• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2022-29315
    CVE漏洞
    CVE-2022-29315
    Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:29 | 回复:0
  • CVE-2022-27927
    CVE漏洞
    CVE-2022-27927
    A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vu ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:24 | 回复:0
  • CVE-2022-26595
    CVE漏洞
    CVE-2022-26595
    Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authentic ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:25 | 回复:0
  • CVE-2022-26593
    CVE漏洞
    CVE-2022-26593
    Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:28 | 回复:0
  • CVE-2021-43129
    CVE漏洞
    CVE-2021-43129
    A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right cl ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:22 | 回复:0
  • CVE-2021-41570
    CVE漏洞
    CVE-2021-41570
    Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:24 | 回复:0
  • CVE-2022-0645
    CVE漏洞
    CVE-2022-0645
    Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:24 | 回复:0
  • CVE-2022-1065
    CVE漏洞
    CVE-2022-1065
    A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-0 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:28 | 回复:0
  • CVE-2022-28108
    CVE漏洞
    CVE-2022-28108
    Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:26 | 回复:0
  • CVE-2022-29464
    CVE漏洞
    CVE-2022-29464
    Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:55 | 回复:0
  • CVE-2022-24841
    CVE漏洞
    CVE-2022-24841
    fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without team ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:34 | 回复:0
  • CVE-2022-29458
    CVE漏洞
    CVE-2022-29458
    ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:53 | 回复:0
  • CVE-2022-29457
    CVE漏洞
    CVE-2022-29457
    Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:51 | 回复:0
  • CVE-2022-24863
    CVE漏洞
    CVE-2022-24863
    http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service atta ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:51 | 回复:0
  • CVE-2022-24859
    CVE漏洞
    CVE-2022-24859
    PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can cr ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:63 | 回复:0
  • CVE-2022-1112
    CVE漏洞
    CVE-2022-1112
    The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored C ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:37 | 回复:0
  • CVE-2022-1091
    CVE漏洞
    CVE-2022-1091
    The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:26 | 回复:0
  • CVE-2022-1090
    CVE漏洞
    CVE-2022-1090
    The Good Bad Comments WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:23 | 回复:0
  • CVE-2022-1088
    CVE漏洞
    CVE-2022-1088
    The Page Security Membership WordPress plugin through 1.5.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scrip ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:19 | 回复:0
  • CVE-2022-1063
    CVE漏洞
    CVE-2022-1063
    The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:20 | 回复:0
  • CVE-2022-1054
    CVE漏洞
    CVE-2022-1054
    The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:22 | 回复:0
  • CVE-2022-1037
    CVE漏洞
    CVE-2022-1037
    The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:21 | 回复:0
  • CVE-2022-0879
    CVE漏洞
    CVE-2022-0879
    The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:11 | 回复:0
  • CVE-2022-1020
    CVE漏洞
    CVE-2022-1020
    The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unaut ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:20 | 回复:0
  • CVE-2022-1001
    CVE漏洞
    CVE-2022-1001
    The WP Downgrade WordPress plugin before 1.2.3 only perform client side validation of its WordPress Target Version settings, but does not sanitise and escape it server side, allowing high privilege us ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:11 | 回复:0
  • CVE-2022-0994
    CVE漏洞
    CVE-2022-0994
    The Hummingbird WordPress plugin before 3.3.2 does not sanitise and escape the Config Name, which could allow high privilege users, such as admin to perform cross-Site Scripting attacks even when the ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:14 | 回复:0
  • CVE-2022-0785
    CVE漏洞
    CVE-2022-0785
    The Daily Prayer Time WordPress plugin before 2022.03.01 does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action (available to una ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:10 | 回复:0
  • CVE-2022-0780
    CVE漏洞
    CVE-2022-0780
    The SearchIQ WordPress plugin before 3.9 contains a flag to disable the verification of CSRF nonces, granting unauthenticated attackers access to the siq_ajax AJAX action and allowing them to perform ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:7 | 回复:0
  • CVE-2022-0765
    CVE漏洞
    CVE-2022-0765
    The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:12 | 回复:0
  • CVE-2022-0737
    CVE漏洞
    CVE-2022-0737
    The Text Hover WordPress plugin before 4.2 does not sanitize and escape the text to hover, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:12 | 回复:0
  • CVE-2022-0707
    CVE漏洞
    CVE-2022-0707
    The Easy Digital Downloads WordPress plugin before 2.11.6 does not have CSRF check in place when inserting payment notes, which could allow attackers to make a logged admin insert arbitrary notes via ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:12 | 回复:0
  • CVE-2022-0706
    CVE漏洞
    CVE-2022-0706
    The Easy Digital Downloads WordPress plugin before 2.11.6 does not sanitise and escape the Downloadable File Name in the Logs, which could allow high privilege users to perform Cross-Site Scripting at ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:12 | 回复:0
  • CVE-2022-0661
    CVE漏洞
    CVE-2022-0661
    The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or java ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:13 | 回复:0
  • CVE-2021-25120
    CVE漏洞
    CVE-2021-25120
    The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross- ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:14 | 回复:0
  • CVE-2022-27853
    CVE漏洞
    CVE-2022-27853
    Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) in Contest Gallery (WordPress plugin) = 13.1.0.9……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:15 | 回复:0
  • CVE-2022-27652
    CVE漏洞
    CVE-2022-27652
    A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:14 | 回复:0
  • CVE-2022-27530
    CVE漏洞
    CVE-2022-27530
    A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be expl ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:14 | 回复:0
  • CVE-2022-27529
    CVE漏洞
    CVE-2022-27529
    A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerabilit ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:15 | 回复:0
  • CVE-2022-27526
    CVE漏洞
    CVE-2022-27526
    A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:14 | 回复:0
  • CVE-2022-27525
    CVE漏洞
    CVE-2022-27525
    A malicious crafted .dwf file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other v ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:15 | 阅读:14 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap