• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2021-39500
    CVE-2021-39500
    Eyoucms 1.5.4 is vulnerable to Directory Traversal. Due to a lack of input data sanitizaton in param tpldir, filename, type, nid an attacker can inject ../ to escape and write file to writeable direct ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:34 | 回复:0
  • CVE-2021-37629
    CVE-2021-37629
    Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enum ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:31 | 回复:0
  • CVE-2021-37628
    CVE-2021-37628
    Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (Upload Only public link shares in Nextcloud) can be bypassed using the Nextcloud Rich ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:16 | 回复:0
  • CVE-2021-32766
    CVE-2021-32766
    Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:14 | 回复:0
  • CVE-2021-40143
    CVE-2021-40143
    Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external r ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:21 | 回复:0
  • CVE-2021-39503
    CVE-2021-39503
    PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without , , ?, =, `,.... In WriteConfig() function, an attacker can inject php code to /include/config.cache.php file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:26 | 回复:0
  • CVE-2021-39499
    CVE-2021-39499
    A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:22 | 回复:0
  • CVE-2021-39497
    CVE-2021-39497
    eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:25 | 回复:0
  • CVE-2021-39496
    CVE-2021-39496
    Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:14 | 回复:0
  • CVE-2021-39194
    CVE-2021-39194
    kaml is an open source implementation of the YAML format with support for kotlinx.serialization. In affected versions attackers that could provide arbitrary YAML input to an application that uses kaml ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:29 | 回复:0
  • CVE-2021-38707
    CVE-2021-38707
    Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:13 | 回复:0
  • CVE-2021-38706
    CVE-2021-38706
    messages_load.php in ClinicCases 7.3.3 suffers from a blind SQL injection vulnerability, which allows low-privileged attackers to execute arbitrary SQL commands through a vulnerable parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:18 | 回复:0
  • CVE-2021-38705
    CVE-2021-38705
    ClinicCases 7.3.3 is affected by Cross-Site Request Forgery (CSRF). A successful attack would consist of an authenticated user following a malicious link, resulting in arbitrary actions being carried ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:13 | 回复:0
  • CVE-2021-38704
    CVE-2021-38704
    Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in acc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:19 | 回复:0
  • CVE-2021-37631
    CVE-2021-37631
    Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions the Deck application didn't prop ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:21 | 回复:0
  • CVE-2021-37630
    CVE-2021-37630
    Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any Secret Circle without approval ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:13 | 回复:0
  • CVE-2021-35948
    CVE-2021-35948
    Session fixation on password protected public links in the ownCloud Server before 10.8.0 allows an attacker to bypass the password protection when they can force a target client to use a controlled co ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:25 | 回复:0
  • CVE-2021-35946
    CVE-2021-35946
    A receiver of a federated share with access to the database with ownCloud version before 10.8 could update the permissions and therefore elevate their own permissions.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:24 | 回复:0
  • CVE-2021-32782
    CVE-2021-32782
    Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulner ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:17 | 回复:0
  • CVE-2020-19752
    CVE-2020-19752
    The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:13 | 回复:0
  • CVE-2020-19751
    CVE-2020-19751
    An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:9 | 回复:0
  • CVE-2020-19750
    CVE-2020-19750
    An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:17 | 回复:0
  • CVE-2021-39199
    CVE-2021-39199
    remark-html is an open source nodejs library which compiles Markdown to HTML. In affected versions the documentation of remark-html has mentioned that it was safe by default. In practice the default w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:14 | 回复:0
  • CVE-2021-39196
    CVE-2021-39196
    pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets wit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:25 | 回复:0
  • CVE-2021-39195
    CVE-2021-39195
    Misskey is an open source, decentralized microblogging platform. In affected versions a Server-Side Request Forgery vulnerability exists in Upload from URL and remote attachment handling. This could r ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:12 | 回复:0
  • CVE-2021-35949
    CVE-2021-35949
    The shareinfo controller in the ownCloud Server before 10.8.0 allows an attacker to bypass the permission checks for upload only shares and list metadata about the share.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:19 | 回复:0
  • CVE-2021-35947
    CVE-2021-35947
    The public share controller in the ownCloud server before version 10.8.0 allows a remote attacker to see the internal path and the username of a public share by including invalid characters in the URL ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:27 | 回复:0
  • CVE-2021-39197
    CVE-2021-39197
    better_errors is an open source replacement for the standard Rails error page with more information rich error pages. It is also usable outside of Rails in any Rack app as Rack middleware. better_erro ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:28 | 回复:0
  • CVE-2021-38142
    CVE-2021-38142
    Barco MirrorOp Windows Sender before 2.5.3.65 uses cleartext HTTP and thus allows rogue software upgrades. An attacker on the local network can achieve remote code execution on any computer that tries ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:14 | 回复:0
  • CVE-2021-40539
    CVE-2021-40539
    Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:16 | 回复:0
  • CVE-2021-38123
    CVE-2021-38123
    Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability coul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:26 | 回复:0
  • CVE-2021-39263
    CVE-2021-39263
    A crafted NTFS image can trigger a heap-based buffer overflow, caused by an unsanitized attribute in ntfs_get_attribute_value, in NTFS-3G 2021.8.22.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:34 | 回复:0
  • CVE-2021-39262
    CVE-2021-39262
    A crafted NTFS image can cause an out-of-bounds access in ntfs_decompress in NTFS-3G 2021.8.22.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:23 | 回复:0
  • CVE-2021-39261
    CVE-2021-39261
    A crafted NTFS image can cause a heap-based buffer overflow in ntfs_compressed_pwrite in NTFS-3G 2021.8.22.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:22 | 回复:0
  • CVE-2021-39260
    CVE-2021-39260
    A crafted NTFS image can cause an out-of-bounds access in ntfs_inode_sync_standard_information in NTFS-3G 2021.8.22.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:20 | 回复:0
  • CVE-2021-39259
    CVE-2021-39259
    A crafted NTFS image can trigger an out-of-bounds access, caused by an unsanitized attribute length in ntfs_inode_lookup_by_name, in NTFS-3G 2021.8.22.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:21 | 回复:0
  • CVE-2021-39258
    CVE-2021-39258
    A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G 2021.8.22.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:14 | 回复:0
  • CVE-2021-39257
    CVE-2021-39257
    A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite), causing stack consumption in NTFS-3G 2021.8.22.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:13 | 回复:0
  • CVE-2021-39256
    CVE-2021-39256
    A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G 2021.8.22.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:11 | 回复:0
  • CVE-2021-39255
    CVE-2021-39255
    A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G 2021.8.22.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:39 | 阅读:12 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap