漏洞 - 第185页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-0830

The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：85 | 回复：0
CVE漏洞

CVE-2022-0825

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive infor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：155 | 回复：0
CVE漏洞

CVE-2022-0709

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：119 | 回复：0
CVE漏洞

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：108 | 回复：0
CVE漏洞

CVE-2022-0431

The Insights from Google PageSpeed WordPress plugin before 4.0.4 does not sanitise and escape various parameters before outputting them back in attributes in the plugin's settings dashboard, leadi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：242 | 回复：0
CVE漏洞

CVE-2022-0404

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：137 | 回复：0
CVE漏洞

CVE-2022-0403

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any aut ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-43463

An Unquoted Service Path vulnerability exists in Ext2Fsd v0.68 via a specially crafted file in the Ext2Srv Service executable service path.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：71 | 回复：0
CVE漏洞

CVE-2021-43462

A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-43461

Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-43460

An Unquoted Service Path vulnerability exists in System Explorer 7.0.0 via via a specially crafted file in the SystemExplorerHelpService service executable path.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-43459

A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-25113

The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：88 | 回复：0
CVE漏洞

CVE-2021-25048

The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cross ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：80 | 回复：0
CVE漏洞

CVE-2022-1026

Kyocera multifunction printers running vulnerable versions of Net View unintentionally expose sensitive user information, including usernames and passwords, through an insufficiently protected address ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-43458

An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：87 | 回复：0
CVE漏洞

CVE-2021-43457

An Unquoted Service Path vulnerability exists in bVPN 2.5.1 via a specially crafted file in the waselvpnserv service path.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：133 | 回复：0
CVE漏洞

CVE-2021-43456

An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：246 | 回复：0
CVE漏洞

CVE-2021-43455

An Unquoted Service Path vulnerability exists in FreeLAN 2.2 via a specially crafted file in the FreeLAN Service path.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：133 | 回复：0
CVE漏洞

CVE-2021-43454

An Unquoted Service Path vulnerability exists in AnyTXT Searcher 1.2.394 via a specially crafted file in the ATService path. .……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：97 | 回复：0
CVE漏洞

CVE-2022-28063

Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：86 | 回复：0
CVE漏洞

CVE-2022-28062

Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：87 | 回复：0
CVE漏洞

CVE-2022-27436

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_user at Ecommerce-Website v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：92 | 回复：0
CVE漏洞

CVE-2022-27435

An unrestricted file upload at /public/admin/index.php?add_product of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：96 | 回复：0
CVE漏洞

CVE-2022-26616

PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：165 | 回复：0
CVE漏洞

CVE-2021-44138

There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：108 | 回复：0
CVE漏洞

CVE-2021-36776

A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：126 | 回复：0
CVE漏洞

CVE-2021-36775

a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：151 | 回复：0
CVE漏洞

CVE-2021-33616

RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：76 | 回复：0
CVE漏洞

CVE-2022-24191

In HTMLDOC 1.9.14, an infinite loop in the gif_read_lzw function can lead to a pointer arbitrarily pointing to heap memory and resulting in a buffer overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：67 | 回复：0
CVE漏洞

CVE-2022-1225

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-1224

Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-1223

Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-1222

Inf loop in GitHub repository gpac/gpac prior to 2.1.0-DEV.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-0939

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.18.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-27249

An unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web ro ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-27248

A directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative pa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：53 | 回复：0
CVE漏洞

CVE-2022-26530

swaylock before 1.6 allows attackers to trigger a crash and achieve unlocked access to a Wayland compositor.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：50 | 回复：0
CVE漏洞

CVE-2022-26233

Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to directory traversal, allowing attackers to access sensitive information and components. Requests must begi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-30066

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:11 | 阅读：49 | 回复：0