漏洞 - 第534页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-43795

Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE漏洞

CVE-2015-20106

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：15 | 回复：0
CVE漏洞

CVE-2015-20105

The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-44518

An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. Th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-3944

bookstack is vulnerable to Cross-Site Request Forgery (CSRF)……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-23264

Installations, where crafter-search is not protected, allow unauthenticated remote attackers to create, view, and delete search indexes.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-23263

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-23262

Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-23261

Authenticated administrators may override the system configuration file and cause a denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-23260

Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-23259

Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, whi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-23258

Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-43679

ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-43682

thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-43686

nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-43683

pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-43681

SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-26777

Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-27414

Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-44227

In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-43791

Zulip is an open source group chat application that combines real-time chat with threaded conversations. In affected versions expiration dates on the confirmation objects associated with email invitat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-42711

Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：9 | 回复：0
CVE漏洞

CVE-2020-35037

The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：4 | 回复：0
CVE漏洞

CVE-2020-35012

The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to an SQL Injection……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-33274

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulner ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-33271

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulner ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-33270

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-33269

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-33268

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerabil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-33267

D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulne ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:33 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-23878

pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-23877

pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：7 | 回复：0
CVE漏洞

CVE-2020-23876

pdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：31 | 回复：0
CVE漏洞

CVE-2020-23874

pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-23873

pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-23872

A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-42111

An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-3572

A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-32023

An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-32022

A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：6 | 回复：0