• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-39070
    CVE-2021-39070
    IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Forc ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:9 | 回复:0
  • CVE-2021-39066
    CVE-2021-39066
    IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:9 | 回复:0
  • CVE-2021-39044
    CVE-2021-39044
    IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:10 | 回复:0
  • CVE-2021-36193
    CVE-2021-36193
    Multiple stack-based buffer overflows in the command line interpreter of FortiWeb before 6.4.2 may allow an authenticated attacker to achieve arbitrary code execution via specially crafted commands.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:10 | 回复:0
  • CVE-2021-24043
    CVE-2021-24043
    A missing bound check in RTCP flag parsing code prior to WhatsApp for Android v2.21.23.2, WhatsApp Business for Android v2.21.23.2, WhatsApp for iOS v2.21.230.6, WhatsApp Business for iOS 2.21.230.7, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:9 | 回复:0
  • CVE-2020-26208
    CVE-2020-26208
    JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:10 | 回复:0
  • CVE-2021-43073
    CVE-2021-43073
    A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below all ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:9 | 回复:0
  • CVE-2021-43062
    CVE-2021-43062
    A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:9 | 回复:0
  • CVE-2021-42753
    CVE-2021-42753
    An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.x, 6.1.x, 6.0.x, 5.9.x ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:12 | 回复:0
  • CVE-2021-41016
    CVE-2021-41016
    A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiExtender version 7.0.1 and below, 4.2.3 and below, 4.1.7 and below allows an authenticate ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:15 | 回复:0
  • CVE-2021-36177
    CVE-2021-36177
    An improper access control vulnerability in FortiAuthenticator HA service 6.3.2 and below, 6.2.x, 6.1.x, 6.0.x may allow an attacker on the same vlan as the HA management interface to make an unauthe ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:15 | 回复:0
  • CVE-2022-24301
    CVE-2022-24301
    In Minetest before 5.4.0, players can add or subtract items from a different player's inventory.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:14 | 回复:0
  • CVE-2022-24300
    CVE-2022-24300
    Minetest before 5.4.0 allows attackers to add or modify arbitrary meta fields of the same item stack as saved user input, aka ItemStack meta injection.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:14 | 回复:0
  • CVE-2021-42638
    CVE-2021-42638
    PrinterLogic Web Stack versions 19.1.1.13 SP9 and below do not sanitize user input resulting in pre-auth remote code execution.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:14 | 回复:0
  • CVE-2022-24198
    CVE-2022-24198
    iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:14 | 回复:0
  • CVE-2022-24197
    CVE-2022-24197
    iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:15 | 回复:0
  • CVE-2022-24196
    CVE-2022-24196
    iText v7.1.17 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:15 | 回复:0
  • CVE-2022-24223
    CVE-2022-24223
    AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:15 | 回复:0
  • CVE-2022-24222
    CVE-2022-24222
    eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_user.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:17 | 回复:0
  • CVE-2022-24221
    CVE-2022-24221
    eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/functions/functions.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:17 | 回复:0
  • CVE-2022-24220
    CVE-2022-24220
    eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_post.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:17 | 回复:0
  • CVE-2022-24219
    CVE-2022-24219
    eliteCMS v1.0 was discovered to contain a SQL injection vulnerability via /admin/edit_page.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:17 | 回复:0
  • CVE-2022-24218
    CVE-2022-24218
    An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:19 | 回复:0
  • CVE-2021-46093
    CVE-2021-46093
    eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:30 | 回复:0
  • CVE-2021-38560
    CVE-2021-38560
    Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:22 | 回复:0
  • CVE-2021-44746
    CVE-2021-44746
    UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:21 | 回复:0
  • CVE-2021-44451
    CVE-2021-44451
    Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. Users should upgra ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:17 | 回复:0
  • CVE-2021-43510
    CVE-2021-43510
    SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:16 | 回复:0
  • CVE-2021-43509
    CVE-2021-43509
    SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the id parameter in view-service.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:17 | 回复:0
  • CVE-2022-23601
    CVE-2022-23601
    Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony form component provides a CSRF protection mechanism by using a random token injected in th ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:20 | 回复:0
  • CVE-2022-0417
    CVE-2022-0417
    Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:19 | 回复:0
  • CVE-2022-0401
    CVE-2022-0401
    Path Traversal in NPM w-zip prior to 1.0.12.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:20 | 回复:0
  • CVE-2022-0320
    CVE-2022-0320
    The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise some template data before it them in include statements, which could allow unauthenticated attackers to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:19 | 回复:0
  • CVE-2022-0220
    CVE-2022-0220
    The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an application/j ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:18 | 回复:0
  • CVE-2021-46253
    CVE-2021-46253
    A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:21 | 回复:0
  • CVE-2021-45416
    CVE-2021-45416
    Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:20 | 回复:0
  • CVE-2021-43848
    CVE-2021-43848
    h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:20 | 回复:0
  • CVE-2021-41571
    CVE-2021-41571
    In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a top ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:23 | 回复:0
  • CVE-2021-25097
    CVE-2021-25097
    The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrar ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:28 | 回复:0
  • CVE-2021-25093
    CVE-2021-25093
    The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:27 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap