漏洞 - 第540页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-34599

Affected versions of CODESYS Git in Versions prior to V1.1.0.0 lack certificate validation in HTTPS handshakes. CODESYS Git does not implement certificate validation by default, so it does not verify ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:32 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-31883

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-31882

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-31881

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-31346

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-31345

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-31344

A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-10054

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions V2.12). The affected application does not properly handle the import of large configuration files. A local attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-10053

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：5 | 回复：0
CVE漏洞

CVE-2020-10052

A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-41253

Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the string functions provided in `zycore` in order to append untrusted user data to the formatter buffer ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-40261

Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) first ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-40260

Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) ed ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-23572

BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-41170

neoan3-apps/template is a neoan3 minimal template engine. Versions prior to 1.1.1 have allowed for passing in closures directly into the template engine. As a result values that are callable are execu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-39420

Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-40577

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-24844

The Affiliates Manager WordPress plugin before 2.8.7 does not validate the orderby parameter before using it in an SQL statement in the admin dashboard, leading to an SQL Injection issue……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-24840

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the query_vars used to retrieve the posts to display in one of its REST endpoint, without any validation. As a re ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-24835

The WCFM â€“ Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivend ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-24832

The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-24829

The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-24827

The Asgaros Forum WordPress plugin before 1.15.13 does not validate and escape user input when subscribing to a topic before using it in a SQL statement, leading to an unauthenticated SQL injection is ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-24816

The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenix_media_rename AJAX action, which could allow users with Author roles to rename any uploaded media f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-24807

The Support Board WordPress plugin before 3.3.5 allows Authenticated (Agent+) users to perform Cross-Site Scripting attacks by placing a payload in the notes field, when an administrator or any authen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-24806

The wpDiscuz WordPress plugin before 7.3.4 does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary co ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-24801

The WP Survey Plus WordPress plugin through 1.0 does not have any authorisation and CSRF checks in place in its AJAX actions, allowing any user to call them and add/edit/delete Surveys. Furthermore, d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-24798

The WP Header Images WordPress plugin before 2.0.1 does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-24791

The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the orderby and order request parameters before using them in a SQL statement when viewing the Snippets admin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-24788

The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subsc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-24783

The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-24767

The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-24766

The 404 to 301 â€“ Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin d ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-24731

The Registration Forms â€“ User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-24721

The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated translator users bein ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-24710

The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attacks ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-24708

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-24706

The Qwizcards â€“ online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scriptin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-24701

The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perform ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-24698

The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the down ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：11 | 回复：0