• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-34349
    CVE-2021-34349
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:7 | 回复:0
  • CVE-2021-34348
    CVE-2021-34348
    A command injection vulnerability has been reported to affect QNAP device running QVR. If exploited, this vulnerability could allow remote attackers to run arbitrary commands. We have already fixed th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:24 | 回复:0
  • CVE-2021-41617
    CVE-2021-41617
    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:37 | 回复:0
  • CVE-2021-3830
    CVE-2021-3830
    btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:24 | 回复:0
  • CVE-2021-21742
    CVE-2021-21742
    There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive informa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:31 | 回复:0
  • CVE-2020-20514
    CVE-2020-20514
    A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/id.html allows authenticated attackers to delete all users.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:29 | 回复:0
  • CVE-2020-20508
    CVE-2020-20508
    Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail te ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:19 | 回复:0
  • CVE-2021-40655
    CVE-2021-40655
    An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:25 | 回复:0
  • CVE-2021-40654
    CVE-2021-40654
    An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:17 | 回复:0
  • CVE-2016-6556
    CVE-2016-6556
    OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:13 | 回复:0
  • CVE-2016-6555
    CVE-2016-6555
    OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:16 | 回复:0
  • CVE-2021-41504
    CVE-2021-41504
    ** UNSUPPORTED WHEN ASSIGNED ** An Elevated Privileges issue exists in D-Link DCS-5000L v1.05 and DCS-932L v2.17 and older. The use of the digest-authentication for the devices command interface may a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:21 | 回复:0
  • CVE-2021-41503
    CVE-2021-41503
    ** UNSUPPORTED WHEN ASSIGNED ** DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attac ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:11 | 回复:0
  • CVE-2021-39246
    CVE-2021-39246
    Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logge ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:18 | 回复:0
  • CVE-2021-2464
    CVE-2021-2464
    Vulnerability in Oracle Linux (component: OSwatcher). Supported versions that are affected are 7 and 8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:13 | 回复:0
  • CVE-2021-35313
    CVE-2021-35313
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:5 | 回复:0
  • CVE-2021-22869
    CVE-2021-22869
    An improper access control vulnerability in GitHub Enterprise Server allowed a workflow job to execute in a self-hosted runner group it should not have had access to. This affects customers using self ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:9 | 回复:0
  • CVE-2021-22868
    CVE-2021-22868
    A path traversal vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration options used by GitHub Pages were not ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:6 | 回复:0
  • CVE-2021-40310
    CVE-2021-40310
    OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:14 | 回复:0
  • CVE-2021-40309
    CVE-2021-40309
    A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendanc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:12 | 回复:0
  • CVE-2021-28130
    CVE-2021-28130
    Dr.Web Firewall 12.5.2.4160 on Windows incorrectly restricts applications signed by Dr.Web. A DLL for a custom payload within a legitimate binary (e.g., frwl_svc.exe) bypasses firewall filters.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:9 | 回复:0
  • CVE-2021-41588
    CVE-2021-41588
    In Gradle Enterprise before 2021.1.3, a crafted request can trigger deserialization of arbitrary unsafe Java objects. The attacker must have the encryption and signing keys.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:6 | 回复:0
  • CVE-2021-41587
    CVE-2021-41587
    In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially discover credentials for other resources.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:30 | 回复:0
  • CVE-2021-41586
    CVE-2021-41586
    In Gradle Enterprise before 2021.1.3, an attacker with the ability to perform SSRF attacks can potentially reset the system user password.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:14 | 回复:0
  • CVE-2021-40102
    CVE-2021-40102
    An issue was discovered in Concrete CMS through 8.5.5. Arbitrary File deletion can occur via PHAR deserialization in is_dir (PHP Object Injection associated with the __wakeup magic method).……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:16 | 回复:0
  • CVE-2021-40100
    CVE-2021-40100
    An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:12 | 回复:0
  • CVE-2021-40099
    CVE-2021-40099
    An issue was discovered in Concrete CMS through 8.5.5. Fetching the update json scheme over HTTP leads to remote code execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:11 | 回复:0
  • CVE-2021-36749
    CVE-2021-36749
    In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intend ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:6 | 回复:0
  • CVE-2021-41584
    CVE-2021-41584
    Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response (information disclosure of possibly sensitive build/configuration details) via a crafted HTTP request with the X-Gradle-E ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:10 | 回复:0
  • CVE-2021-41583
    CVE-2021-41583
    vpn-user-portal (aka eduVPN or Let's Connect!) before 2.3.14, as packaged for Debian 10, Debian 11, and Fedora, allows remote authenticated users to obtain OS filesystem access, because of the int ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:28 | 回复:0
  • CVE-2021-41581
    CVE-2021-41581
    x509_constraints_parse_mailbox in lib/libcrypto/x509/x509_constraints.c in LibreSSL through 3.4.0 has a stack-based buffer over-read. When the input exceeds DOMAIN_PART_MAX_LEN, the buffer lacks ' ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:34 | 回复:0
  • CVE-2021-31923
    CVE-2021-31923
    Ping Identity PingAccess before 5.3.3 allows HTTP request smuggling via header manipulation.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:13 | 回复:0
  • CVE-2021-41088
    CVE-2021-41088
    Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows exec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:20 | 回复:0
  • CVE-2020-19951
    CVE-2020-19951
    A cross-site request forgery (CSRF) in /controller/pay.class.php of YzmCMS v5.5 allows attackers to access sensitive components of the application.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:14 | 回复:0
  • CVE-2020-19950
    CVE-2020-19950
    A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:11 | 回复:0
  • CVE-2020-19949
    CVE-2020-19949
    A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:26 | 回复:0
  • CVE-2021-38877
    CVE-2021-38877
    IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:31 | 回复:0
  • CVE-2021-38870
    CVE-2021-38870
    IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:26 | 回复:0
  • CVE-2021-29905
    CVE-2021-29905
    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:15 | 回复:0
  • CVE-2021-29904
    CVE-2021-29904
    IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI displays user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 207610.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:47 | 阅读:20 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap