• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-24728
    CVE-2021-24728
    The Membership Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement, ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:21 | 回复:0
  • CVE-2021-24727
    CVE-2021-24727
    The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:19 | 回复:0
  • CVE-2021-24726
    CVE-2021-24726
    The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:17 | 回复:0
  • CVE-2021-24725
    CVE-2021-24725
    The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin dele ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:19 | 回复:0
  • CVE-2021-24724
    CVE-2021-24724
    The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks again ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:14 | 回复:0
  • CVE-2021-24623
    CVE-2021-24623
    The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:14 | 回复:0
  • CVE-2021-24621
    CVE-2021-24621
    The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html capability ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:19 | 回复:0
  • CVE-2021-24620
    CVE-2021-24620
    The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PHP ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:30 | 回复:0
  • CVE-2021-24619
    CVE-2021-24619
    The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:33 | 回复:0
  • CVE-2021-24614
    CVE-2021-24614
    The Book appointment online WordPress plugin before 1.39 does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scrip ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:14 | 回复:0
  • CVE-2021-24605
    CVE-2021-24605
    The create_post_page AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 (available to authenticated user) does not sanitise or escape user input before outputting it back in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:30 | 回复:0
  • CVE-2021-24586
    CVE-2021-24586
    The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:33 | 回复:0
  • CVE-2021-24560
    CVE-2021-24560
    The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:23 | 回复:0
  • CVE-2021-24523
    CVE-2021-24523
    The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its settings before outputting them in the page, leading to Authenticated Stored Cross-Site Scripting issue ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:14 | 回复:0
  • CVE-2021-24510
    CVE-2021-24510
    The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Site ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:20 | 回复:0
  • CVE-2021-24508
    CVE-2021-24508
    The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the feedID POST parameter in its feed_locator AJAX action (available to both authenticated and unauthentic ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:14 | 回复:0
  • CVE-2021-24493
    CVE-2021-24493
    The shopp_upload_file AJAX action of the Shopp WordPress plugin through 1.4, available to both unauthenticated and authenticated user does not have any security measure in place to prevent upload of m ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:19 | 回复:0
  • CVE-2021-24491
    CVE-2021-24491
    The Fileviewer WordPress plugin through 2.2 does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator dele ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:14 | 回复:0
  • CVE-2021-24490
    CVE-2021-24490
    The Email Artillery (MASS EMAIL) WordPress plugin through 4.1 does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:17 | 回复:0
  • CVE-2021-24431
    CVE-2021-24431
    The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This co ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:22 | 回复:0
  • CVE-2021-32135
    CVE-2021-32135
    The trak_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:21 | 回复:0
  • CVE-2021-32132
    CVE-2021-32132
    The abst_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:16 | 回复:0
  • CVE-2021-29643
    CVE-2021-29643
    PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported from a User Object in a connected Active Directory instance.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:23 | 回复:0
  • CVE-2021-32137
    CVE-2021-32137
    Heap buffer overflow in the URL_GetProtocolType function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:16 | 回复:0
  • CVE-2021-32134
    CVE-2021-32134
    The gf_odf_desc_copy function in GPAC 1.0.1 allows attackers to cause a denial of service (NULL pointer dereference) via a crafted file in the MP4Box command.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:26 | 回复:0
  • CVE-2021-32136
    CVE-2021-32136
    Heap buffer overflow in the print_udta function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:22 | 回复:0
  • CVE-2021-40214
    CVE-2021-40214
    Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:20 | 回复:0
  • CVE-2021-22528
    CVE-2021-22528
    Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:23 | 回复:0
  • CVE-2021-22527
    CVE-2021-22527
    Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:12 | 回复:0
  • CVE-2021-22526
    CVE-2021-22526
    Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:26 | 回复:0
  • CVE-2021-22524
    CVE-2021-22524
    Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:21 | 回复:0
  • CVE-2020-27970
    CVE-2020-27970
    Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:22 | 回复:0
  • CVE-2020-27969
    CVE-2020-27969
    Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:20 | 回复:0
  • CVE-2021-40870
    CVE-2021-40870
    An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:18 | 回复:0
  • CVE-2021-40867
    CVE-2021-40867
    Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:35 | 回复:0
  • CVE-2021-40866
    CVE-2021-40866
    Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication wh ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:17 | 回复:0
  • CVE-2021-23435
    CVE-2021-23435
    This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session. If the value used for return_to contains multiple leading slashes (/ ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:21 | 回复:0
  • CVE-2021-23440
    CVE-2021-23440
    This affects the package set-value before 2.0.1, =3.0.0 4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:19 | 回复:0
  • CVE-2021-40146
    CVE-2021-40146
    A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions 2.5. RCE vulnerabilities allow a malicious actor to execute any c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:13 | 回复:0
  • CVE-2021-38555
    CVE-2021-38555
    An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions 2.5. XML external entity injection (also known as XXE) is ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:42 | 阅读:75 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap