漏洞 - 第180页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-40374

A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-30497

Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-26953

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the strin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-26952

Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-26251

The HTTP interface of Synaman v5.1 and below was discovered to allow authenticated attackers to execute arbitrary code and escalate privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-26250

Synaman v5.1 and below was discovered to contain weak file permissions which allows authenticated attackers to escalate privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-45103

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker can access files stored in S3 cloud storage that a user has asked HTCondor to transfer.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：70 | 回复：0
CVE漏洞

CVE-2022-28468

Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-28467

Online Student Admission v1.0 was discovered to contain a SQL injection vulnerability via the txtapplicationID parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：99 | 回复：0
CVE漏洞

CVE-2022-28116

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：110 | 回复：0
CVE漏洞

CVE-2022-28115

Online Sports Complex Booking v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：70 | 回复：0
CVE漏洞

CVE-2022-27304

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：78 | 回复：0
CVE漏洞

CVE-2022-27124

Insurance Management System 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：153 | 回复：0
CVE漏洞

CVE-2022-27123

Employee Performance Evaluation v1.0 was discovered to contain a SQL injection vulnerability via the email parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：89 | 回复：0
CVE漏洞

CVE-2022-26912

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：88 | 回复：0
CVE漏洞

CVE-2022-26909

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：99 | 回复：0
CVE漏洞

CVE-2022-26908

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：79 | 回复：0
CVE漏洞

CVE-2022-26900

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26908, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-26894

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-26895

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-26891

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-26628

Matrimony v1.0 was discovered to contain a SQL injection vulnerability via the Password parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：75 | 回复：0
CVE漏洞

CVE-2022-24523

Microsoft Edge (Chromium-based) Spoofing Vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-24475

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-202 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-23974

In 0.9.3 or older versions of Apache Pinot segment upload path allowed segment directories to be imported into pinot tables. In pinot installations that allow open access to the controller a specially ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：56 | 回复：0
CVE漏洞

CVE-2022-28219

Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-25373

Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：84 | 回复：0
CVE漏洞

CVE-2022-25245

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：120 | 回复：0
CVE漏洞

CVE-2022-24978

Zoho ManageEngine ADAudit Plus before 7055 allows authenticated Privilege Escalation on Integrated products. This occurs because a password field is present in a JSON response.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：92 | 回复：0
CVE漏洞

CVE-2022-24811

Combodi iTop is a web based IT Service Management tool. Prior to versions 2.7.6 and 3.0.0, cross-site scripting is possible for scripts outside of script tags when displaying HTML attachments. This is ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：66 | 回复：0
CVE漏洞

CVE-2022-24780

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.6 and 3.0.0, users of the iTop user portal can send TWIG code to the server by forging specific http queries, and execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：78 | 回复：0
CVE漏洞

CVE-2022-1244

heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：55 | 回复：0
CVE漏洞

CVE-2022-28651

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：65 | 回复：0
CVE漏洞

CVE-2022-28650

In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-28648

In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-26630

Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：31 | 回复：0
CVE漏洞

CVE-2022-26635

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：14 | 回复：0
CVE漏洞

CVE-2022-22356

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：18 | 回复：0
CVE漏洞

CVE-2022-22355

IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：15 | 回复：0