漏洞 - 第139页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-29904

The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773) allows SQL injection with certain '-' and '_' constraints. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：174 | 回复：0
CVE漏洞

CVE-2022-29903

The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension's configuration. The attacker mu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：166 | 回复：0
CVE漏洞

CVE-2022-24449

Solar appScreener through 3.10.4, when a valid license is not present, allows XXE and SSRF attacks via a crafted XML document.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：181 | 回复：0
CVE漏洞

CVE-2022-29556

The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant acti ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：271 | 回复：0
CVE漏洞

CVE-2022-29555

The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：190 | 回复：0
CVE漏洞

CVE-2022-29081

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360 before 5401 are vulnerable to access-control bypass on a few Rest API URLs (for SSOutAction. SSLAction. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：155 | 回复：0
CVE漏洞

CVE-2022-28477

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：160 | 回复：0
CVE漏洞

CVE-2022-28454

Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：144 | 回复：0
CVE漏洞

CVE-2022-28060

SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：179 | 回复：0
CVE漏洞

CVE-2022-24898

org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a scrip ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：201 | 回复：0
CVE漏洞

CVE-2022-29413

Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin = 3.1.6 on WordPress via title parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：172 | 回复：0
CVE漏洞

CVE-2022-29412

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin = 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：148 | 回复：0
CVE漏洞

CVE-2022-29585

In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (ra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:18 | 阅读：137 | 回复：0
CVE漏洞

CVE-2022-29411

SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin = 3.1.6 on WordPress allows attackers to execute SQLi attack via (id).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：129 | 回复：0
CVE漏洞

CVE-2022-29410

Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin = 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (ids).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：123 | 回复：0
CVE漏洞

CVE-2022-29584

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：188 | 回复：0
CVE漏洞

CVE-2022-29415

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin = 2.16 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：144 | 回复：0
CVE漏洞

CVE-2022-28892

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：201 | 回复：0
CVE漏洞

CVE-2022-27860

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin = 2.0.3 on WordPress.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：167 | 回复：0
CVE漏洞

CVE-2022-22443

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：178 | 回复：0
CVE漏洞

CVE-2022-22441

IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：149 | 回复：0
CVE漏洞

CVE-2022-22427

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：139 | 回复：0
CVE漏洞

CVE-2022-22322

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：177 | 回复：0
CVE漏洞

CVE-2022-1514

Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：135 | 回复：0
CVE漏洞

CVE-2021-38952

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：134 | 回复：0
CVE漏洞

CVE-2022-28117

A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the fe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：151 | 回复：0
CVE漏洞

CVE-2022-28114

DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：192 | 回复：0
CVE漏洞

CVE-2022-24892

Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：167 | 回复：0
CVE漏洞

CVE-2022-24879

Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the C ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：137 | 回复：0
CVE漏洞

CVE-2022-22783

A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected cli ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：119 | 回复：0
CVE漏洞

CVE-2022-22782

The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.1 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：159 | 回复：0
CVE漏洞

CVE-2022-22781

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：119 | 回复：0
CVE漏洞

CVE-2022-1511

Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：126 | 回复：0
CVE漏洞

CVE-2021-43939

Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：150 | 回复：0
CVE漏洞

CVE-2021-43934

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：178 | 回复：0
CVE漏洞

CVE-2021-43932

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：240 | 回复：0
CVE漏洞

CVE-2021-43930

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download ar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：182 | 回复：0
CVE漏洞

CVE-2022-28102

A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：199 | 回复：0
CVE漏洞

CVE-2022-28101

Turtlapp Turtle Note v0.7.2.6 does not filter the meta tag during markdown parsing, allowing attackers to execute HTML injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：174 | 回复：0
CVE漏洞

CVE-2022-24873

Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. User ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：127 | 回复：0