• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-40926
    CVE-2021-40926
    Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:16 | 回复:0
  • CVE-2021-40925
    CVE-2021-40925
    Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:19 | 回复:0
  • CVE-2021-40924
    CVE-2021-40924
    Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:24 | 回复:0
  • CVE-2021-40923
    CVE-2021-40923
    Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:20 | 回复:0
  • CVE-2021-40922
    CVE-2021-40922
    Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:40 | 回复:0
  • CVE-2021-40921
    CVE-2021-40921
    Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:26 | 回复:0
  • CVE-2021-41647
    CVE-2021-41647
    An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable username parameter in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:17 | 回复:0
  • CVE-2021-3825
    CVE-2021-3825
    On 2.1.15 version and below of Lider module in LiderAhenk software is leaking it's configurations via an unsecured API. An attacker with an access to the configurations API could get valid LDAP cr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:19 | 回复:0
  • CVE-2021-29110
    CVE-2021-29110
    Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:14 | 回复:0
  • CVE-2021-29109
    CVE-2021-29109
    A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:14 | 回复:0
  • CVE-2021-29108
    CVE-2021-29108
    There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker to impersonate another ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:16 | 回复:0
  • CVE-2021-41649
    CVE-2021-41649
    An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:19 | 回复:0
  • CVE-2021-41648
    CVE-2021-41648
    An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /action.php prId parameter. Using a post request does not sanitize the user input.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:37 | 回复:0
  • CVE-2021-40960
    CVE-2021-40960
    Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:29 | 回复:0
  • CVE-2021-41110
    CVE-2021-41110
    cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:21 | 回复:0
  • CVE-2021-35297
    CVE-2021-35297
    Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SE ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:19 | 回复:0
  • CVE-2021-41459
    CVE-2021-41459
    There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1008 in the nhmldmx_send_sample() function szXmlFrom parameter which leads to a denial of service vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:23 | 回复:0
  • CVE-2021-41457
    CVE-2021-41457
    There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:19 | 回复:0
  • CVE-2021-41456
    CVE-2021-41456
    There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability.……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:26 | 回复:0
  • CVE-2021-23893
    CVE-2021-23893
    Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 12:07 | 阅读:20 | 回复:0
  • CVE-2021-3747
    CVE-2021-3747
    The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:71 | 回复:0
  • CVE-2021-3710
    CVE-2021-3710
    An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). This issue affects: apport 2.14.1 versions prior to 2.14.1-0ubuntu3.29+esm8; 2.20.1 versions pr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:75 | 回复:0
  • CVE-2021-3709
    CVE-2021-3709
    Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. This issue affects: apport 2.14.1 versions prior t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:57 | 回复:0
  • CVE-2021-3626
    CVE-2021-3626
    The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege es ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:89 | 回复:0
  • CVE-2021-38675
    CVE-2021-38675
    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:71 | 回复:0
  • CVE-2021-34356
    CVE-2021-34356
    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:85 | 回复:0
  • CVE-2021-34355
    CVE-2021-34355
    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alread ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:53 | 回复:0
  • CVE-2021-34354
    CVE-2021-34354
    A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have alr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:51 | 回复:0
  • CVE-2021-34352
    CVE-2021-34352
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:63 | 回复:0
  • CVE-2021-33626
    CVE-2021-33626
    A vulnerability exists in SMM (System Management Mode) branch that registers a SWSMI handler that does not sufficiently check or validate the allocated buffer pointer(QWORD values for CommBuffer). Thi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:88 | 回复:0
  • CVE-2020-20799
    CVE-2020-20799
    JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:69 | 回复:0
  • CVE-2020-20797
    CVE-2020-20797
    FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:58 | 回复:0
  • CVE-2020-20796
    CVE-2020-20796
    FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the Id parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:50 | 回复:0
  • CVE-2021-41324
    CVE-2021-41324
    Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes param ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:92 | 回复:0
  • CVE-2020-20746
    CVE-2020-20746
    A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST request to /gofor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:85 | 回复:0
  • CVE-2021-41101
    CVE-2021-41101
    wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `. ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:77 | 回复:0
  • CVE-2021-33583
    CVE-2021-33583
    REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:54 | 回复:0
  • CVE-2021-41325
    CVE-2021-41325
    Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin per ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:70 | 回复:0
  • CVE-2021-41323
    CVE-2021-41323
    Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:54 | 回复:0
  • CVE-2021-41288
    CVE-2021-41288
    Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:48 | 阅读:53 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap