• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2020-28020
    CVE漏洞
    CVE-2020-28020
    Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote attacker can execute arbitrary code by leveraging the mishandling of continuation lines during header- ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:19 | 回复:0
  • CVE-2020-28019
    CVE漏洞
    CVE-2020-28019
    Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption or other consequences. This occurs because use of certain getc functions is mishandled when a client ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:14 | 回复:0
  • CVE-2020-28018
    CVE漏洞
    CVE-2020-28018
    Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:19 | 回复:0
  • CVE-2020-28017
    CVE漏洞
    CVE-2020-28017
    Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of reso ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:21 | 回复:0
  • CVE-2020-28016
    CVE漏洞
    CVE-2020-28016
    Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because -F '' is mishandled by parse_fix_phrase.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:15 | 回复:0
  • CVE-2020-28015
    CVE漏洞
    CVE-2020-28015
    Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:21 | 回复:0
  • CVE-2020-28014
    CVE漏洞
    CVE-2020-28014
    Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:20 | 回复:0
  • CVE-2020-28013
    CVE漏洞
    CVE-2020-28013
    Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles -F '.(' on the command line, and thus may allow privilege escalation from any user to root. This occurs because of ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:18 | 回复:0
  • CVE-2020-28012
    CVE漏洞
    CVE-2020-28012
    Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:17 | 回复:0
  • CVE-2020-28011
    CVE漏洞
    CVE-2020-28011
    Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:17 | 回复:0
  • CVE-2020-28010
    CVE漏洞
    CVE-2020-28010
    Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:28 | 回复:0
  • CVE-2020-28009
    CVE漏洞
    CVE-2020-28009
    Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounded reads that are accompanied by unbounded increases in a certain size variable. NOTE: exploitation m ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:9 | 回复:0
  • CVE-2020-28008
    CVE漏洞
    CVE-2020-28008
    Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input sp ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:6 | 回复:0
  • CVE-2020-28007
    CVE漏洞
    CVE-2020-28007
    Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting criti ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:11 | 回复:0
  • CVE-2020-23128
    CVE漏洞
    CVE-2020-23128
    Chamilo LMS 1.11.10 does not properly manage privileges which could allow a user with Sessions administrator privilege to create a new user then use the edit user function to change this new user to a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:17 | 回复:0
  • CVE-2020-23127
    CVE漏洞
    CVE-2020-23127
    Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) via the edit_user function by targeting an admin user.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:17 | 回复:0
  • CVE-2020-19114
    CVE漏洞
    CVE-2020-19114
    SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:15 | 回复:0
  • CVE-2020-19113
    CVE漏洞
    CVE-2020-19113
    Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:11 | 回复:0
  • CVE-2020-19112
    CVE漏洞
    CVE-2020-19112
    SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:9 | 回复:0
  • CVE-2020-19111
    CVE漏洞
    CVE-2020-19111
    Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:21 | 回复:0
  • CVE-2020-19110
    CVE漏洞
    CVE-2020-19110
    SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:12 | 回复:0
  • CVE-2020-19109
    CVE漏洞
    CVE-2020-19109
    SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:11 | 回复:0
  • CVE-2020-19108
    CVE漏洞
    CVE-2020-19108
    SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:23 | 回复:0
  • CVE-2020-19107
    CVE漏洞
    CVE-2020-19107
    SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:21 | 回复:0
  • CVE-2021-31411
    CVE漏洞
    CVE-2021-31411
    Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:20 | 回复:0
  • CVE-2021-29101
    CVE漏洞
    CVE-2021-29101
    ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:34 | 回复:0
  • CVE-2021-24293
    CVE漏洞
    CVE-2021-24293
    In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings is able to inject malicious j ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:11 | 回复:0
  • CVE-2021-24276
    CVE漏洞
    CVE-2021-24276
    The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting is ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:16 | 回复:0
  • CVE-2021-24275
    CVE漏洞
    CVE-2021-24275
    The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:20 | 回复:0
  • CVE-2021-24274
    CVE漏洞
    CVE-2021-24274
    The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting is ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:13 | 回复:0
  • CVE-2021-24273
    CVE漏洞
    CVE-2021-24273
    The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:15 | 回复:0
  • CVE-2021-24272
    CVE漏洞
    CVE-2021-24272
    The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in us ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:12 | 回复:0
  • CVE-2021-24271
    CVE漏洞
    CVE-2021-24271
    The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all vi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:22 | 回复:0
  • CVE-2021-24270
    CVE漏洞
    CVE-2021-24270
    The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:16 | 回复:0
  • CVE-2021-24269
    CVE漏洞
    CVE-2021-24269
    The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:10 | 回复:0
  • CVE-2021-24268
    CVE漏洞
    CVE-2021-24268
    The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a si ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:10 | 回复:0
  • CVE-2021-24267
    CVE漏洞
    CVE-2021-24267
    The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:22 | 回复:0
  • CVE-2021-24266
    CVE漏洞
    CVE-2021-24266
    The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contri ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:28 | 回复:0
  • CVE-2021-24265
    CVE漏洞
    CVE-2021-24265
    The “Rife Elementor Extensions Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:17 | 回复:0
  • CVE-2021-24264
    CVE漏洞
    CVE-2021-24264
    The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all vi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:8 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap