• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-29151
    CVE漏洞
    CVE-2021-29151
    A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:16 | 回复:0
  • CVE-2020-20586
    CVE漏洞
    CVE-2020-20586
    A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and pass ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:21 | 回复:0
  • CVE-2020-20585
    CVE漏洞
    CVE-2020-20585
    A blind SQL injection in /admin/?n=logsc=indexa=dode of Metinfo 7.0 beta allows attackers to access sensitive database information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:9 | 回复:0
  • CVE-2020-20584
    CVE漏洞
    CVE-2020-20584
    A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:25 | 回复:0
  • CVE-2020-20583
    CVE漏洞
    CVE-2020-20583
    A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R60321 allows attackers to obtain sensitive database information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:17 | 回复:0
  • CVE-2020-20582
    CVE漏洞
    CVE-2020-20582
    A server side request forgery (SSRF) vulnerability in /ApiAdminDomainSettings.php of MipCMS 5.0.1 allows attackers to access sensitive information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:18 | 回复:0
  • CVE-2021-29150
    CVE漏洞
    CVE-2021-29150
    A remote insecure deserialization vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:22 | 回复:0
  • CVE-2021-25442
    CVE漏洞
    CVE-2021-25442
    Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:17 | 回复:0
  • CVE-2021-25441
    CVE漏洞
    CVE-2021-25441
    Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:13 | 回复:0
  • CVE-2021-25440
    CVE漏洞
    CVE-2021-25440
    Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:18 | 回复:0
  • CVE-2021-25439
    CVE漏洞
    CVE-2021-25439
    Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbit ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:23 | 回复:0
  • CVE-2021-25438
    CVE漏洞
    CVE-2021-25438
    Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:21 | 回复:0
  • CVE-2021-24473
    CVE漏洞
    CVE-2021-24473
    The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pic ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:5 | 回复:0
  • CVE-2021-24472
    CVE漏洞
    CVE-2021-24472
    The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:14 | 回复:0
  • CVE-2021-24470
    CVE漏洞
    CVE-2021-24470
    The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:11 | 回复:0
  • CVE-2021-24468
    CVE漏洞
    CVE-2021-24468
    The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to e ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:14 | 回复:0
  • CVE-2021-24464
    CVE漏洞
    CVE-2021-24464
    The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:10 | 回复:0
  • CVE-2021-24463
    CVE漏洞
    CVE-2021-24463
    The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL state ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:11 | 回复:0
  • CVE-2021-24462
    CVE漏洞
    CVE-2021-24462
    The get_gallery_categories() and get_galleries() functions in the Photo Gallery by Ays – Responsive Image Gallery WordPress plugin before 4.4.4 did not use whitelist or validate the orderby param ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:13 | 回复:0
  • CVE-2021-24461
    CVE漏洞
    CVE-2021-24461
    The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB ca ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:16 | 回复:0
  • CVE-2021-24460
    CVE漏洞
    CVE-2021-24460
    The get_fb_likeboxes() function in the Popup Like box – Page Plugin WordPress plugin before 3.5.3 did not use whitelist or validate the orderby parameter before using it in SQL statements passed ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:8 | 回复:0
  • CVE-2021-24459
    CVE漏洞
    CVE-2021-24459
    The get_results() and get_items() functions in the Survey Maker WordPress plugin before 1.5.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the ge ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:69 | 回复:0
  • CVE-2021-24458
    CVE漏洞
    CVE-2021-24458
    The get_ays_popupboxes() and get_popup_categories() functions of the Popup box WordPress plugin before 2.3.4 did not use whitelist or validate the orderby parameter before using it in SQL statements p ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:21 | 回复:0
  • CVE-2021-24457
    CVE漏洞
    CVE-2021-24457
    The get_portfolios() and get_portfolio_attributes() functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Por ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:8 | 回复:0
  • CVE-2021-24456
    CVE漏洞
    CVE-2021-24456
    The Quiz Maker WordPress plugin before 6.2.0.9 did not properly sanitise and escape the order and orderby parameters before using them in SQL statements, leading to SQL injection issues in the admin d ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:16 | 回复:0
  • CVE-2021-24455
    CVE漏洞
    CVE-2021-24455
    The Tutor LMS – eLearning and online course solution WordPress plugin before 1.9.2 did not escape the Summary field of Announcements (when outputting it in an attribute), which can be created by ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:20 | 回复:0
  • CVE-2021-24450
    CVE漏洞
    CVE-2021-24450
    The User Registration, User Profiles, Login Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.8 did not sanitise or escape some of its settings before saving them a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:17 | 回复:0
  • CVE-2021-24448
    CVE漏洞
    CVE-2021-24448
    The User Registration User Profile – Profile Builder WordPress plugin before 3.4.8 does not sanitise or escape its 'Modify default Redirect Delay timer' setting, allowing high privilege ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:18 | 回复:0
  • CVE-2021-24444
    CVE漏洞
    CVE-2021-24444
    The TaxoPress – Create and Manage Taxonomies, Tags, Categories WordPress plugin before 3.7.0.2 does not sanitise its Taxonomy description field, allowing high privilege users to set JavaScript payloa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:16 | 回复:0
  • CVE-2021-24443
    CVE漏洞
    CVE-2021-24443
    The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any auth ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:15 | 回复:0
  • CVE-2021-24430
    CVE漏洞
    CVE-2021-24430
    The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its caching_exclude_urls and caching_include_query_strings settings before outputting them in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:8 | 回复:0
  • CVE-2021-24428
    CVE漏洞
    CVE-2021-24428
    The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cros ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:22 | 回复:0
  • CVE-2021-24425
    CVE漏洞
    CVE-2021-24425
    The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing high ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:13 | 回复:0
  • CVE-2021-24371
    CVE漏洞
    CVE-2021-24371
    The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it&# ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:27 | 回复:0
  • CVE-2021-3351
    CVE漏洞
    CVE-2021-3351
    OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:27 | 回复:0
  • CVE-2021-34556
    CVE漏洞
    CVE-2021-34556
    In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:10 | 回复:0
  • CVE-2021-35477
    CVE漏洞
    CVE-2021-35477
    In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting stor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:20 | 回复:0
  • CVE-2017-18113
    CVE漏洞
    CVE-2017-18113
    The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to exe ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:26 | 回复:0
  • CVE-2021-32066
    CVE漏洞
    CVE-2021-32066
    An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man- ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:23 | 阅读:27 | 回复:0
  • CVE-2021-25437
    CVE漏洞
    CVE-2021-25437
    Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:22 | 阅读:18 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap