• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2020-21483
    CVE-2020-21483
    An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:18 | 回复:0
  • CVE-2020-21482
    CVE-2020-21482
    A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board module……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:16 | 回复:0
  • CVE-2020-21481
    CVE-2020-21481
    An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:7 | 回复:0
  • CVE-2020-21480
    CVE-2020-21480
    An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:11 | 回复:0
  • CVE-2020-21322
    CVE-2020-21322
    An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:20 | 回复:0
  • CVE-2020-21321
    CVE-2020-21321
    emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/link.php?action=addlink, which allows attackers to arbitrarily add articles.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:10 | 回复:0
  • CVE-2016-20012
    CVE-2016-20012
    OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occur ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:46 | 回复:0
  • CVE-2021-40862
    CVE-2021-40862
    HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthoriz ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:72 | 回复:0
  • CVE-2021-37913
    CVE-2021-37913
    The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform com ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:31 | 回复:0
  • CVE-2021-37912
    CVE-2021-37912
    The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:18 | 回复:0
  • CVE-2021-37909
    CVE-2021-37909
    WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:16 | 回复:0
  • CVE-2021-33705
    CVE-2021-33705
    The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attac ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:31 | 回复:0
  • CVE-2021-33704
    CVE-2021-33704
    The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:12 | 回复:0
  • CVE-2021-33701
    CVE-2021-33701
    DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, al ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:12 | 回复:0
  • CVE-2021-33700
    CVE-2021-33700
    SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker cou ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:5 | 回复:0
  • CVE-2021-33698
    CVE-2021-33698
    SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:12 | 回复:0
  • CVE-2021-33697
    CVE-2021-33697
    Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse T ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:10 | 回复:0
  • CVE-2021-33696
    CVE-2021-33696
    SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:13 | 回复:0
  • CVE-2021-33695
    CVE-2021-33695
    Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:18 | 回复:0
  • CVE-2021-33694
    CVE-2021-33694
    SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:8 | 回复:0
  • CVE-2021-33693
    CVE-2021-33693
    SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:16 | 回复:0
  • CVE-2021-33692
    CVE-2021-33692
    SAP Cloud Connector, version - 2.0, allows the upload of zip files as backup. This backup file can be tricked to inject special elements such as '..' and '/' separators, for attackers ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:16 | 回复:0
  • CVE-2021-33691
    CVE-2021-33691
    NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:13 | 回复:0
  • CVE-2021-33690
    CVE-2021-33690
    Server-Side Request Forgery (SSRF) vulnerability has been detected in the SAP NetWeaver Development Infrastructure Component Build Service versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50The SAP NetWeave ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:13 | 回复:0
  • CVE-2021-40966
    CVE-2021-40966
    A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:5 | 回复:0
  • CVE-2021-40965
    CVE-2021-40965
    A Cross-Site Request Forgery (CSRF) vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload files and run OS commands by inducing the Administrato ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:10 | 回复:0
  • CVE-2021-40964
    CVE-2021-40964
    A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the f ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:10 | 回复:0
  • CVE-2021-39215
    CVE-2021-39215
    Jitsi Meet is an open source video conferencing application. In versions prior to 2.0.5963, a Prosody module allows the use of symmetrical algorithms to validate JSON web tokens. This means that token ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:7 | 回复:0
  • CVE-2021-39205
    CVE-2021-39205
    Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not prop ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:16 | 回复:0
  • CVE-2021-29773
    CVE-2021-29773
    IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain sensitive information or modify user details caused by an insecure direct object vulnerability (IDOR). IBM X-F ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:12 | 回复:0
  • CVE-2021-29750
    CVE-2021-29750
    IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:10 | 回复:0
  • CVE-2021-28901
    CVE-2021-28901
    Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:14 | 回复:0
  • CVE-2021-20433
    CVE-2021-20433
    IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:5 | 回复:0
  • CVE-2021-40238
    CVE-2021-40238
    A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the Error Log page. An a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:5 | 回复:0
  • CVE-2021-40156
    CVE-2021-40156
    A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:11 | 回复:0
  • CVE-2021-40155
    CVE-2021-40155
    A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execut ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:18 | 回复:0
  • CVE-2021-3795
    CVE-2021-3795
    semver-regex is vulnerable to Inefficient Regular Expression Complexity……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:10 | 回复:0
  • CVE-2021-39392
    CVE-2021-39392
    The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:18 | 回复:0
  • CVE-2021-39213
    CVE-2021-39213
    GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:14 | 回复:0
  • CVE-2021-39211
    CVE-2021-39211
    GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in versio ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:44 | 阅读:9 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap