• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-41564
    CVE-2021-41564
    Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:17 | 回复:0
  • CVE-2021-41563
    CVE-2021-41563
    Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:13 | 回复:0
  • CVE-2021-3312
    CVE-2021-3312
    An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by up ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:20 | 回复:0
  • CVE-2021-36767
    CVE-2021-36767
    In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthen ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:32 | 回复:0
  • CVE-2021-35979
    CVE-2021-35979
    An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:17 | 回复:0
  • CVE-2021-35977
    CVE-2021-35977
    An issue was discovered in Digi RealPort for Windows through 4.8.488.0. A buffer overflow exists in the handling of ADDP discovery response messages. This could result in arbitrary code execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:16 | 回复:0
  • CVE-2021-41133
    CVE-2021-41133
    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:14 | 回复:0
  • CVE-2021-41947
    CVE-2021-41947
    A SQL injection vulnerability exists in Subrion CMS v4.2.1 in the visual-mode.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:11 | 回复:0
  • CVE-2021-40832
    CVE-2021-40832
    A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVRDL unpacking module component used in certain F-Secure products can crash while scanning a fuzzed files. The ex ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:13 | 回复:0
  • CVE-2021-33603
    CVE-2021-33603
    A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the AVPACK module component used in certain F-Secure products can crash while scanning a fuzzed files. The exploit can ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:30 | 回复:0
  • CVE-2021-25271
    CVE-2021-25271
    A local attacker could read or write arbitrary files with administrator privileges in HitmanPro before version Build 318.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:53 | 回复:0
  • CVE-2021-25270
    CVE-2021-25270
    A local attacker could execute arbitrary code with administrator privileges in HitmanPro.Alert before version Build 901.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:40 | 回复:0
  • CVE-2021-41115
    CVE-2021-41115
    Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure linkifiers that automatically create links from messages that users sen ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:41 | 回复:0
  • CVE-2021-38298
    CVE-2021-38298
    Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:37 | 回复:0
  • CVE-2020-21729
    CVE-2020-21729
    JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:37 | 回复:0
  • CVE-2020-21726
    CVE-2020-21726
    OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the cid parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:53 | 回复:0
  • CVE-2020-21725
    CVE-2020-21725
    OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Controller/ChinaCityController.class.php via the pid parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:37 | 回复:0
  • CVE-2021-42095
    CVE-2021-42095
    Xshell before 7.0.0.76 allows attackers to cause a crash by triggering rapid changes to the title bar.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:43 | 回复:0
  • CVE-2021-42091
    CVE-2021-42091
    An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:48 | 回复:0
  • CVE-2021-42090
    CVE-2021-42090
    An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:44 | 回复:0
  • CVE-2021-42089
    CVE-2021-42089
    An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:39 | 回复:0
  • CVE-2021-42088
    CVE-2021-42088
    An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:40 | 回复:0
  • CVE-2021-42087
    CVE-2021-42087
    An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:10 | 阅读:43 | 回复:0
  • CVE-2021-42086
    CVE-2021-42086
    An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:35 | 回复:0
  • CVE-2021-42085
    CVE-2021-42085
    An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:39 | 回复:0
  • CVE-2021-42084
    CVE-2021-42084
    An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:45 | 回复:0
  • CVE-2020-21865
    CVE-2020-21865
    ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:33 | 回复:0
  • CVE-2021-42094
    CVE-2021-42094
    An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:42 | 回复:0
  • CVE-2021-42093
    CVE-2021-42093
    An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:41 | 回复:0
  • CVE-2021-42092
    CVE-2021-42092
    An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:41 | 回复:0
  • CVE-2021-41130
    CVE-2021-41130
    Extensible Service Proxy, a.k.a. ESP is a proxy which enables API management capabilities for JSON/REST or gRPC API services. ESPv1 can be configured to authenticate a JWT token. Its verified JWT clai ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:28 | 回复:0
  • CVE-2021-29700
    CVE-2021-29700
    IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks ag ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:34 | 回复:0
  • CVE-2021-20584
    CVE-2021-20584
    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:23 | 回复:0
  • CVE-2021-20571
    CVE-2021-20571
    IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:23 | 回复:0
  • CVE-2021-20561
    CVE-2021-20561
    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:28 | 回复:0
  • CVE-2021-20552
    CVE-2021-20552
    IBM Sterling File Gateway 6.0.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information cou ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:32 | 回复:0
  • CVE-2021-20489
    CVE-2021-20489
    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:33 | 回复:0
  • CVE-2021-20481
    CVE-2021-20481
    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended fun ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:27 | 回复:0
  • CVE-2021-20473
    CVE-2021-20473
    IBM Sterling File Gateway User Interface 2.2.0.0 through 6.1.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:24 | 回复:0
  • CVE-2021-20376
    CVE-2021-20376
    IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:09 | 阅读:31 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap