• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-4044
    CVE漏洞
    CVE-2021-4044
    Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:36 | 回复:0
  • CVE-2021-45046
    CVE漏洞
    CVE-2021-45046
    It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:18 | 回复:0
  • CVE-2021-43820
    CVE漏洞
    CVE-2021-43820
    Seafile is an open source cloud storage system. A sync token is used in Seafile file syncing protocol to authorize access to library data. To improve performance, the token is cached in memory in seaf ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:57 | 回复:0
  • CVE-2021-40883
    CVE漏洞
    CVE-2021-40883
    A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:23 | 回复:0
  • CVE-2018-10228
    CVE漏洞
    CVE-2018-10228
    Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp paramet ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:10 | 回复:0
  • CVE-2021-44043
    CVE漏洞
    CVE-2021-44043
    An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with m ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:9 | 回复:0
  • CVE-2021-44042
    CVE漏洞
    CVE-2021-44042
    An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in atta ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:22 | 回复:0
  • CVE-2021-44041
    CVE漏洞
    CVE-2021-44041
    UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:32 | 回复:0
  • CVE-2021-43807
    CVE漏洞
    CVE-2021-43807
    Opencast is an Open Source Lecture Capture Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. Th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:18 | 回复:0
  • CVE-2021-43388
    CVE漏洞
    CVE-2021-43388
    Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in the m ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:19 | 回复:0
  • CVE-2021-40882
    CVE漏洞
    CVE-2021-40882
    A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:20 | 回复:0
  • CVE-2021-38950
    CVE漏洞
    CVE-2021-38950
    IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:14 | 回复:0
  • CVE-2021-4073
    CVE漏洞
    CVE-2021-4073
    The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as any site user, including administrators, if they knew a valid username on the site due to missing identit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:19 | 回复:0
  • CVE-2021-44549
    CVE漏洞
    CVE-2021-44549
    Apache Sling Commons Messaging Mail provides a simple layer on top of JavaMail/Jakarta Mail for OSGi to send mails via SMTPS. To reduce the risk of man in the middle attacks additional server identity ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:22 | 回复:0
  • CVE-2021-44235
    CVE漏洞
    CVE-2021-44235
    Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an attacker with high privileges and has direct acce ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:16 | 回复:0
  • CVE-2021-44233
    CVE漏洞
    CVE-2021-44233
    SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:29 | 回复:0
  • CVE-2021-44232
    CVE漏洞
    CVE-2021-44232
    SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:24 | 回复:0
  • CVE-2021-44231
    CVE漏洞
    CVE-2021-44231
    Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:24 | 回复:0
  • CVE-2021-42367
    CVE漏洞
    CVE-2021-42367
    The Variation Swatches for WooCommerce WordPress plugin is vulnerable to Stored Cross-Site Scripting via several parameters found in the ~/includes/class-menu-page.php file which allows attackers to i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:41 | 回复:0
  • CVE-2021-42070
    CVE漏洞
    CVE-2021-42070
    When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavaila ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:21 | 回复:0
  • CVE-2021-42069
    CVE漏洞
    CVE-2021-42069
    When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily una ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:20 | 回复:0
  • CVE-2021-42068
    CVE漏洞
    CVE-2021-42068
    When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the use ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:18 | 回复:0
  • CVE-2021-42066
    CVE漏洞
    CVE-2021-42066
    SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:22 | 回复:0
  • CVE-2021-42064
    CVE漏洞
    CVE-2021-42064
    If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized in clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:37 | 回复:0
  • CVE-2021-42063
    CVE漏洞
    CVE-2021-42063
    A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:48 | 回复:0
  • CVE-2021-42061
    CVE漏洞
    CVE-2021-42061
    SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This al ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:27 | 回复:0
  • CVE-2021-41836
    CVE漏洞
    CVE-2021-41836
    The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php file ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:22 | 回复:0
  • CVE-2021-41067
    CVE漏洞
    CVE-2021-41067
    An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:22 | 回复:0
  • CVE-2021-41066
    CVE漏洞
    CVE-2021-41066
    An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:22 | 回复:0
  • CVE-2021-41065
    CVE漏洞
    CVE-2021-41065
    An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listar ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:20 | 回复:0
  • CVE-2021-3836
    CVE漏洞
    CVE-2021-3836
    dbeaver is vulnerable to Improper Restriction of XML External Entity Reference……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:28 | 回复:0
  • CVE-2021-39319
    CVE漏洞
    CVE-2021-39319
    The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:17 | 回复:0
  • CVE-2021-39318
    CVE漏洞
    CVE-2021-39318
    The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:34 | 回复:0
  • CVE-2021-39315
    CVE漏洞
    CVE-2021-39315
    The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web script ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:21 | 回复:0
  • CVE-2021-39314
    CVE漏洞
    CVE-2021-39314
    The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrar ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:24 | 回复:0
  • CVE-2021-39313
    CVE漏洞
    CVE-2021-39313
    The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:24 | 回复:0
  • CVE-2021-39312
    CVE漏洞
    CVE-2021-39312
    The True Ranker plugin = 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/dat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:31 | 回复:0
  • CVE-2021-39311
    CVE漏洞
    CVE-2021-39311
    The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:19 | 回复:0
  • CVE-2021-39310
    CVE漏洞
    CVE-2021-39310
    The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in v ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:18 | 回复:0
  • CVE-2021-39309
    CVE漏洞
    CVE-2021-39309
    The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the ~/vendor/dpsoft/parsian ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:37 | 阅读:22 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap