漏洞 - 第142页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-27331

An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-41041

In Eclipse Openj9 before version 0.32.0, Java 8 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-27888

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-26564

HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-28918

GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=adminc=customa=plugindelhandleplugin_name=.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-28528

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=contentpage=mediaaction=edit.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-28527

dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-28525

ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_userid=1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-28524

ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-28523

HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-28522

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=homec=messagea=add.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-28521

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=homec=homea=sp_set_config.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-28450

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the Text parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-28449

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-28059

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\database_controller.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-28058

Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \backend\file_controller.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：76 | 回复：0
CVE漏洞

CVE-2022-28448

nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：96 | 回复：0
CVE漏洞

CVE-2022-27854

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher role via wpt_test_ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：112 | 回复：0
CVE漏洞

CVE-2022-24866

Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：129 | 回复：0
CVE漏洞

CVE-2022-1466

Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：155 | 回复：0
CVE漏洞

CVE-2021-36895

Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin = 5.1.4 on WordPress via SVG image upload.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：203 | 回复：0
CVE漏洞

CVE-2021-36867

Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko's Psychological tests quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher user rights.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：171 | 回复：0
CVE漏洞

CVE-2021-26629

A path traversal vulnerability in XPLATFORM's runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：94 | 回复：0
CVE漏洞

CVE-2021-26628

Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insuff ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-28218

An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：90 | 回复：0
CVE漏洞

CVE-2022-24883

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：60 | 回复：0
CVE漏洞

CVE-2022-24882

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：77 | 回复：0
CVE漏洞

CVE-2022-24881

Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-23942

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-1173

stored xss in GitHub repository getgrav/grav prior to 1.7.33.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-27985

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：80 | 回复：0
CVE漏洞

CVE-2022-27984

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：93 | 回复：0
CVE漏洞

CVE-2022-27469

Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：95 | 回复：0
CVE漏洞

CVE-2022-27468

Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：115 | 回复：0
CVE漏洞

CVE-2022-27299

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：82 | 回复：0
CVE漏洞

CVE-2022-24706

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-29806

ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-29499

The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-24880

flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function wou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-23457

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(Str ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：51 | 回复：0