漏洞 - 第704页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2015-2073

The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：30 | 回复：0
CVE漏洞

CVE-2014-9320

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：27 | 回复：0
CVE漏洞

CVE-2013-4718

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：14 | 回复：0
CVE漏洞

CVE-2013-4717

Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-37623

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop was found in Exiv2 versions v0.27.4 and earlier. The infinit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-34334

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An infinite loop is triggered when Exiv2 is used to read the metadata of a cr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-32815

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The assertion failure is triggered when Exiv2 is used to modify the metadata ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：17 | 回复：0
CVE漏洞

CVE-2013-6276

** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL sin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-25954

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-29714

IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-21740

There is an information leak vulnerability in the digital media player (DMS) of ZTE's residential gateway product. The attacker could insert the USB disk with the symbolic link into the residentia ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-20349

IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-33256

** DISPUTED ** A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter see ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-37788

A vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-37573

A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) =1.115 allows an adversary to inject malicious code on the server's 404 Pa ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-36798

A Denial-of-Service (DoS) vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-34661

The WP Fusion Lite WordPress plugin is vulnerable to Cross-Site Request Forgery via the `show_logs_section` function found in the ~/includes/admin/logging/class-log-handler.php file which allows attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-34660

The WP Fusion Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the startdate parameter found in the ~/includes/admin/logging/class-log-table-list.php file which allows attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-22910

A sanitization vulnerability exists in Rocket.Chat server versions 3.13.2, 3.12.4, 3.11.4 that allowed queries to an endpoint which could result in a NoSQL injection, potentially leading to RCE.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-38290

A host header attack vulnerability exists in FUEL CMS 1.5.0 through fuel/modules/fuel/config/fuel_constants.php and fuel/modules/fuel/libraries/Asset.php. An attacker can use a man in the middle attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-37215

The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attacker can manipulate the user data and t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-37214

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID in sp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-37213

The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the employee ID and date ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-37212

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. After being authenticated as a general user, remote attackers can manipulate the bulletin ID in specific ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-37211

The bulletin function of Flygo does not filter special characters while a new announcement is added. Remoter attackers can use the vulnerability with general user’s credential to inject JavaScript an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-24522

The User Registration, User Profile, Login Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and coul ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-24521

The Side Menu Lite â€“ add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator r ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-24520

The Stock in out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-24509

The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post ma ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-24507

The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (ava ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-24505

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (XS ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-24502

The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, eve ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-24501

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting object ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-24500

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-24499

The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-24495

The Marmoset Viewer WordPress plugin before 1.9.3 does not property sanitize, validate or escape the 'id' parameter before outputting back in the page, leading to a reflected Cross-Site Script ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-24467

The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers to make a logged in admin update the settings via a Cross-Site Request For ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24304

The Newsmag WordPress theme before 5.0 does not sanitise the td_block_id parameter in its td_ajax_block AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS) vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-38209

net/netfilter/nf_conntrack_standalone.c in the Linux kernel before 5.12.2 allows observation of changes in any net namespace because these changes are leaked into all other net namespaces. This is rel ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-38208

net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:27 | 阅读：18 | 回复：0