• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2022-27929
    CVE漏洞
    CVE-2022-27929
    Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:1624 | 回复:0
  • CVE-2022-27928
    CVE漏洞
    CVE-2022-27928
    Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:1837 | 回复:0
  • CVE-2022-26657
    CVE漏洞
    CVE-2022-26657
    Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:1684 | 回复:0
  • CVE-2022-26656
    CVE漏洞
    CVE-2022-26656
    Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:1487 | 回复:0
  • CVE-2022-26655
    CVE漏洞
    CVE-2022-26655
    Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:2245 | 回复:0
  • CVE-2022-26654
    CVE漏洞
    CVE-2022-26654
    Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:1823 | 回复:0
  • CVE-2022-25357
    CVE漏洞
    CVE-2022-25357
    Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:1504 | 回复:0
  • CVE-2022-31260
    CVE漏洞
    CVE-2022-31260
    In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:472 | 回复:0
  • CVE-2022-30550
    CVE漏洞
    CVE-2022-30550
    An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and me ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:515 | 回复:0
  • CVE-2022-35861
    CVE漏洞
    CVE-2022-35861
    pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execut ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:529 | 回复:0
  • CVE-2022-32320
    CVE漏洞
    CVE-2022-32320
    A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:810 | 回复:0
  • CVE-2022-2222
    CVE漏洞
    CVE-2022-2222
    The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:495 | 回复:0
  • CVE-2022-2194
    CVE漏洞
    CVE-2022-2194
    The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even wh ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:512 | 回复:0
  • CVE-2022-2187
    CVE漏洞
    CVE-2022-2187
    The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:895 | 回复:0
  • CVE-2022-2186
    CVE漏洞
    CVE-2022-2186
    The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilte ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:511 | 回复:0
  • CVE-2022-2173
    CVE漏洞
    CVE-2022-2173
    The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross- ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:735 | 回复:0
  • CVE-2022-2169
    CVE漏洞
    CVE-2022-2169
    The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfi ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:826 | 回复:0
  • CVE-2022-2168
    CVE漏洞
    CVE-2022-2168
    The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:480 | 回复:0
  • CVE-2022-2151
    CVE漏洞
    CVE-2022-2151
    The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:497 | 回复:0
  • CVE-2022-2149
    CVE漏洞
    CVE-2022-2149
    The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unf ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:893 | 回复:0
  • CVE-2022-2148
    CVE漏洞
    CVE-2022-2148
    The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:743 | 回复:0
  • CVE-2022-2146
    CVE漏洞
    CVE-2022-2146
    The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resu ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:881 | 回复:0
  • CVE-2022-2144
    CVE漏洞
    CVE-2022-2144
    The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog opt ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:1020 | 回复:0
  • CVE-2022-2133
    CVE漏洞
    CVE-2022-2133
    The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a u ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:632 | 回复:0
  • CVE-2022-2118
    CVE漏洞
    CVE-2022-2118
    The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capabi ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:602 | 回复:0
  • CVE-2022-2114
    CVE漏洞
    CVE-2022-2114
    The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored C ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:664 | 回复:0
  • CVE-2022-2100
    CVE漏洞
    CVE-2022-2100
    The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:564 | 回复:0
  • CVE-2022-2099
    CVE漏洞
    CVE-2022-2099
    The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:720 | 回复:0
  • CVE-2022-2090
    CVE漏洞
    CVE-2022-2090
    The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cros ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:789 | 回复:0
  • CVE-2022-1933
    CVE漏洞
    CVE-2022-1933
    The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:643 | 回复:0
  • CVE-2022-1672
    CVE漏洞
    CVE-2022-1672
    The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in adm ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:942 | 回复:0
  • CVE-2021-24655
    CVE漏洞
    CVE-2021-24655
    The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. As a result, any authenticated user can reset the passwor ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:710 | 回复:0
  • CVE-2020-7641
    CVE漏洞
    CVE-2020-7641
    This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:687 | 回复:0
  • CVE-2015-10003
    CVE漏洞
    CVE-2015-10003
    A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended inter ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:698 | 回复:0
  • CVE-2022-36126
    CVE漏洞
    CVE-2022-36126
    An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. The ScriptInvoke function allows remote attackers to execute arbitrary code by supplying a Python script.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:963 | 回复:0
  • CVE-2021-36711
    CVE漏洞
    CVE-2021-36711
    WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:730 | 回复:0
  • CVE-2021-34538
    CVE漏洞
    CVE-2021-34538
    Apache Hive before 3.1.3 CREATE and DROP function operations does not check for necessary authorization of involved entities in the query. It was found that an unauthorized user can manipulate an exis ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:826 | 回复:0
  • CVE-2017-20138
    CVE漏洞
    CVE-2017-20138
    A vulnerability was found in Itech Auction Script 6.49. It has been classified as critical. This affects an unknown part of the file /mcategory.php. The manipulation of the argument mcid with the inpu ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:499 | 回复:0
  • CVE-2017-20137
    CVE漏洞
    CVE-2017-20137
    A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with t ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:506 | 回复:0
  • CVE-2017-20136
    CVE漏洞
    CVE-2017-20136
    A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input = ...……
    作者:菜鸟教程小白 | 时间:2022-7-29 17:16 | 阅读:598 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap