• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-3765
    CVE漏洞
    CVE-2021-3765
    validator.js is vulnerable to Inefficient Regular Expression Complexity……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:65 | 回复:0
  • CVE-2021-33593
    CVE漏洞
    CVE-2021-33593
    Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:52 | 回复:0
  • CVE-2021-25973
    CVE漏洞
    CVE-2021-25973
    In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. “guest” role users can self-register even when the admin does not allow. This happens due to front-end restriction only.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:64 | 回复:0
  • CVE-2021-41310
    CVE漏洞
    CVE-2021-41310
    Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Proj ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:47 | 回复:0
  • CVE-2021-43058
    CVE漏洞
    CVE-2021-43058
    An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially craf ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:56 | 回复:0
  • CVE-2021-41187
    CVE漏洞
    CVE-2021-41187
    DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnera ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:55 | 回复:0
  • CVE-2021-39346
    CVE漏洞
    CVE-2021-39346
    The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/vie ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:57 | 回复:0
  • CVE-2021-39341
    CVE漏洞
    CVE-2021-39341
    The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and unauthorized setting updates due to insufficient authorization validation via the logged_in_or_has_api_key funct ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:63 | 回复:0
  • CVE-2021-39340
    CVE漏洞
    CVE-2021-39340
    The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.ph ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:54 | 回复:0
  • CVE-2021-39333
    CVE漏洞
    CVE-2021-39333
    The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:59 | 回复:0
  • CVE-2021-38356
    CVE漏洞
    CVE-2021-38356
    The NextScripts: Social Networks Auto-Poster = 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST parameter which is echoed out on inc/nxs_class_snap.php by supp ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:66 | 回复:0
  • CVE-2021-20136
    CVE漏洞
    CVE-2021-20136
    ManageEngine Log360 Builds 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted mes ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:77 | 回复:0
  • CVE-2018-10909
    CVE漏洞
    CVE-2018-10909
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:56 | 回复:0
  • CVE-2021-31849
    CVE漏洞
    CVE-2021-31849
    SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO datab ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:70 | 回复:0
  • CVE-2021-31848
    CVE漏洞
    CVE-2021-31848
    Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:56 | 回复:0
  • CVE-2021-42917
    CVE漏洞
    CVE-2021-42917
    Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:64 | 回复:0
  • CVE-2021-26740
    CVE漏洞
    CVE-2021-26740
    Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:64 | 回复:0
  • CVE-2021-26739
    CVE漏洞
    CVE-2021-26739
    SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:49 | 回复:0
  • CVE-2021-38847
    CVE漏洞
    CVE-2021-38847
    S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a cr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:56 | 回复:0
  • CVE-2021-3705
    CVE漏洞
    CVE-2021-3705
    Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:89 | 回复:0
  • CVE-2021-3704
    CVE漏洞
    CVE-2021-3704
    Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:73 | 回复:0
  • CVE-2021-3440
    CVE漏洞
    CVE-2021-3440
    HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:66 | 回复:0
  • CVE-2021-29213
    CVE漏洞
    CVE-2021-29213
    A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROM ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:54 | 回复:0
  • CVE-2021-29212
    CVE漏洞
    CVE-2021-29212
    A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:57 | 回复:0
  • CVE-2021-27005
    CVE漏洞
    CVE-2021-27005
    Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:57 | 回复:0
  • CVE-2020-28702
    CVE漏洞
    CVE-2020-28702
    A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:67 | 回复:0
  • CVE-2021-27004
    CVE漏洞
    CVE-2021-27004
    System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:54 | 回复:0
  • CVE-2021-22564
    CVE漏洞
    CVE-2021-22564
    For certain valid JPEG XL images with a size slightly larger than an integer number of groups (256x256 pixels) when processing the groups out of order the decoder can perform an out of bounds copy of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:72 | 回复:0
  • CVE-2021-22563
    CVE漏洞
    CVE-2021-22563
    Invalid JPEG XL images using libjxl can cause an out of bounds access on a std::vectorstd::vectorT when rendering splines. The OOB read access can either lead to a segfault, or rendering splines based ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:63 | 回复:0
  • CVE-2021-42557
    CVE漏洞
    CVE-2021-42557
    In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:46 | 回复:0
  • CVE-2021-25878
    CVE漏洞
    CVE-2021-25878
    AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' sessio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:61 | 回复:0
  • CVE-2021-25877
    CVE漏洞
    CVE-2021-25877
    AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:44 | 回复:0
  • CVE-2021-25876
    CVE漏洞
    CVE-2021-25876
    AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perfor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:51 | 回复:0
  • CVE-2021-25875
    CVE漏洞
    CVE-2021-25875
    AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators&# ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:42 | 回复:0
  • CVE-2021-25874
    CVE漏洞
    CVE-2021-25874
    AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases informatio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:48 | 回复:0
  • CVE-2021-27644
    CVE漏洞
    CVE-2021-27644
    In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:54 | 回复:0
  • CVE-2021-41973
    CVE漏洞
    CVE-2021-41973
    In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:42 | 回复:0
  • CVE-2021-24813
    CVE漏洞
    CVE-2021-24813
    The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:43 | 回复:0
  • CVE-2021-24809
    CVE漏洞
    CVE-2021-24809
    The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread, ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:49 | 回复:0
  • CVE-2021-24808
    CVE漏洞
    CVE-2021-24808
    The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:29 | 阅读:40 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap