• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-38478
    CVE-2021-38478
    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotel ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:13 | 回复:0
  • CVE-2021-38476
    CVE-2021-38476
    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate dif ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:23 | 回复:0
  • CVE-2021-38474
    CVE-2021-38474
    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:14 | 回复:0
  • CVE-2021-38472
    CVE-2021-38472
    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an ad ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:8 | 回复:0
  • CVE-2021-38470
    CVE-2021-38470
    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:14 | 回复:0
  • CVE-2021-38468
    CVE-2021-38468
    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:7 | 回复:0
  • CVE-2021-38466
    CVE-2021-38466
    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:21 | 回复:0
  • CVE-2021-38464
    CVE-2021-38464
    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:31 | 回复:0
  • CVE-2021-38462
    CVE-2021-38462
    InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:18 | 回复:0
  • CVE-2021-42261
    CVE-2021-42261
    Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:14 | 回复:0
  • CVE-2021-36512
    CVE-2021-36512
    An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:24 | 回复:0
  • CVE-2021-25968
    CVE-2021-25968
    In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:25 | 回复:0
  • CVE-2021-20836
    CVE-2021-20836
    Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:16 | 回复:0
  • CVE-2021-41155
    CVE-2021-41155
    Tuleap is a Free Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:25 | 回复:0
  • CVE-2021-41154
    CVE-2021-41154
    Tuleap is a Free Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a SVN core repository could execute arbitrary ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:22 | 回复:0
  • CVE-2021-42650
    CVE-2021-42650
    Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:34 | 回复:0
  • CVE-2021-41156
    CVE-2021-41156
    anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Becaus ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:43 | 回复:0
  • CVE-2021-41153
    CVE-2021-41153
    The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate ` 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:14 | 回复:0
  • CVE-2021-41152
    CVE-2021-41152
    OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacke ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:11 | 回复:0
  • CVE-2021-41151
    CVE-2021-41151
    Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is execu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:10 | 回复:0
  • CVE-2021-42055
    CVE-2021-42055
    ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:17 | 回复:0
  • CVE-2021-36513
    CVE-2021-36513
    An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:19 | 回复:0
  • CVE-2021-29878
    CVE-2021-29878
    IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:30 | 回复:0
  • CVE-2021-23449
    CVE-2021-23449
    This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:13 | 回复:0
  • CVE-2021-42576
    CVE-2021-42576
    The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:25 | 回复:0
  • CVE-2021-42575
    CVE-2021-42575
    The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:40 | 回复:0
  • CVE-2021-41971
    CVE-2021-41971
    Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:16 | 回复:0
  • CVE-2021-32609
    CVE-2021-32609
    Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (incl ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:12 | 回复:0
  • CVE-2021-42098
    CVE-2021-42098
    An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:18 | 回复:0
  • CVE-2021-41991
    CVE-2021-41991
    The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:26 | 回复:0
  • CVE-2021-41990
    CVE-2021-41990
    The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certif ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:20 | 回复:0
  • CVE-2021-3755
    CVE-2021-3755
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:24 | 回复:0
  • CVE-2021-24760
    CVE-2021-24760
    The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:19 | 回复:0
  • CVE-2021-24754
    CVE-2021-24754
    The MainWP Child Reports WordPress plugin before 2.0.8 does not validate or sanitise the order parameter before using it in a SQL statement in the admin dashboard, leading to an SQL injection issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:13 | 回复:0
  • CVE-2021-24752
    CVE-2021-24752
    Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essent ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:17 | 回复:0
  • CVE-2021-24743
    CVE-2021-24743
    The Podcast Subscribe Buttons WordPress plugin before 1.4.2 allows users with any role capable of editing or adding posts to perform stored XSS.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:13 | 回复:0
  • CVE-2021-24740
    CVE-2021-24740
    The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks ev ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:12 | 回复:0
  • CVE-2021-24736
    CVE-2021-24736
    The Easy Download Manager and File Sharing Plugin with frontend file upload – a better Media Library — Shared Files WordPress plugin before 1.6.57 does not sanitise and escape some of its se ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:13 | 回复:0
  • CVE-2021-24735
    CVE-2021-24735
    The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the Disable Simultaneous Play setting via a CSRF ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:23 | 回复:0
  • CVE-2021-24734
    CVE-2021-24734
    The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scri ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:21 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap