漏洞 - 第177页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-46367

RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny exe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-46437

An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-46436

An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-28002

Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：72 | 回复：0
CVE漏洞

CVE-2022-28001

Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：96 | 回复：0
CVE漏洞

CVE-2022-28000

Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：153 | 回复：0
CVE漏洞

CVE-2022-27992

Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：81 | 回复：0
CVE漏洞

CVE-2022-27991

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /staff_login.php via the Staff ID and Staff Password parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-27357

Ecommerce-Website v1 was discovered to contain an arbitrary file upload vulnerability via /customer_register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-27352

Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-27351

Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /public_html/apply_vacancy. This vulnerability allows attackers to execute arbitrary code via a crafted ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-27349

Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-27348

Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a cra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-27346

Ecommece-Website v1.1.0 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?slides. This vulnerability allows attackers to execute arbitrary code via a crafted PHP fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-27064

Musical World v1 was discovered to contain an arbitrary file upload vulnerability via uploaded_songs.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：19 | 回复：0
CVE漏洞

CVE-2022-27063

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via view_all_comments.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-27062

AeroCMS v0.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-27061

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the Post Image function under the Admin panel. This vulnerability allows attackers to execute arbitrary code via a c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-26624

Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the Title parameter in /vendor/views/add_product.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-1219

SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-28805

singlevar in lparser.c in Lua through 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：23 | 回复：0
CVE漏洞

CVE-2022-28796

jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：22 | 回复：0
CVE漏洞

CVE-2022-24681

Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-43474

An Access Control vulnerability exists in D-Link DIR-823G REVA1 1.02B05 (Lastest) via any parameter in the HNAP1 function……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-43453

A Heap-based Buffer Overflow vulnerability exists in JerryScript 2.4.0 and prior versions via an out-of-bounds read in parser_parse_for_statement_start in the js-parser-statm.c file. This issue is sim ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-36202

Server-Side Request Forgery (SSRF) vulnerability in Johnson Controls Metasys could allow an authenticated attacker to inject malicious code into the MUI PDF export feature. This issue affects: Johnson ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：17 | 回复：0
CVE漏洞

CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-26675

aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote attacker can bypass authentication and perform path traversal attacks to access arbitrary files under w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-26671

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system in ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-26670

D-Link DIR-878 has inadequate filtering for special characters in the webpage input field. An unauthenticated LAN attacker can perform command injection attack to execute arbitrary system commands to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-26612

In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：21 | 回复：0
CVE漏洞

CVE-2022-25597

ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：20 | 回复：0
CVE漏洞

CVE-2022-25596

ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-25595

ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-25594

Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration informati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-23973

ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-23972

ASUS RT-AX56U’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and de ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-23971

ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a syst ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-23970

ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated LAN attacker can overwrite a syst ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：29 | 回复：0
CVE漏洞

CVE-2022-22519

A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：21 | 回复：0