• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-33577
    CVE漏洞
    CVE-2021-33577
    An issue was discovered in Cleo LexiCom 5.5.0.0. The requirement for the sender of an AS2 message to identify themselves (via encryption and signing of the message) can be bypassed by changing the Con ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:21 | 回复:0
  • CVE-2021-33576
    CVE漏洞
    CVE-2021-33576
    An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:14 | 回复:0
  • CVE-2021-33347
    CVE漏洞
    CVE-2021-33347
    An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the stora ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:14 | 回复:0
  • CVE-2021-32536
    CVE漏洞
    CVE-2021-32536
    The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:12 | 回复:0
  • CVE-2021-21669
    CVE漏洞
    CVE-2021-21669
    Jenkins Generic Webhook Trigger Plugin 1.72 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:23 | 回复:0
  • CVE-2021-34812
    CVE漏洞
    CVE-2021-34812
    Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:13 | 回复:0
  • CVE-2021-34811
    CVE漏洞
    CVE-2021-34811
    Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspeci ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:10 | 回复:0
  • CVE-2021-34810
    CVE漏洞
    CVE-2021-34810
    Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:13 | 回复:0
  • CVE-2021-34809
    CVE漏洞
    CVE-2021-34809
    Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote aut ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:18 | 回复:0
  • CVE-2021-34808
    CVE漏洞
    CVE-2021-34808
    Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:9 | 回复:0
  • CVE-2021-34553
    CVE漏洞
    CVE-2021-34553
    Sonatype Nexus Repository Manager 3.x before 3.31.0 allows a remote authenticated attacker to get a list of blob files and read the content of a blob file (via a GET request) without having been grant ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:16 | 回复:0
  • CVE-2021-32693
    CVE漏洞
    CVE-2021-32693
    Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:18 | 回复:0
  • CVE-2021-32694
    CVE漏洞
    CVE-2021-32694
    Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.15.1, a malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:16 | 回复:0
  • CVE-2021-32426
    CVE漏洞
    CVE-2021-32426
    In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the echo command.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:11 | 回复:0
  • CVE-2021-32424
    CVE漏洞
    CVE-2021-32424
    In TrendNet TW100-S4W1CA 2.3.32, due to a lack of proper session controls, a threat actor could make unauthorized changes to an affected router via a specially crafted web page. If an authenticated us ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:16 | 回复:0
  • CVE-2021-32695
    CVE漏洞
    CVE-2021-32695
    Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:14 | 回复:0
  • CVE-2021-33557
    CVE漏洞
    CVE-2021-33557
    An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:13 | 回复:0
  • CVE-2021-32575
    CVE漏洞
    CVE-2021-32575
    HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:6 | 回复:0
  • CVE-2020-36389
    CVE漏洞
    CVE-2020-36389
    In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:8 | 回复:0
  • CVE-2020-36388
    CVE漏洞
    CVE-2020-36388
    In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:11 | 回复:0
  • CVE-2021-32681
    CVE漏洞
    CVE-2021-32681
    Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the ` ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:12 | 回复:0
  • CVE-2021-23396
    CVE漏洞
    CVE-2021-23396
    All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:17 | 回复:0
  • CVE-2021-29706
    CVE漏洞
    CVE-2021-29706
    IBM AIX 7.1 could allow a non-privileged local user to exploit a vulnerability in the trace facility to expose sensitive information or cause a denial of service. IBM X-Force ID: 200663.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:11 | 回复:0
  • CVE-2020-35373
    CVE漏洞
    CVE-2020-35373
    In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:14 | 回复:0
  • CVE-2020-19202
    CVE漏洞
    CVE-2020-19202
    An authenticated Stored XSS (Cross-site Scripting) exists in the captive.cgi Captive Portal via the Title of Login Page text box or TITLE parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:12 | 回复:0
  • CVE-2013-20002
    CVE漏洞
    CVE-2013-20002
    Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:11 | 回复:0
  • CVE-2021-32078
    CVE漏洞
    CVE-2021-32078
    An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., acc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:19 | 回复:0
  • CVE-2020-25414
    CVE漏洞
    CVE-2020-25414
    A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:10 | 回复:0
  • CVE-2021-34825
    CVE漏洞
    CVE-2021-34825
    Quassel through 0.13.1, when --require-ssl is enabled, launches without SSL or TLS support if a usable X.509 certificate is not found on the local system.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:20 | 回复:0
  • CVE-2021-31818
    CVE漏洞
    CVE-2021-31818
    Affected versions of Octopus Server are prone to an authenticated SQL injection vulnerability in the Events REST API because user supplied data in the API request isn’t parameterised correctly. Explo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:27 | 回复:0
  • CVE-2021-32952
    CVE漏洞
    CVE-2021-32952
    An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. This can result ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:23 | 回复:0
  • CVE-2021-32950
    CVE漏洞
    CVE-2021-32950
    An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can resul ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:20 | 回复:0
  • CVE-2021-32948
    CVE漏洞
    CVE-2021-32948
    An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can re ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:26 | 回复:0
  • CVE-2021-32944
    CVE漏洞
    CVE-2021-32944
    A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result i ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:50 | 阅读:17 | 回复:0
  • CVE-2021-32940
    CVE漏洞
    CVE-2021-32940
    An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:49 | 阅读:15 | 回复:0
  • CVE-2021-32938
    CVE漏洞
    CVE-2021-32938
    Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data. This can result in a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:49 | 阅读:18 | 回复:0
  • CVE-2021-32936
    CVE漏洞
    CVE-2021-32936
    An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:49 | 阅读:25 | 回复:0
  • CVE-2021-3603
    CVE漏洞
    CVE-2021-3603
    PHPMailer 6.4.1 and earlier contain a vulnerability that can result in untrusted code being called (if such code is injected into the host project's scope by other means). If the $patternselect pa ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:49 | 阅读:37 | 回复:0
  • CVE-2021-32946
    CVE漏洞
    CVE-2021-32946
    An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user- ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:49 | 阅读:21 | 回复:0
  • CVE-2021-32582
    CVE漏洞
    CVE-2021-32582
    An issue was discovered in ConnectWise Automate before 2021.5. A blind SQL injection vulnerability exists in core agent inventory communication that can enable an attacker to extract database informat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:49 | 阅读:19 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap