漏洞 - 第736页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-22224

A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-26039

An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-26038

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in com_installer lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-26037

An issue was discovered in Joomla! 2.5.0 through 3.9.27. CMS functions did not properly termine existing user sessions when a user's password was changed or the user was blocked.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-26036

An issue was discovered in Joomla! 2.5.0 through 3.9.27. Missing validation of input could lead to a broken usergroups table.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-26035

An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-22231

A denial of service in user's profile page is found starting with GitLab CE/EE 8.0 that allows attacker to reject access to their profile page via using a specially crafted username.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-22230

Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：4 | 回复：0
CVE漏洞

CVE-2021-22227

A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-20780

Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-20779

Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via u ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-20777

Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-20776

Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-20739

WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-20738

WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-35039

kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-22228

An issue has been discovered in GitLab affecting all versions. Improper access control allows unauthorised users to access project details using Graphql.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-22223

Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-22232

HTML injection was possible via the full name field before versions 13.11.6, 13.12.6, and 14.0.2 in GitLab CE……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-22229

An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8. Under a special condition it was possible to access data of an internal repository through project fork done by ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-22226

Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-23697

Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：6 | 回复：0
CVE漏洞

CVE-2020-22251

Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE漏洞

CVE-2020-22249

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with e ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-34190

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-3598

There's a flaw in OpenEXR's ImfDeepScanLineInputFile functionality in versions prior to 3.0.5. An attacker who is able to submit a crafted file to an application linked with OpenEXR could caus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-35440

Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data avail ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-32740

Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. An uncontrolled resource consumption vulnerability exists after version 2.3.0 throug ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-31771

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-32559

An integer overflow exists in pywin32 prior to version b301 when adding an access control entry (ACE) to an access control list (ACL) that would cause the size to be greater than 65535 bytes. An attac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-27930

Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-24494

The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24451

The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-24407

The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-24406

The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-24405

The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-24389

The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-24388

In the VikRentCar Car Rental Management System WordPress plugin before 1.1.7, there is a custom filed option by which we can manage all the fields that the users will have to fill in before saving the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-24387

The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-24386

The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:22 | 阅读：9 | 回复：0