• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-24883
    CVE漏洞
    CVE-2021-24883
    The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site Scriptin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:17 | 回复:0
  • CVE-2021-24876
    CVE漏洞
    CVE-2021-24876
    The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:17 | 回复:0
  • CVE-2021-24860
    CVE漏洞
    CVE-2021-24860
    The BSK PDF Manager WordPress plugin before 3.1.2 does not validate and escape the orderby and order parameters before using them in a SQL statement, leading to a SQL injection issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:52 | 回复:0
  • CVE-2021-24842
    CVE漏洞
    CVE-2021-24842
    The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the poste ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:28 | 回复:0
  • CVE-2021-24822
    CVE漏洞
    CVE-2021-24822
    The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any authenti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:23 | 回复:0
  • CVE-2021-24811
    CVE漏洞
    CVE-2021-24811
    The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_h ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:19 | 回复:0
  • CVE-2021-24768
    CVE漏洞
    CVE-2021-24768
    The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:13 | 回复:0
  • CVE-2021-24755
    CVE漏洞
    CVE-2021-24755
    The myCred WordPress plugin before 2.3 does not validate or escape the fields parameter before using it in a SQL statement, leading to an SQL injection exploitable by any authenticated user……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:17 | 回复:0
  • CVE-2021-24751
    CVE漏洞
    CVE-2021-24751
    The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform Cros ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:19 | 回复:0
  • CVE-2021-24749
    CVE漏洞
    CVE-2021-24749
    The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and gro ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:9 | 回复:0
  • CVE-2021-24748
    CVE漏洞
    CVE-2021-24748
    The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:24 | 回复:0
  • CVE-2021-24745
    CVE漏洞
    CVE-2021-24745
    The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as cont ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:22 | 回复:0
  • CVE-2017-20008
    CVE漏洞
    CVE-2017-20008
    The myCred WordPress plugin before 1.7.8 does not sanitise and escape the user parameter before outputting it back in the Points Log admin dashboard, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:16 | 回复:0
  • CVE-2021-38283
    CVE漏洞
    CVE-2021-38283
    Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:21 | 回复:0
  • CVE-2021-38147
    CVE漏洞
    CVE-2021-38147
    Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for A ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:19 | 回复:0
  • CVE-2019-8922
    CVE漏洞
    CVE-2019-8922
    A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:6 | 回复:0
  • CVE-2019-8921
    CVE漏洞
    CVE-2019-8921
    An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:28 | 回复:0
  • CVE-2021-21707
    CVE漏洞
    CVE-2021-21707
    In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename conta ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:65 | 回复:0
  • CVE-2021-44077
    CVE漏洞
    CVE-2021-44077
    Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /Res ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:40 | 回复:0
  • CVE-2021-32061
    CVE漏洞
    CVE-2021-32061
    S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a Key../ substring in a ListBucketResult element.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:12 | 回复:0
  • CVE-2021-44094
    CVE漏洞
    CVE-2021-44094
    ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:10 | 回复:0
  • CVE-2021-44093
    CVE漏洞
    CVE-2021-44093
    A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:13 | 回复:0
  • CVE-2021-4020
    CVE漏洞
    CVE-2021-4020
    janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:11 | 回复:0
  • CVE-2021-23654
    CVE漏洞
    CVE-2021-23654
    This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:21 | 回复:0
  • CVE-2021-43785
    CVE漏洞
    CVE-2021-43785
    @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these case ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:26 | 回复:0
  • CVE-2021-43776
    CVE漏洞
    CVE-2021-43776
    Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:26 | 回复:0
  • CVE-2021-41279
    CVE漏洞
    CVE-2021-41279
    BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:37 | 回复:0
  • CVE-2021-41243
    CVE漏洞
    CVE-2021-41243
    There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:7 | 回复:0
  • CVE-2021-40833
    CVE漏洞
    CVE-2021-40833
    A vulnerability affecting F-Secure antivirus engine was discovered whereby unpacking UPX file can lead to denial-of-service. The vulnerability can be exploited remotely by an attacker. A successful at ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:9 | 回复:0
  • CVE-2021-36919
    CVE漏洞
    CVE-2021-36919
    Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions = 6.0.6), vulnerable parameters (id, assignee).……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:11 | 回复:0
  • CVE-2021-36843
    CVE漏洞
    CVE-2021-36843
    Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions = 4.3.5) Social Media Configuration form. Requires high role user like ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:13 | 回复:0
  • CVE-2021-35533
    CVE漏洞
    CVE-2021-35533
    Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the r ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:14 | 回复:0
  • CVE-2021-26615
    CVE漏洞
    CVE-2021-26615
    ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer overflow.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:16 | 回复:0
  • CVE-2021-26611
    CVE漏洞
    CVE-2021-26611
    HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..)……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:37 | 回复:0
  • CVE-2020-7881
    CVE漏洞
    CVE-2020-7881
    The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code executio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:32 | 回复:0
  • CVE-2021-36807
    CVE漏洞
    CVE-2021-36807
    An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:38 | 回复:0
  • CVE-2021-25269
    CVE漏洞
    CVE-2021-25269
    A local administrator could prevent the HMPA service from starting despite tamper protection using an unquoted service path vulnerability in the HMPA component of Sophos Intercept X Advanced and Sopho ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:8 | 回复:0
  • CVE-2021-38686
    CVE漏洞
    CVE-2021-38686
    An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:23 | 回复:0
  • CVE-2021-38685
    CVE漏洞
    CVE-2021-38685
    A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulne ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:15 | 回复:0
  • CVE-2021-44225
    CVE漏洞
    CVE-2021-44225
    In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:39 | 阅读:46 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap