• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2022-0948
    CVE漏洞
    CVE-2022-0948
    The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, l ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:60 | 回复:0
  • CVE-2022-0898
    CVE漏洞
    CVE-2022-0898
    The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scri ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:72 | 回复:0
  • CVE-2022-0874
    CVE漏洞
    CVE-2022-0874
    The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilter ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:55 | 回复:0
  • CVE-2022-0836
    CVE漏洞
    CVE-2022-0836
    The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthe ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:46 | 回复:0
  • CVE-2022-0826
    CVE漏洞
    CVE-2022-0826
    The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthent ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:45 | 回复:0
  • CVE-2022-0817
    CVE漏洞
    CVE-2022-0817
    The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated us ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:38 | 回复:0
  • CVE-2022-0814
    CVE漏洞
    CVE-2022-0814
    The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:39 | 回复:0
  • CVE-2022-0625
    CVE漏洞
    CVE-2022-0625
    The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:39 | 回复:0
  • CVE-2022-0592
    CVE漏洞
    CVE-2022-0592
    The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated use ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:41 | 回复:0
  • CVE-2022-0424
    CVE漏洞
    CVE-2022-0424
    The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:51 | 回复:0
  • CVE-2021-20479
    CVE漏洞
    CVE-2021-20479
    IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:65 | 回复:0
  • CVE-2019-25060
    CVE漏洞
    CVE-2019-25060
    The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a Grap ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:96 | 回复:0
  • CVE-2022-27224
    CVE漏洞
    CVE-2022-27224
    An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools secti ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:75 | 回复:0
  • CVE-2022-23332
    CVE漏洞
    CVE-2022-23332
    Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:74 | 回复:0
  • CVE-2022-1631
    CVE漏洞
    CVE-2022-1631
    Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easil ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:63 | 回复:0
  • CVE-2022-30286
    CVE漏洞
    CVE-2022-30286
    pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:49 | 回复:0
  • CVE-2022-30333
    CVE漏洞
    CVE-2022-30333
    RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRA ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:60 | 回复:0
  • CVE-2022-23066
    CVE漏洞
    CVE-2022-23066
    In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:47 | 回复:0
  • CVE-2022-28463
    CVE漏洞
    CVE-2022-28463
    ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:40 | 回复:0
  • CVE-2022-28470
    CVE漏洞
    CVE-2022-28470
    marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:43 | 回复:0
  • CVE-2022-1620
    CVE漏洞
    CVE-2022-1620
    NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:64 | 回复:0
  • CVE-2022-1619
    CVE漏洞
    CVE-2022-1619
    Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote exe ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:52 | 回复:0
  • CVE-2018-25033
    CVE漏洞
    CVE-2018-25033
    ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:64 | 回复:0
  • CVE-2022-1616
    CVE漏洞
    CVE-2022-1616
    Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote exe ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:66 | 回复:0
  • CVE-2022-30334
    CVE漏洞
    CVE-2022-30334
    Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises N ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:84 | 回复:0
  • CVE-2022-30330
    CVE漏洞
    CVE-2022-30330
    In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or has unspec ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:122 | 回复:0
  • CVE-2022-29180
    CVE漏洞
    CVE-2022-29180
    A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release (htt ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:76 | 回复:0
  • CVE-2022-25324
    CVE漏洞
    CVE-2022-25324
    All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regard ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:64 | 回复:0
  • CVE-2021-23792
    CVE漏洞
    CVE-2021-23792
    The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attac ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:48 | 回复:0
  • CVE-2021-23592
    CVE漏洞
    CVE-2021-23592
    The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:52 | 回复:0
  • CVE-2022-29423
    CVE漏洞
    CVE-2022-29423
    Pro Features Lock Bypass vulnerability in Countdown Clock plugin = 2.3.2 at WordPress.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:44 | 回复:0
  • CVE-2022-29422
    CVE漏洞
    CVE-2022-29422
    Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat's Countdown Clock plugin = 2.3.2 at WordPress via ycd-countdown-width, ycd-progress-height, ycd ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:53 | 回复:0
  • CVE-2022-28279
    CVE漏洞
    CVE-2022-28279
    Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. E ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:36 | 回复:0
  • CVE-2022-28278
    CVE漏洞
    CVE-2022-28278
    Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:26 | 回复:0
  • CVE-2022-28277
    CVE漏洞
    CVE-2022-28277
    Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:25 | 回复:0
  • CVE-2022-28276
    CVE漏洞
    CVE-2022-28276
    Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:24 | 回复:0
  • CVE-2022-28275
    CVE漏洞
    CVE-2022-28275
    Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:27 | 回复:0
  • CVE-2022-28274
    CVE漏洞
    CVE-2022-28274
    Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:31 | 回复:0
  • CVE-2022-28273
    CVE漏洞
    CVE-2022-28273
    Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:27 | 回复:0
  • CVE-2022-28272
    CVE漏洞
    CVE-2022-28272
    Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:33 | 阅读:43 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap