• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2020-36396
    CVE漏洞
    CVE-2020-36396
    A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload ent ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:27 | 回复:0
  • CVE-2020-36395
    CVE漏洞
    CVE-2020-36395
    A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload ente ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:20 | 回复:0
  • CVE-2020-23194
    CVE漏洞
    CVE-2020-23194
    A stored cross site scripting (XSS) vulnerability in the Import Subscribers feature in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted pay ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:21 | 回复:0
  • CVE-2020-23192
    CVE漏洞
    CVE-2020-23192
    A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload in the admin parameter under ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:21 | 回复:0
  • CVE-2020-23190
    CVE漏洞
    CVE-2020-23190
    A stored cross site scripting (XSS) vulnerability in the Import emails module in phplist 3.5.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:39 | 回复:0
  • CVE-2020-23185
    CVE漏洞
    CVE-2020-23185
    A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted pa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:8 | 回复:0
  • CVE-2020-23184
    CVE漏洞
    CVE-2020-23184
    A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a craft ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:18 | 回复:0
  • CVE-2020-23182
    CVE漏洞
    CVE-2020-23182
    The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Sho ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:25 | 回复:0
  • CVE-2020-23181
    CVE漏洞
    CVE-2020-23181
    A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload en ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:23 | 回复:0
  • CVE-2020-23179
    CVE漏洞
    CVE-2020-23179
    A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payloa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:17 | 回复:0
  • CVE-2020-23178
    CVE漏洞
    CVE-2020-23178
    An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:23 | 回复:0
  • CVE-2021-23403
    CVE漏洞
    CVE-2021-23403
    All versions of package ts-nodash are vulnerable to Prototype Pollution via the Merge() function due to lack of validation input.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:13 | 回复:0
  • CVE-2021-32639
    CVE漏洞
    CVE-2021-32639
    Emissary is a P2P-based, data-driven workflow engine. Emissary version 6.4.0 is vulnerable to Server-Side Request Forgery (SSRF). In particular, the `RegisterPeerAction` endpoint and the `AddChildDire ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:13 | 回复:0
  • CVE-2021-23402
    CVE漏洞
    CVE-2021-23402
    All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:17 | 回复:0
  • CVE-2021-32735
    CVE漏洞
    CVE-2021-32735
    Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:23 | 回复:0
  • CVE-2021-27950
    CVE漏洞
    CVE-2021-27950
    A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEn ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:20 | 回复:0
  • CVE-2021-3613
    CVE漏洞
    CVE-2021-3613
    OpenVPN Connect 3.2.0 through 3.3.0 allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with the s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:17 | 回复:0
  • CVE-2021-3606
    CVE漏洞
    CVE-2021-3606
    OpenVPN before version 2.5.3 on Windows allows local users to load arbitrary dynamic loadable libraries via an OpenSSL configuration file if present, which allows the user to run arbitrary code with t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:16 | 回复:0
  • CVE-2021-36132
    CVE漏洞
    CVE-2021-36132
    An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:12 | 回复:0
  • CVE-2021-36131
    CVE漏洞
    CVE-2021-36131
    An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data field ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:12 | 回复:0
  • CVE-2021-36130
    CVE漏洞
    CVE-2021-36130
    An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTM ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:19 | 回复:0
  • CVE-2021-36129
    CVE漏洞
    CVE-2021-36129
    An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:10 | 回复:0
  • CVE-2021-36128
    CVE漏洞
    CVE-2021-36128
    An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:9 | 回复:0
  • CVE-2021-36127
    CVE漏洞
    CVE-2021-36127
    An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than fo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:4 | 回复:0
  • CVE-2021-36126
    CVE漏洞
    CVE-2021-36126
    An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the E ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:13 | 回复:0
  • CVE-2021-36125
    CVE漏洞
    CVE-2021-36125
    An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's cur ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:8 | 回复:0
  • CVE-2021-35197
    CVE漏洞
    CVE-2021-35197
    In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a sitewide block applied, it is able to stil ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:8 | 回复:0
  • CVE-2021-35029
    CVE漏洞
    CVE-2021-35029
    An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.35 through 4.64 and USG Flex, ATP, and VPN series firmware versions 4.35 th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:5 | 回复:0
  • CVE-2021-27455
    CVE漏洞
    CVE-2021-27455
    Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to disclose information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:5 | 回复:0
  • CVE-2021-27412
    CVE漏洞
    CVE-2021-27412
    Delta Electronics DOPSoft Versions 4.0.10.17 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:10 | 回复:0
  • CVE-2021-35042
    CVE漏洞
    CVE-2021-35042
    Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:12 | 回复:0
  • CVE-2021-26920
    CVE漏洞
    CVE-2021-26920
    In the Druid ingestion system, the InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intend ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:21 | 回复:0
  • CVE-2020-23219
    CVE漏洞
    CVE-2020-23219
    Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the Snippet content field under the Edit Snippet module.……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:16 | 回复:0
  • CVE-2020-23217
    CVE漏洞
    CVE-2020-23217
    A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Add a list field under the Import Em ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:15 | 回复:0
  • CVE-2020-23214
    CVE漏洞
    CVE-2020-23214
    A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Configure categories field under the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:14 | 回复:0
  • CVE-2020-23209
    CVE漏洞
    CVE-2020-23209
    A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the List Description field under the Edi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:26 | 回复:0
  • CVE-2020-23208
    CVE漏洞
    CVE-2020-23208
    A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Send test field under the Start or c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:66 | 回复:0
  • CVE-2020-23207
    CVE漏洞
    CVE-2020-23207
    A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Edit Values field under the Configur ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:18 | 回复:0
  • CVE-2020-23205
    CVE漏洞
    CVE-2020-23205
    A stored cross site scripting (XSS) vulnerability in Monstra CMS version 3.0.4 allows attackers to execute arbitrary web scripts or HTML via crafted a payload entered into the Site Name field under th ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:7 | 回复:0
  • CVE-2021-32731
    CVE漏洞
    CVE-2021-32731
    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email ad ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 11:21 | 阅读:4 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap