• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-42117
    CVE漏洞
    CVE-2021-42117
    Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an authenticated remote attacker with Object Modification privi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:11 | 回复:0
  • CVE-2021-42116
    CVE漏洞
    CVE-2021-42116
    Incorrect Access Control in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an authenticated remote attacker to view the Shape Editor and ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:27 | 回复:0
  • CVE-2021-42115
    CVE漏洞
    CVE-2021-42115
    Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 allows an unauthenticated remote attacker to escalate privileges from un ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:18 | 回复:0
  • CVE-2021-3769
    CVE漏洞
    CVE-2021-3769
    # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:29 | 回复:0
  • CVE-2021-3727
    CVE漏洞
    CVE-2021-3727
    # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:35 | 回复:0
  • CVE-2021-3726
    CVE漏洞
    CVE-2021-3726
    # Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:34 | 回复:0
  • CVE-2021-3725
    CVE漏洞
    CVE-2021-3725
    Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:25 | 回复:0
  • CVE-2021-43790
    CVE漏洞
    CVE-2021-43790
    Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance objec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:25 | 回复:0
  • CVE-2021-44429
    CVE漏洞
    CVE-2021-44429
    Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:43 | 回复:0
  • CVE-2021-44428
    CVE漏洞
    CVE-2021-44428
    Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:26 | 回复:0
  • CVE-2021-44427
    CVE漏洞
    CVE-2021-44427
    An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDAT ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:39 | 回复:0
  • CVE-2021-43788
    CVE漏洞
    CVE-2021-43788
    Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:35 | 回复:0
  • CVE-2021-43787
    CVE漏洞
    CVE-2021-43787
    Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascrip ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:23 | 回复:0
  • CVE-2021-43786
    CVE漏洞
    CVE-2021-43786
    Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerabi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:31 | 回复:0
  • CVE-2021-43783
    CVE漏洞
    CVE-2021-43783
    @backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:18 | 回复:0
  • CVE-2021-34800
    CVE漏洞
    CVE-2021-34800
    Sensitive information could be logged. The following products are affected: Acronis Agent (Windows, Linux, macOS) before build 27147……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:18 | 回复:0
  • CVE-2021-44203
    CVE漏洞
    CVE-2021-44203
    Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:16 | 回复:0
  • CVE-2021-44202
    CVE漏洞
    CVE-2021-44202
    Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:18 | 回复:0
  • CVE-2021-44201
    CVE漏洞
    CVE-2021-44201
    Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:25 | 回复:0
  • CVE-2021-44200
    CVE漏洞
    CVE-2021-44200
    Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:27 | 回复:0
  • CVE-2021-44199
    CVE漏洞
    CVE-2021-44199
    DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Pro ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:18 | 回复:0
  • CVE-2021-44198
    CVE漏洞
    CVE-2021-44198
    DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:14 | 回复:0
  • CVE-2021-42365
    CVE漏洞
    CVE-2021-42365
    The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which al ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:25 | 回复:0
  • CVE-2021-42364
    CVE漏洞
    CVE-2021-42364
    The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:24 | 回复:0
  • CVE-2021-42358
    CVE漏洞
    CVE-2021-42358
    The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it pos ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:35 | 回复:0
  • CVE-2021-43691
    CVE漏洞
    CVE-2021-43691
    tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER then there is a path manipulation vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:25 | 回复:0
  • CVE-2021-3802
    CVE漏洞
    CVE-2021-3802
    A vulnerability found in udisks2. This flaw allows an attacker to input a specially crafted image file/USB leading to kernel panic. The highest threat from this vulnerability is to system availability ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:21 | 回复:0
  • CVE-2021-39995
    CVE漏洞
    CVE-2021-39995
    Some Huawei products use the OpenHpi software for hardware management. A function that parses data returned by OpenHpi contains an out-of-bounds read vulnerability that could lead to a denial of servi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:20 | 回复:0
  • CVE-2021-43693
    CVE漏洞
    CVE-2021-43693
    vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:33 | 回复:0
  • CVE-2021-43692
    CVE漏洞
    CVE-2021-43692
    youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:23 | 回复:0
  • CVE-2021-43695
    CVE漏洞
    CVE-2021-43695
    issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The m ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:17 | 回复:0
  • CVE-2021-43697
    CVE漏洞
    CVE-2021-43697
    Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the m ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:34 | 回复:0
  • CVE-2021-43696
    CVE漏洞
    CVE-2021-43696
    twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $ ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:19 | 回复:0
  • CVE-2021-43698
    CVE漏洞
    CVE-2021-43698
    phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The me ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:24 | 回复:0
  • CVE-2021-24927
    CVE漏洞
    CVE-2021-24927
    The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:17 | 回复:0
  • CVE-2021-24918
    CVE漏洞
    CVE-2021-24918
    The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:28 | 回复:0
  • CVE-2021-24915
    CVE漏洞
    CVE-2021-24915
    The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:19 | 回复:0
  • CVE-2021-24908
    CVE漏洞
    CVE-2021-24908
    The Check Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:28 | 回复:0
  • CVE-2021-24899
    CVE漏洞
    CVE-2021-24899
    The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the un ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:31 | 回复:0
  • CVE-2021-24889
    CVE漏洞
    CVE-2021-24889
    The Ninja Forms Contact Form WordPress plugin before 3.6.4 does not escape keys of the fields POST parameter, which could allow high privilege users to perform SQL injections attacks……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:22 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap