• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-25092
    CVE-2021-25092
    The Link Library WordPress plugin before 7.2.8 does not have CSRF check when resetting library settings, allowing attackers to make a logged in admin reset arbitrary settings via a CSRF attack……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:26 | 回复:0
  • CVE-2021-25091
    CVE-2021-25091
    The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:28 | 回复:0
  • CVE-2021-25089
    CVE-2021-25089
    The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.69 does not sanitise and escape the updraft_restore parameter before outputting it back in the Restore page, leading to a Reflected ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:31 | 回复:0
  • CVE-2021-25085
    CVE-2021-25085
    The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:31 | 回复:0
  • CVE-2021-25072
    CVE-2021-25072
    The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF check in place when deleting items, allowing attacker to make a logged in admin delete arbitrary posts vi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:37 | 回复:0
  • CVE-2021-25063
    CVE-2021-25063
    The Skins for Contact Form 7 WordPress plugin before 2.5.1 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:47 | 回复:0
  • CVE-2021-24983
    CVE-2021-24983
    The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and escape POSted parameters sent to the wpassetcleanup_fetch_active_plugins_icons AJAX action (available to adm ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:49 | 回复:0
  • CVE-2021-24975
    CVE-2021-24975
    The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and escape logged requests before outputting them in the related admin dashboard, leading to an Unauthenti ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:64 | 回复:0
  • CVE-2021-24944
    CVE-2021-24944
    The Custom Dashboard Login Page WordPress plugin before 7.0 does not sanitise some of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:84 | 回复:0
  • CVE-2021-24937
    CVE-2021-24937
    The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the wpacu_selected_sub_tab_area parameter before outputting it back in an attribute in an admin page, leading to a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:104 | 回复:0
  • CVE-2021-24934
    CVE-2021-24934
    The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the wyp_page_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripti ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:285 | 回复:0
  • CVE-2021-24926
    CVE-2021-24926
    The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:124 | 回复:0
  • CVE-2021-24919
    CVE-2021-24919
    The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:93 | 回复:0
  • CVE-2021-24900
    CVE-2021-24900
    The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfil ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:59 | 回复:0
  • CVE-2021-24868
    CVE-2021-24868
    The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:56 | 回复:0
  • CVE-2021-24814
    CVE-2021-24814
    The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an application/j ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:42 | 回复:0
  • CVE-2021-24775
    CVE-2021-24775
    The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:40 | 回复:0
  • CVE-2021-24765
    CVE-2021-24765
    The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:50 | 回复:0
  • CVE-2021-24764
    CVE-2021-24764
    The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters of single_statistics page, type and message of importexport page) before outputting th ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:42 | 回复:0
  • CVE-2021-24763
    CVE-2021-24763
    The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify se ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:41 | 回复:0
  • CVE-2021-24762
    CVE-2021-24762
    The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:35 | 回复:0
  • CVE-2021-24761
    CVE-2021-24761
    The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in ad ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:35 | 回复:0
  • CVE-2021-24707
    CVE-2021-24707
    The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks even ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:31 | 回复:0
  • CVE-2021-24686
    CVE-2021-24686
    The SVG Support WordPress plugin before 2.3.20 does not escape the CSS Class to target setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Script ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:31 | 回复:0
  • CVE-2021-24648
    CVE-2021-24648
    The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:34 | 回复:0
  • CVE-2022-23597
    CVE-2022-23597
    Element Desktop is a Matrix client for desktop platforms with Element Web at its core. Element Desktop before 1.9.7 is vulnerable to a remote program execution bug with user interaction. The exploit i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:30 | 回复:0
  • CVE-2022-23596
    CVE-2022-23596
    Junrar is an open source java RAR archive library. In affected versions A carefully crafted RAR archive can trigger an infinite loop while extracting said archive. The impact depends solely on how the ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:33 | 回复:0
  • CVE-2022-21687
    CVE-2022-21687
    gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or tri ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:32 | 回复:0
  • CVE-2021-43859
    CVE-2021-43859
    XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:42 | 回复:0
  • CVE-2021-41040
    CVE-2021-41040
    In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not properly sanitize network-received data.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:41 | 回复:0
  • CVE-2022-23607
    CVE-2022-23607
    treq is an HTTP library inspired by requests but written on top of Twisted's Agents. Treq's request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cook ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:50 | 回复:0
  • CVE-2022-23603
    CVE-2022-23603
    iTunesRPC-Remastered is a discord rich presence application for use with iTunes Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:67 | 回复:0
  • CVE-2022-23602
    CVE-2022-23602
    Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:109 | 回复:0
  • CVE-2022-0419
    CVE-2022-0419
    NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:60 | 回复:0
  • CVE-2020-8562
    CVE-2020-8562
    As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Servic ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:94 | 回复:0
  • CVE-2022-23774
    CVE-2022-23774
    Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:73 | 回复:0
  • CVE-2021-3534
    CVE-2021-3534
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-34981. Reason: This candidate is a reservation duplicate of CVE-2021-34981. Notes: All CVE users should reference CVE-2021-34981 ins ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 08:26 | 阅读:112 | 回复:0
  • CVE-2021-46669
    CVE-2021-46669
    MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:53 | 阅读:283 | 回复:0
  • CVE-2021-46668
    CVE-2021-46668
    MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:53 | 阅读:269 | 回复:0
  • CVE-2021-46667
    CVE-2021-46667
    MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.……
    作者:菜鸟教程小白 | 时间:2022-6-23 07:53 | 阅读:266 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap