• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-24732
    CVE-2021-24732
    The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:32 | 回复:0
  • CVE-2021-24702
    CVE-2021-24702
    The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attack ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:32 | 回复:0
  • CVE-2021-24684
    CVE-2021-24684
    The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:25 | 回复:0
  • CVE-2021-24677
    CVE-2021-24677
    The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:21 | 回复:0
  • CVE-2021-24675
    CVE-2021-24675
    The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the shortcode is embed. As a result, attackers could make logged in user change their ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:27 | 回复:0
  • CVE-2021-24672
    CVE-2021-24672
    The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:16 | 回复:0
  • CVE-2021-24642
    CVE-2021-24642
    The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to ma ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:29 | 回复:0
  • CVE-2021-24622
    CVE-2021-24622
    The Customer Service Software Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:23 | 回复:0
  • CVE-2021-24617
    CVE-2021-24617
    The GamePress WordPress plugin through 1.1.0 does not escape the op_edit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:26 | 回复:0
  • CVE-2021-24615
    CVE-2021-24615
    The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perfor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:17 | 回复:0
  • CVE-2021-24612
    CVE-2021-24612
    The Sociable WordPress plugin through 4.3.4.1 does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scrip ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:18 | 回复:0
  • CVE-2021-24595
    CVE-2021-24595
    The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:26 | 回复:0
  • CVE-2021-24516
    CVE-2021-24516
    The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even whe ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:26 | 回复:0
  • CVE-2021-24416
    CVE-2021-24416
    The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:14 | 回复:0
  • CVE-2021-24415
    CVE-2021-24415
    The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as con ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:13 | 回复:0
  • CVE-2021-24413
    CVE-2021-24413
    The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:12 | 回复:0
  • CVE-2021-24412
    CVE-2021-24412
    The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:13 | 回复:0
  • CVE-2021-38442
    CVE-2021-38442
    FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could lev ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:9 | 回复:0
  • CVE-2021-38440
    CVE-2021-38440
    FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:12 | 回复:0
  • CVE-2021-38438
    CVE-2021-38438
    A use after free vulnerability in FATEK Automation WinProladder versions 3.30 and prior may be exploited when a valid user opens a malformed project file, which may allow arbitrary code execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:11 | 回复:0
  • CVE-2021-38436
    CVE-2021-38436
    FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could l ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:7 | 回复:0
  • CVE-2021-38434
    CVE-2021-38434
    FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could le ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:12 | 回复:0
  • CVE-2021-38430
    CVE-2021-38430
    FATEK Automation WinProladder versions 3.30 and prior proper validation of user-supplied data when parsing project files, which could result in a stack-based buffer overflow. An attacker could leverag ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:14 | 回复:0
  • CVE-2021-38426
    CVE-2021-38426
    FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an out-of-bounds write. An attacker could leverage ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:5 | 回复:0
  • CVE-2021-38389
    CVE-2021-38389
    Advantech WebAccess versions 9.02 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:24 | 回复:0
  • CVE-2021-33023
    CVE-2021-33023
    Advantech WebAccess versions 9.02 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:15 | 回复:0
  • CVE-2021-22961
    CVE-2021-22961
    A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:16 | 回复:0
  • CVE-2021-22942
    CVE-2021-22942
    A possible open redirect vulnerability in the Host Authorization middleware in Action Pack = 6.0.0 that could allow attackers to redirect users to a malicious website.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:18 | 回复:0
  • CVE-2021-21797
    CVE-2021-21797
    An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:15 | 回复:0
  • CVE-2021-21796
    CVE-2021-21796
    An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:20 | 回复:0
  • CVE-2020-8291
    CVE-2020-8291
    A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:20 | 回复:0
  • CVE-2010-2496
    CVE-2010-2496
    stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its op ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:12 | 回复:0
  • CVE-2021-41611
    CVE-2021-41611
    An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:26 | 回复:0
  • CVE-2021-38562
    CVE-2021-38562
    Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:11 | 回复:0
  • CVE-2021-42566
    CVE-2021-42566
    myfactory.FMS before 7.1-912 allows XSS via the Error parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:7 | 回复:0
  • CVE-2021-42565
    CVE-2021-42565
    myfactory.FMS before 7.1-912 allows XSS via the UID parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:16 | 回复:0
  • CVE-2021-36097
    CVE-2021-36097
    Agents are able to lock the ticket without the Owner permission. Once the ticket is locked, it could be moved to the queue where the agent has rw permissions and gain a full control. This issue affect ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:7 | 回复:0
  • CVE-2021-38297
    CVE-2021-38297
    Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:11 | 回复:0
  • CVE-2018-16061
    CVE-2018-16061
    Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:10 | 回复:0
  • CVE-2018-16060
    CVE-2018-16060
    Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:14 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap