• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2020-18019
    CVE漏洞
    CVE-2020-18019
    SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obtain sensitive information by injecting arbitrary commands into the typeid variable of the createfolderAjax function in the mode_wo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:32 | 回复:0
  • CVE-2021-22332
    CVE漏洞
    CVE-2021-22332
    There is a pointer double free vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. When a function is called, the same memory pointer is copie ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:30 | 回复:0
  • CVE-2021-22331
    CVE漏洞
    CVE-2021-22331
    There is a JavaScript injection vulnerability in certain Huawei smartphones. A module does not verify some inputs sufficiently. Attackers can exploit this vulnerability by sending a malicious applicat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:27 | 回复:0
  • CVE-2021-22514
    CVE漏洞
    CVE-2021-22514
    An arbitrary code execution vulnerability exists in Micro Focus Application Performance Management, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow remote attackers to execute ar ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:35 | 回复:0
  • CVE-2021-22393
    CVE漏洞
    CVE-2021-22393
    There is a denial of service vulnerability in some versions of CloudEngine 5800, CloudEngine 6800, CloudEngine 7800 and CloudEngine 12800. The affected product cannot deal with some messages because o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:51 | 回复:0
  • CVE-2021-22330
    CVE漏洞
    CVE-2021-22330
    There is an out of bounds write vulnerability in Huawei Smartphone HUAWEI P30 versions 9.1.0.131(C00E130R1P21) when processing a message. An unauthenticated attacker can exploit this vulnerability by ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:86 | 回复:0
  • CVE-2021-22327
    CVE漏洞
    CVE-2021-22327
    There is an arbitrary memory write vulnerability in Huawei smart phone when processing file parsing. Due to insufficient validation of the input files, successful exploit could cause certain service a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:34 | 回复:0
  • CVE-2021-30169
    CVE漏洞
    CVE-2021-30169
    The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant user’s credential.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:22 | 回复:0
  • CVE-2021-30168
    CVE漏洞
    CVE-2021-30168
    The sensitive information of webcam device is not properly protected. Remote attackers can unauthentically grant administrator’s credential and further control the devices.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:16 | 回复:0
  • CVE-2021-30167
    CVE漏洞
    CVE-2021-30167
    The manage users profile services of the network camera device allows an authenticated. Remote attackers can modify URL parameters and further amend user’s information and escalate privileges to cont ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:30 | 回复:0
  • CVE-2021-30166
    CVE漏洞
    CVE-2021-30166
    The NTP Server configuration function of the IP camera device is not verified with special parameters. Remote attackers can perform a command Injection attack and execute arbitrary commands after logg ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:17 | 回复:0
  • CVE-2021-27648
    CVE漏洞
    CVE-2021-27648
    Externally controlled reference to a resource in another sphere in quarantine functionality in Synology Antivirus Essential before 1.4.8-2801 allows remote authenticated users to obtain privilege via ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:24 | 回复:0
  • CVE-2021-31866
    CVE漏洞
    CVE-2021-31866
    Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:15 | 回复:0
  • CVE-2021-31865
    CVE漏洞
    CVE-2021-31865
    Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:26 | 回复:0
  • CVE-2021-31864
    CVE漏洞
    CVE-2021-31864
    Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the add_issue_notes permission requirement by leveraging the incoming mail handler.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:11 | 回复:0
  • CVE-2021-31863
    CVE漏洞
    CVE-2021-31863
    Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:33 | 回复:0
  • CVE-2021-31779
    CVE漏洞
    CVE-2021-31779
    The yoast_seo (aka Yoast SEO) extension before 7.2.1 for TYPO3 allows SSRF via a backend user account.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:16 | 回复:0
  • CVE-2021-31778
    CVE漏洞
    CVE-2021-31778
    The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:5 | 回复:0
  • CVE-2021-31777
    CVE漏洞
    CVE-2021-31777
    The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:3 | 回复:0
  • CVE-2021-27933
    CVE漏洞
    CVE-2021-27933
    pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:13 | 回复:0
  • CVE-2021-31856
    CVE漏洞
    CVE-2021-31856
    A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPat ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:8 | 回复:0
  • CVE-2020-36326
    CVE漏洞
    CVE-2020-36326
    PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a funct ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:29 | 回复:0
  • CVE-2021-31815
    CVE漏洞
    CVE-2021-31815
    GAEN (aka Google/Apple Exposure Notifications) through 2021-04-27 on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (somet ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:27 | 回复:0
  • CVE-2021-3512
    CVE漏洞
    CVE-2021-3512
    Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:18 | 回复:0
  • CVE-2021-3511
    CVE漏洞
    CVE-2021-3511
    Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE fi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:12 | 回复:0
  • CVE-2021-20716
    CVE漏洞
    CVE-2021-20716
    Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:22 | 回复:0
  • CVE-2021-29476
    CVE漏洞
    CVE-2021-29476
    Requests is a HTTP library written in PHP. Requests mishandles deserialization in FilteredIterator. The issue has been patched and users of `Requests` 1.6.0, 1.6.1 and 1.7.0 should update to version 1 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:20 | 回复:0
  • CVE-2021-29472
    CVE漏洞
    CVE-2021-29472
    Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:13 | 回复:0
  • CVE-2021-29442
    CVE漏洞
    CVE-2021-29442
    Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, the ConfigOpsController lets the user perform management operations ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:30 | 回复:0
  • CVE-2021-29441
    CVE漏洞
    CVE-2021-29441
    Nacos is a platform designed for dynamic service discovery and configuration and service management. In Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=tru ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:41 | 回复:0
  • CVE-2021-30128
    CVE漏洞
    CVE-2021-30128
    Apache OFBiz has unsafe deserialization prior to 17.12.07 version……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:16 | 回复:0
  • CVE-2021-29460
    CVE漏洞
    CVE-2021-29460
    Kirby is an open source CMS. An editor with write access to the Kirby Panel can upload an SVG file that contains harmful content like `script` tags. The direct link to that file can be sent to other u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:23 | 回复:0
  • CVE-2021-29200
    CVE漏洞
    CVE-2021-29200
    Apache OFBiz has unsafe deserialization prior to 17.12.07 version An unauthenticated user can perform an RCE attack……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:17 | 回复:0
  • CVE-2021-21429
    CVE漏洞
    CVE-2021-21429
    OpenAPI Generator allows generation of API client libraries, server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creati ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:18 | 回复:0
  • CVE-2021-21365
    CVE漏洞
    CVE-2021-21365
    Bootstrap Package is a theme for TYPO3. It has been discovered that rendering content in the website frontend is vulnerable to cross-site scripting. A valid backend user account is needed to exploit t ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:14 | 回复:0
  • CVE-2021-30638
    CVE漏洞
    CVE-2021-30638
    Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomple ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:17 | 回复:0
  • CVE-2020-22001
    CVE漏洞
    CVE-2020-22001
    HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote con ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:18 | 回复:0
  • CVE-2020-22000
    CVE漏洞
    CVE-2020-22000
    HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell comma ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:26 | 回复:0
  • CVE-2020-21998
    CVE漏洞
    CVE-2020-21998
    In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirec ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:6 | 回复:0
  • CVE-2020-21989
    CVE漏洞
    CVE-2020-21989
    HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to ver ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:39 | 阅读:14 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap