• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2021-24263
    CVE漏洞
    CVE-2021-24263
    The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:12 | 回复:0
  • CVE-2021-24262
    CVE漏洞
    CVE-2021-24262
    The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contrib ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:23 | 回复:0
  • CVE-2021-24261
    CVE漏洞
    CVE-2021-24261
    The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:29 | 回复:0
  • CVE-2021-24260
    CVE漏洞
    CVE-2021-24260
    The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:14 | 回复:0
  • CVE-2021-24259
    CVE漏洞
    CVE-2021-24259
    The “Elementor Addon Elements” WordPress Plugin before 1.11.2 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a s ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:22 | 回复:0
  • CVE-2021-24258
    CVE漏洞
    CVE-2021-24258
    The Elements Kit Lite and Elements Kit Pro WordPress Plugins before 2.2.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:12 | 回复:0
  • CVE-2021-24257
    CVE漏洞
    CVE-2021-24257
    The “Premium Addons for Elementor” WordPress Plugin before 4.2.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:22 | 回复:0
  • CVE-2021-24256
    CVE漏洞
    CVE-2021-24256
    The “Elementor – Header, Footer Blocks Template” WordPress Plugin before 1.5.8 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:7 | 回复:0
  • CVE-2021-24255
    CVE漏洞
    CVE-2021-24255
    The Essential Addons for Elementor Lite WordPress Plugin before 4.5.4 has two widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, both via ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:6 | 回复:0
  • CVE-2021-32055
    CVE漏洞
    CVE-2021-32055
    Mutt 1.11.0 through 2.0.x before 2.0.7 (and NeoMutt 2019-10-25 through 2021-05-04) has a $imap_qresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set end ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:5 | 回复:0
  • CVE-2021-29489
    CVE漏洞
    CVE-2021-29489
    Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:5 | 回复:0
  • CVE-2021-29100
    CVE漏洞
    CVE-2021-29100
    A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:20 | 回复:0
  • CVE-2021-20401
    CVE漏洞
    CVE-2021-20401
    IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:22 | 回复:0
  • CVE-2021-20397
    CVE漏洞
    CVE-2021-20397
    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:24 | 回复:0
  • CVE-2020-5013
    CVE漏洞
    CVE-2020-5013
    IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:23 | 回复:0
  • CVE-2020-4993
    CVE漏洞
    CVE-2020-4993
    IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:8 | 回复:0
  • CVE-2020-4979
    CVE漏洞
    CVE-2020-4979
    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. I ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:24 | 回复:0
  • CVE-2020-4932
    CVE漏洞
    CVE-2020-4932
    IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, o ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:12 | 回复:0
  • CVE-2020-4929
    CVE漏洞
    CVE-2020-4929
    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:14 | 回复:0
  • CVE-2020-4883
    CVE漏洞
    CVE-2020-4883
    IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be used in further attacks against the system. IBM X-Force ID: 190907.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:11 | 回复:0
  • CVE-2021-31542
    CVE漏洞
    CVE-2021-31542
    In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:15 | 回复:0
  • CVE-2021-31518
    CVE漏洞
    CVE-2021-31518
    Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the devi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:9 | 回复:0
  • CVE-2021-31517
    CVE漏洞
    CVE-2021-31517
    Trend Micro Home Network Security 6.5.599 and earlier is vulnerable to a file-parsing vulnerability which could allow an attacker to exploit the vulnerability and cause a denial-of-service to the devi ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:12 | 回复:0
  • CVE-2020-13665
    CVE漏洞
    CVE-2020-13665
    Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:8 | 回复:0
  • CVE-2020-13664
    CVE漏洞
    CVE-2020-13664
    Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:15 | 回复:0
  • CVE-2020-13662
    CVE漏洞
    CVE-2020-13662
    Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:24 | 回复:0
  • CVE-2021-20254
    CVE漏洞
    CVE-2021-20254
    A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyon ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:17 | 回复:0
  • CVE-2020-13666
    CVE漏洞
    CVE-2020-13666
    Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API does not disable JSONP by default, allowing for an XSS attack. This issue affects: Drupal Drupal Core 7.x versions prior to 7.73; 8.8 ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:8 | 回复:0
  • CVE-2016-20010
    CVE漏洞
    CVE-2016-20010
    EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:6 | 回复:0
  • CVE-2021-29250
    CVE漏洞
    CVE-2021-29250
    BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:15 | 回复:0
  • CVE-2021-29248
    CVE漏洞
    CVE-2021-29248
    BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the Secure flag for a cookie.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:13 | 回复:0
  • CVE-2021-29247
    CVE漏洞
    CVE-2021-29247
    BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:6 | 回复:0
  • CVE-2021-29246
    CVE漏洞
    CVE-2021-29246
    BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special c ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:6 | 回复:0
  • CVE-2021-29245
    CVE漏洞
    CVE-2021-29245
    BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:11 | 回复:0
  • CVE-2021-31800
    CVE漏洞
    CVE-2021-31800
    Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ direct ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:5 | 回复:0
  • CVE-2021-25317
    CVE漏洞
    CVE-2021-25317
    A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:8 | 回复:0
  • CVE-2021-25319
    CVE漏洞
    CVE-2021-25319
    A Incorrect Default Permissions vulnerability in the packaging of virtualbox of openSUSE Factory allows local attackers in the vboxusers groupu to escalate to root. This issue affects: openSUSE Factor ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:19 | 回复:0
  • CVE-2020-36334
    CVE漏洞
    CVE-2020-36334
    themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by wiping the database.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:7 | 回复:0
  • CVE-2020-36333
    CVE漏洞
    CVE-2020-36333
    themegrill-demo-importer before 1.6.2 does not require authentication for wiping the database, because of a reset_wizard_actions hook.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:8 | 回复:0
  • CVE-2021-25179
    CVE漏洞
    CVE-2021-25179
    SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header.……
    作者:菜鸟教程小白 | 时间:2022-2-5 10:38 | 阅读:18 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap