• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2020-19964
    CVE-2020-19964
    A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:29 | 回复:0
  • CVE-2020-19962
    CVE-2020-19962
    A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:37 | 回复:0
  • CVE-2020-19961
    CVE-2020-19961
    A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:34 | 回复:0
  • CVE-2020-19960
    CVE-2020-19960
    A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:35 | 回复:0
  • CVE-2020-19959
    CVE-2020-19959
    A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:52 | 回复:0
  • CVE-2020-19957
    CVE-2020-19957
    A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:60 | 回复:0
  • CVE-2020-19954
    CVE-2020-19954
    An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:49 | 回复:0
  • CVE-2020-22724
    CVE-2020-22724
    A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:63 | 回复:0
  • CVE-2021-3882
    CVE-2021-3882
    LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an un ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:71 | 回复:0
  • CVE-2021-42342
    CVE-2021-42342
    An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunnel ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:77 | 回复:0
  • CVE-2021-42341
    CVE-2021-42341
    checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:35 | 回复:0
  • CVE-2021-40854
    CVE-2021-40854
    AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can launch other appli ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:25 | 回复:0
  • CVE-2021-41075
    CVE-2021-41075
    The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:18 | 回复:0
  • CVE-2021-40493
    CVE-2021-40493
    Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:37 | 回复:0
  • CVE-2021-26318
    CVE-2021-26318
    A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:51 | 回复:0
  • CVE-2021-42224
    CVE-2021-42224
    SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:15 | 回复:0
  • CVE-2021-42223
    CVE-2021-42223
    Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:31 | 回复:0
  • CVE-2021-40843
    CVE-2021-40843
    Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:29 | 回复:0
  • CVE-2021-40842
    CVE-2021-40842
    Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:24 | 回复:0
  • CVE-2021-20131
    CVE-2021-20131
    ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:21 | 回复:0
  • CVE-2021-20130
    CVE-2021-20130
    ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:9 | 回复:0
  • CVE-2021-41139
    CVE-2021-41139
    Anuko Time Tracker is an open source, web-based time tracking application written in PHP. When a logged on user selects a date in Time Tracker, it is being passed on via the date parameter in URI. Bec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:20 | 回复:0
  • CVE-2021-40732
    CVE-2021-40732
    XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:17 | 回复:0
  • CVE-2021-35498
    CVE-2021-35498
    The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:18 | 回复:0
  • CVE-2021-41138
    CVE-2021-41138
    Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for `pallet-ethereum`, a large part of transaction validation logic was only called ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:22 | 回复:0
  • CVE-2021-3057
    CVE-2021-3057
    A stack-based buffer overflow vulnerability exists in the Palo Alto Networks GlobalProtect app that enables a man-in-the-middle attacker to disrupt system processes and potentially execute arbitrary c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:19 | 回复:0
  • CVE-2021-22036
    CVE-2021-22036
    VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled domai ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:27 | 回复:0
  • CVE-2021-22035
    CVE-2021-22035
    VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-adminis ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:34 | 回复:0
  • CVE-2021-22033
    CVE-2021-22033
    Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:38 | 回复:0
  • CVE-2021-20129
    CVE-2021-20129
    An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:31 | 回复:0
  • CVE-2021-20128
    CVE-2021-20128
    The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:45 | 回复:0
  • CVE-2021-20127
    CVE-2021-20127
    An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:22 | 回复:0
  • CVE-2021-20126
    CVE-2021-20126
    Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:19 | 回复:0
  • CVE-2021-20125
    CVE-2021-20125
    An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could levera ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:16 | 回复:0
  • CVE-2021-20124
    CVE-2021-20124
    A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerabilit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:11 | 回复:0
  • CVE-2021-20123
    CVE-2021-20123
    A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:25 | 回复:0
  • CVE-2021-39304
    CVE-2021-39304
    Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:18 | 回复:0
  • CVE-2021-34814
    CVE-2021-34814
    Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:18 | 回复:0
  • CVE-2021-41137
    CVE-2021-41137
    Minio is a Kubernetes native application for cloud storage. All users on release `RELEASE.2021-10-10T16-53-30Z` are affected by a vulnerability that involves bypassing policy restrictions on regular u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:22 | 回复:0
  • CVE-2021-33609
    CVE-2021-33609
    Missing check in DataCommunicator class in com.vaadin:vaadin-server versions 8.0.0 through 8.14.0 (Vaadin 8.0.0 through 8.14.0) allows authenticated network attacker to cause heap exhaustion by reques ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:11 | 阅读:21 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap