漏洞 - 第724页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-32725

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-24454

In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options Allow other answers, Display other answers in the result list and Show results, it can lead to Stored Cross-Site ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-24442

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers POST parameter before using it in a SQL statement when sending a P ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-24441

The Sign-up Sheets WordPress plugin before 1.0.14 does not not sanitise or validate the Sheet title when generating the CSV to export, which could lead to a CSV injection issue……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-24440

The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24439

The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the b ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-24434

The Glass WordPress plugin through 1.3.2 does not sanitise or escape its Glass Pages setting before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin did no ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-24429

The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set Ja ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-24427

The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-24426

The Backup by 10Web â€“ Backup and Restore Plugin WordPress plugin through 1.0.20 does not sanitise or escape the tab parameter before outputting it back in the page, leading to a reflected Cross-S ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-24424

The WP Reset â€“ Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-24421

The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use Jav ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-24420

The Request a Quote WordPress plugin before 2.3.4 did not sanitise and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quot ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-24419

The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-24418

The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-24409

The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be exe ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-24408

The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post mad ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：23 | 回复：0
CVE漏洞

CVE-2021-24385

The Filebird Plugin 4.7.3 introduced a SQL injection vulnerability as it is making SQL queries without escaping user input data from a HTTP post request. This is a major vulnerability as the user inpu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-24365

The Admin Columns WordPress plugin Free before 4.3.2 and Pro before 5.5.2 allowed to configure individual columns for tables. Each column had a type. The type Custom Field allowed to choose an arbitra ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-19907

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-22425

A component of the HarmonyOS has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevating Privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-22424

A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-22423

A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-22422

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-22421

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-22420

A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application tr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-22419

A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-22418

A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-22417

A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Memory Leakage.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-22416

A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：17 | 回复：0
CVE漏洞

CVE-2019-14453

An issue was discovered in Comelit App lejos de casa (web) 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-32814

Skytable is a NoSQL database with automated snapshots and TLS. Versions prior to 0.5.1 are vulnerable to a a directory traversal attack enabling remotely connected clients to destroy and/or manipulate ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-32017

An issue was discovered in JUMP AMS 3.6.0.04.009-2487. A JUMP SOAP endpoint permitted the listing of the content of the remote file system. This can be used to identify the complete server filesystem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-37558

A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the host_name and se ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-37557

A SQL injection vulnerability in image generation in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-37556

A SQL injection vulnerability in reporting export in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote authenticated (but low-privileged) attackers to execute arbitrary SQL commands via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-36763

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-33486

All versions of the CODESYS V3 Runtime Toolkit for VxWorks from version V3.5.8.0 and before version V3.5.17.10 have Improper Handling of Exceptional Conditions.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-33485

CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-31504

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:24 | 阅读：11 | 回复：0