• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-25077
    CVE-2021-25077
    The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cr ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:24 | 回复:0
  • CVE-2021-25029
    CVE-2021-25029
    The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:29 | 回复:0
  • CVE-2021-25004
    CVE-2021-25004
    The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server wit ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:35 | 回复:0
  • CVE-2021-24993
    CVE-2021-24993
    The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:56 | 回复:0
  • CVE-2021-24947
    CVE-2021-24947
    The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:55 | 回复:0
  • CVE-2021-24928
    CVE-2021-24928
    The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL sta ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:79 | 回复:0
  • CVE-2021-24880
    CVE-2021-24880
    The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripti ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:62 | 回复:0
  • CVE-2021-24879
    CVE-2021-24879
    The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:45 | 回复:0
  • CVE-2021-24878
    CVE-2021-24878
    The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the shortcode embed, leading to a Reflected Cross-Site Scripting i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:46 | 回复:0
  • CVE-2021-24843
    CVE-2021-24843
    The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:39 | 回复:0
  • CVE-2021-24839
    CVE-2021-24839
    The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tick ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:40 | 回复:0
  • CVE-2021-46389
    CVE-2021-46389
    IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:30 | 回复:0
  • CVE-2021-46359
    CVE-2021-46359
    FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:29 | 回复:0
  • CVE-2022-23320
    CVE-2022-23320
    XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:29 | 回复:0
  • CVE-2022-0474
    CVE-2022-0474
    Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affect ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:19 | 回复:0
  • CVE-2022-0473
    CVE-2022-0473
    OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exe ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:19 | 回复:0
  • CVE-2022-23184
    CVE-2022-23184
    In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2022-22679
    CVE-2022-22679
    Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows rem ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:17 | 回复:0
  • CVE-2021-43929
    CVE-2021-43929
    Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-4221 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:17 | 回复:0
  • CVE-2021-43928
    CVE-2021-43928
    Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in mail sending and receiving component in Synology Mail Station before 20211105-10315 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2021-43927
    CVE-2021-43927
    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:17 | 回复:0
  • CVE-2021-43926
    CVE-2021-43926
    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 al ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:16 | 回复:0
  • CVE-2021-43925
    CVE-2021-43925
    Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 al ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:18 | 回复:0
  • CVE-2022-22680
    CVE-2022-22680
    Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive informatio ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:17 | 回复:0
  • CVE-2022-22833
    CVE-2022-22833
    An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:15 | 回复:0
  • CVE-2022-24552
    CVE-2022-24552
    StarWind SAN and NAS before 0.2 build 1685 allows remote code execution via a virtual disk management command.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:15 | 回复:0
  • CVE-2022-24551
    CVE-2022-24551
    StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users' passwords.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:14 | 回复:0
  • CVE-2022-22832
    CVE-2022-22832
    An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:14 | 回复:0
  • CVE-2022-22831
    CVE-2022-22831
    An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:13 | 回复:0
  • CVE-2021-41816
    CVE-2021-41816
    CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different nu ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:12 | 回复:0
  • CVE-2021-39280
    CVE-2021-39280
    Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:10 | 回复:0
  • CVE-2013-20004
    CVE-2013-20004
    StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:8 | 回复:0
  • CVE-2007-20001
    CVE-2007-20001
    StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustion.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:8 | 回复:0
  • CVE-2022-23206
    CVE-2022-23206
    In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port o ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:8 | 回复:0
  • CVE-2022-0502
    CVE-2022-0502
    Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:7 | 回复:0
  • CVE-2021-38172
    CVE-2021-38172
    perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:7 | 回复:0
  • CVE-2022-0501
    CVE-2022-0501
    Cross-site Scripting (XSS) - Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:7 | 回复:0
  • CVE-2022-0437
    CVE-2022-0437
    Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:7 | 回复:0
  • CVE-2022-24115
    CVE-2022-24115
    Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:6 | 回复:0
  • CVE-2022-24114
    CVE-2022-24114
    Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (mac ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:27 | 阅读:6 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap