漏洞 - 第143页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-35250

A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-29419

SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin = 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：69 | 回复：0
CVE漏洞

CVE-2022-29418

Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin = 1.0.0 on WordPress via vulnerable parameters: ntmode_page_setting, ntmode_page_setting, ntmode ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：96 | 回复：0
CVE漏洞

CVE-2022-29417

Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin = 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：137 | 回复：0
CVE漏洞

CVE-2022-28290

Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specifie ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：93 | 回复：0
CVE漏洞

CVE-2022-25866

The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and ref ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：60 | 回复：0
CVE漏洞

CVE-2022-1441

MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In thi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：74 | 回复：0
CVE漏洞

CVE-2022-0477

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-27375

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-27374

Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：153 | 回复：0
CVE漏洞

CVE-2022-26597

Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：77 | 回复：0
CVE漏洞

CVE-2022-26596

Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-24792

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-22392

IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：25 | 回复：0
CVE漏洞

CVE-2022-1396

The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-1392

The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-1391

The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-1390

The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter given to readfile(), which could allow unauthenticated attackers to read arbitrary files on server running ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-1228

The Opensea WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, like its Referer address field, which could allow high privilege users to perform Cross-Site Scripting atta ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-1156

The Books Papers WordPress plugin through 0.20210223 does not escape its Custom DB prefix settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-1153

The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perfor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-1152

The Menubar WordPress plugin before 5.8 does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action (available to any authenticated users), ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-1094

The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-1092

The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-1027

The Page Restriction WordPress (WP) WordPress plugin before 1.2.7 allows bad actors with administrator privileges to the settings page to inject Javascript code to its settings leading to stored Cross ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-0953

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cros ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-0876

The Social comments by WpDevArt WordPress plugin before 2.5.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-0782

The Donations WordPress plugin through 1.8 does not sanitise and escape the nd_donations_id parameter before using it in a SQL statement via the nd_donations_single_cause_form_validate_fields_php_func ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：55 | 回复：0
CVE漏洞

CVE-2022-0769

The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：94 | 回复：0
CVE漏洞

CVE-2022-0693

The Master Elements WordPress plugin through 8.0 does not validate and escape the meta_ids parameter of its remove_post_meta_condition AJAX action (available to both unauthenticated and authenticated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：69 | 回复：0
CVE漏洞

CVE-2022-0657

The 5 Stars Rating Funnel WordPress Plugin | RRatingg WordPress plugin before 1.2.54 does not properly sanitise, validate and escape lead ids before using them in a SQL statement via the rrtngg_delete ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-0656

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated user ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-0634

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization checks in the ta_insert_external_image action, allowing a low-privilege user (with a role as low as Subs ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-0541

The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-0398

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-0363

The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-0287

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retriev ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-4225

The SP Project Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that coul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-46782

The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scrip ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：136 | 回复：0
CVE漏洞

CVE-2021-46781

The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：84 | 回复：0