:58 | 回复:0
  • CVE-2022-0254
    CVE漏洞
    CVE-2022-0254
    The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:72 | 回复:0
  • CVE-2022-0248
    CVE漏洞
    CVE-2022-0248
    The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauth ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:76 | 回复:0
  • CVE-2022-0230
    CVE漏洞
    CVE-2022-0230
    The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to pe ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:91 | 回复:0
  • CVE-2022-0169
    CVE漏洞
    CVE-2022-0169
    The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:84 | 回复:0
  • CVE-2022-0165
    CVE漏洞
    CVE-2022-0165
    The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated an ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:62 | 回复:0
  • CVE-2022-0161
    CVE漏洞
    CVE-2022-0161
    The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:56 | 回复:0
  • CVE-2022-0147
    CVE漏洞
    CVE-2022-0147
    The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:51 | 回复:0
  • CVE-2021-44964
    CVE漏洞
    CVE-2021-44964
    Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:71 | 回复:0
  • CVE-2021-42171
    CVE漏洞
    CVE-2021-42171
    Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:86 | 回复:0
  • CVE-2021-41952
    CVE漏洞
    CVE-2021-41952
    Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. Th ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:91 | 回复:0
  • CVE-2021-25026
    CVE漏洞
    CVE-2021-25026
    The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field Custom Patreon Page name, which could allow high privilege users to perform Cross-Site Scripting attacks even when the ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:107 | 回复:0
  • CVE-2021-25007
    CVE漏洞
    CVE-2021-25007
    The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:157 | 回复:0
  • CVE-2021-25006
    CVE漏洞
    CVE-2021-25006
    The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:108 | 回复:0
  • CVE-2021-25003
    CVE漏洞
    CVE-2021-25003
    The WPCargo Track Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:52 | 阅读:75 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap