漏洞 - 第541页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-24697

The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them back ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24695

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to downl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24693

The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the File Thumbnail post meta before outputting it in some pages, which could allow users with a role as low as Contributor to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-24674

The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-24669

The MAZ Loader â€“ Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contribut ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-24664

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Sto ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：3 | 回复：0
CVE漏洞

CVE-2021-24647

The Registration Forms â€“ User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-24646

The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks eve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-24645

The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Scr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-24631

The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authenticat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-24630

The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authenti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-24629

The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated SQ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-24628

The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an au ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-24627

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-24626

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-24625

The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leadi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-24616

The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-24607

The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the Footer Credit Text added to pages, allowing high privilege users to perform Cross-Site Scripting attacks even ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-24594

The Translate WordPress â€“ Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privileg ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-24575

The School Management System â€“ WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injecti ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-24537

The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFILT ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-29843

IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-29735

IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-4160

IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-4153

IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：6 | 回复：0
CVE漏洞

CVE-2020-4152

IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force I ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-42770

A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-41733

Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-39182

EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-28024

Unauthorized system access in the login form in ServiceTonic Helpdesk software version 9.0.35937 allows attacker to login without using a password.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-28023

Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative path ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-25979

Apostrophe CMS versions between 2.63.0 to 3.3.1 affected by an insufficient session expiration vulnerability, which allows unauthenticated remote attackers to hijack recently logged-in users' sess ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-37850

ESET was made aware of a vulnerability in its consumer and business products for macOS that enables a user logged on to the system to stop the ESET daemon, effectively disabling the protection of the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-32483

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-30132

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-22051

Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-32482

Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-32481

Cloudera Hue 4.6.0 allows XSS via the type parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-29994

Cloudera Hue 4.6.0 allows XSS.……

作者：菜鸟教程小白 | 时间：2022-2-5 12:31 | 阅读：20 | 回复：0