• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2022-24737
    CVE漏洞
    CVE-2022-24737
    HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming response ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:55 | 回复:0
  • CVE-2022-24738
    CVE漏洞
    CVE-2022-24738
    Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:74 | 回复:0
  • CVE-2022-22351
    CVE漏洞
    CVE-2022-22351
    IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted ho ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:80 | 回复:0
  • CVE-2021-38989
    CVE漏洞
    CVE-2021-38989
    IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:89 | 回复:0
  • CVE-2021-38988
    CVE漏洞
    CVE-2021-38988
    IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:79 | 回复:0
  • CVE-2022-0756
    CVE漏洞
    CVE-2022-0756
    Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:95 | 回复:0
  • CVE-2022-0755
    CVE漏洞
    CVE-2022-0755
    Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:120 | 回复:0
  • CVE-2022-0754
    CVE漏洞
    CVE-2022-0754
    SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:172 | 回复:0
  • CVE-2021-4199
    CVE漏洞
    CVE-2021-4199
    Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Secu ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:101 | 回复:0
  • CVE-2021-4198
    CVE漏洞
    CVE-2021-4198
    A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:96 | 回复:0
  • CVE-2022-0535
    CVE漏洞
    CVE-2022-0535
    The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htm ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:131 | 回复:0
  • CVE-2022-0533
    CVE漏洞
    CVE-2022-0533
    The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:71 | 回复:0
  • CVE-2022-0448
    CVE漏洞
    CVE-2022-0448
    The CP Blocks WordPress plugin before 1.0.15 does not sanitise and escape its License ID settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilter ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:58 | 回复:0
  • CVE-2022-0445
    CVE漏洞
    CVE-2022-0445
    The WordPress Real Cookie Banner: GDPR (DSGVO) ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logg ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:54 | 回复:0
  • CVE-2022-0442
    CVE漏洞
    CVE-2022-0442
    The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrit ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:51 | 回复:0
  • CVE-2022-0441
    CVE漏洞
    CVE-2022-0441
    The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:60 | 回复:0
  • CVE-2022-0440
    CVE漏洞
    CVE-2022-0440
    The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:62 | 回复:0
  • CVE-2022-0439
    CVE漏洞
    CVE-2022-0439
    The Email Subscribers Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQ ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:74 | 回复:0
  • CVE-2022-0434
    CVE漏洞
    CVE-2022-0434
    The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the post_ids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and aut ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:103 | 回复:0
  • CVE-2022-0429
    CVE漏洞
    CVE-2022-0429
    The WP Cerber Security, Anti-spam Malware Scan WordPress plugin before 8.9.6 does not sanitise the $url variable before using it in an attribute in the Activity tab in the plugins dashboard, leading ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:105 | 回复:0
  • CVE-2022-0426
    CVE漏洞
    CVE-2022-0426
    The Product Feed PRO for WooCommerce WordPress plugin before 11.2.3 does not escape the rowCount parameter before outputting it back in an attribute via the woosea_categories_dropdown AJAX action (ava ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:116 | 回复:0
  • CVE-2022-0422
    CVE漏洞
    CVE-2022-0422
    The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcms parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scrip ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:259 | 回复:0
  • CVE-2022-0420
    CVE漏洞
    CVE-2022-0420
    The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id parameter before using it in a SQL statement in the Automation admin dashboard, allowing high privileg ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:50 | 阅读:432 | 回复:0
  • CVE-2022-0410
    CVE漏洞
    CVE-2022-0410
    The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:153 | 回复:0
  • CVE-2022-0389
    CVE漏洞
    CVE-2022-0389
    The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltere ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:96 | 回复:0
  • CVE-2022-0384
    CVE漏洞
    CVE-2022-0384
    The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:119 | 回复:0
  • CVE-2022-0349
    CVE漏洞
    CVE-2022-0349
    The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:84 | 回复:0
  • CVE-2022-0347
    CVE漏洞
    CVE-2022-0347
    The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Sc ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:61 | 回复:0
  • CVE-2022-0267
    CVE漏洞
    CVE-2022-0267
    The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:64 | 回复:0
  • CVE-2022-0205
    CVE漏洞
    CVE-2022-0205
    The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Sc ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:65 | 回复:0
  • CVE-2022-0163
    CVE漏洞
    CVE-2022-0163
    The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitra ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:80 | 回复:0
  • CVE-2021-25098
    CVE漏洞
    CVE-2021-25098
    The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:82 | 回复:0
  • CVE-2021-25087
    CVE漏洞
    CVE-2021-25087
    The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:113 | 回复:0
  • CVE-2021-25039
    CVE漏洞
    CVE-2021-25039
    The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:203 | 回复:0
  • CVE-2021-25038
    CVE漏洞
    CVE-2021-25038
    The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmus_source_blog and wmus_record_per_page parameters before outputting them back in attributes, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:147 | 回复:0
  • CVE-2021-25009
    CVE漏洞
    CVE-2021-25009
    The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:117 | 回复:0
  • CVE-2021-24961
    CVE漏洞
    CVE-2021-24961
    The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:95 | 回复:0
  • CVE-2021-24960
    CVE漏洞
    CVE-2021-24960
    The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:111 | 回复:0
  • CVE-2021-24953
    CVE漏洞
    CVE-2021-24953
    The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:132 | 回复:0
  • CVE-2021-24952
    CVE漏洞
    CVE-2021-24952
    The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:49 | 阅读:214 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap