• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-39337
    CVE-2021-39337
    The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file wh ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:16 | 回复:0
  • CVE-2021-39336
    CVE-2021-39336
    The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:10 | 回复:0
  • CVE-2021-39335
    CVE-2021-39335
    The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:11 | 回复:0
  • CVE-2021-39334
    CVE-2021-39334
    The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:13 | 回复:0
  • CVE-2021-39332
    CVE-2021-39332
    The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with admini ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:15 | 回复:0
  • CVE-2021-38431
    CVE-2021-38431
    An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:15 | 回复:0
  • CVE-2021-37737
    CVE-2021-37737
    A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:11 | 回复:0
  • CVE-2021-37736
    CVE-2021-37736
    A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:14 | 回复:0
  • CVE-2021-42336
    CVE-2021-42336
    The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:26 | 回复:0
  • CVE-2021-42335
    CVE-2021-42335
    Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:13 | 回复:0
  • CVE-2021-42334
    CVE-2021-42334
    The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:15 | 回复:0
  • CVE-2021-42333
    CVE-2021-42333
    The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:6 | 回复:0
  • CVE-2021-42332
    CVE-2021-42332
    The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message board ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:13 | 回复:0
  • CVE-2021-42331
    CVE-2021-42331
    The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial sche ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:9 | 回复:0
  • CVE-2021-42330
    CVE-2021-42330
    The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:24 | 回复:0
  • CVE-2021-42329
    CVE-2021-42329
    The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:9 | 回复:0
  • CVE-2021-40999
    CVE-2021-40999
    A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:22 | 回复:0
  • CVE-2021-42340
    CVE-2021-42340
    The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics fo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:22 | 回复:0
  • CVE-2021-38295
    CVE-2021-38295
    In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:17 | 回复:0
  • CVE-2021-36389
    CVE-2021-36389
    In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:17 | 回复:0
  • CVE-2021-36388
    CVE-2021-36388
    In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:14 | 回复:0
  • CVE-2021-36387
    CVE-2021-36387
    In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page ActivityStreamAjax ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:9 | 回复:0
  • CVE-2021-42369
    CVE-2021-42369
    Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the Export to CSV feature of the Contact Manager web GUI ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:19 | 回复:0
  • CVE-2021-32571
    CVE-2021-32571
    ** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:31 | 回复:0
  • CVE-2021-42228
    CVE-2021-42228
    A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:20 | 回复:0
  • CVE-2021-42227
    CVE-2021-42227
    Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:27 | 回复:0
  • CVE-2021-32569
    CVE-2021-32569
    ** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely reso ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:12 | 阅读:17 | 回复:0
  • CVE-2021-41142
    CVE-2021-41142
    Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 1 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:11 | 回复:0
  • CVE-2021-41132
    CVE-2021-41132
    OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of saniti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:16 | 回复:0
  • CVE-2021-39330
    CVE-2021-39330
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-24608. Reason: This candidate is a duplicate of CVE-2021-24608. Notes: All CVE users should reference CVE-2021-24608 instead of this ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:18 | 回复:0
  • CVE-2021-38346
    CVE-2021-38346
    The Brizy Page Builder plugin = 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:5 | 回复:0
  • CVE-2021-38345
    CVE-2021-38345
    The Brizy Page Builder plugin = 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:14 | 回复:0
  • CVE-2021-38344
    CVE-2021-38344
    The Brizy Page Builder plugin = 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:11 | 回复:0
  • CVE-2021-37933
    CVE-2021-37933
    An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The v ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:10 | 回复:0
  • CVE-2021-33179
    CVE-2021-33179
    The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:12 | 回复:0
  • CVE-2021-33178
    CVE-2021-33178
    The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:10 | 回复:0
  • CVE-2021-33177
    CVE-2021-33177
    The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but on ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:7 | 回复:0
  • CVE-2021-22964
    CVE-2021-22964
    A redirect vulnerability in the `fastify-static` module version = 4.2.4 and 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:9 | 回复:0
  • CVE-2021-22963
    CVE-2021-22963
    A redirect vulnerability in the fastify-static module version 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000// ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:24 | 回复:0
  • CVE-2021-20599
    CVE-2021-20599
    Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU all versions ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:26 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap