漏洞 - 第174页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-0914

The Export All URLs WordPress plugin before 4.3 does not have CSRF in place when exporting data, which could allow attackers to make a logged in admin export all posts and pages (including private and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-0892

The Export All URLs WordPress plugin before 4.2 does not sanitise and escape the CSV filename before outputting it back in the page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-0840

The Easy Social Icons WordPress plugin before 3.2.1 does not properly escape the image_file field when adding a new social icon, allowing high privileged users to inject arbitrary javascript even when ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-0828

The Download Manager WordPress plugin before 3.2.39 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-0728

The Easy Smooth Scroll Links WordPress plugin before 2.23.1 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-0531

The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-0471

The Favicon by RealFaviconGenerator WordPress plugin before 1.3.23 does not properly sanitise and escape the json_result_url parameter before outputting it back in the Favicon admin dashboard, leading ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-0447

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-0314

The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-0271

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-0246

The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by up ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-34250

An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store information and login password.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-25090

The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-24987

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-24986

The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Gri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：71 | 回复：0
CVE漏洞

CVE-2022-27089

In Fujitsu PlugFree Network = 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-27088

Ivanti DSM Remote = 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：80 | 回复：0
CVE漏洞

CVE-2022-27041

Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：91 | 回复：0
CVE漏洞

CVE-2022-26414

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：98 | 回复：0
CVE漏洞

CVE-2022-26413

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：89 | 回复：0
CVE漏洞

CVE-2022-1297

Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：77 | 回复：0
CVE漏洞

CVE-2022-1296

Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-1295

Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-0556

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-1252

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryptio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：57 | 回复：0
CVE漏洞

CVE-2022-1045

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：53 | 回复：0
CVE漏洞

CVE-2022-0936

Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-32162

A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-32161

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-32160

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-32159

A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-32158

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-32157

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-32156

A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：81 | 回复：0
CVE漏洞

CVE-2022-28893

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：84 | 回复：0
CVE漏洞

CVE-2022-27961

A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：81 | 回复：0
CVE漏洞

CVE-2022-27960

Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：71 | 回复：0
CVE漏洞

CVE-2022-27958

Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-27477

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：55 | 回复：0
CVE漏洞

CVE-2022-27476

A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName para ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：52 | 回复：0