漏洞 - 第144页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-46780

The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：82 | 回复：0
CVE漏洞

CVE-2021-39040

IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable fil ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-25111

The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-25094

The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-24957

The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authentic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-24805

The DW Question Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as updat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-24800

The DW Question Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-29078

The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings. This is parsed as an internal option, and overwrites the outputFunctionName opt ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-28094

SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-28093

SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-26111

The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-28586

XSS in edit page of Hoosk 1.8.0 allows attacker to execute javascript code in user browser via edit page with XSS payload bypass filter some special chars.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：14 | 回复：0
CVE漏洞

CVE-2022-28506

There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-28053

Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：12 | 回复：0
CVE漏洞

CVE-2022-27429

Jizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：15 | 回复：0
CVE漏洞

CVE-2022-27428

A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_nam ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-27311

Gibbon v3.4.4 and below allows attackers to execute a Server-Side Request Forgery (SSRF) via a crafted URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：16 | 回复：0
CVE漏洞

CVE-2022-27135

xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-27103

element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-36460

VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account's password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registrat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-28871

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-1461

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-45842

It is possible to obtain the first administrator's hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-45841

In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target's MAC address and the user's password hash. Guest users (disabled b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-45840

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending specifically crafted input to /tos/index.php?app/app_start_stop.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-45839

It is possible to obtain the first administrator's hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-45837

It is possible to execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by sending a specifically crafted input to /tos/index.php?app/del.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-45836

An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-1459

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-1458

Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-1457

Store XSS in title parameter executing at EditUser Page EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequence ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-29264

An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-36628

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-40680. Reason: This candidate is a reservation duplicate of CVE-2021-40680. Notes: All CVE users should reference CVE-2021-40680 ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-40680

There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-29603

A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：74 | 回复：0
CVE漏洞

CVE-2019-25059

Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-29546

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-29077

A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-1452

Out-of-bounds Read in r_bin_java_bootstrap_methods_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-1451

Out-of-bounds Read in r_bin_java_constant_value_attr_new function in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end 2f the intented buffer. Typi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:17 | 阅读：21 | 回复：0