漏洞 - 第849页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-3017

The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-30459

A SQL Injection issue in the SQL Panel in Jazzband Django Debug Toolbar before 1.11.1, 2.x before 2.2.1, and 3.x before 3.2.1 allows attackers to execute SQL statements by changing the raw_sql input f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-29654

AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-28484

An issue was discovered in the /api/connector endpoint handler in Yubico yubihsm-connector before 3.0.1 (in YubiHSM SDK before 2021.04). The handler did not validate the length of the request, which c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-27710

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS command ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-26031

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate filters on module layout settings could lead to an LFI.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-26030

An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-35660

Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal page.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：24 | 回复：0
CVE漏洞

CVE-2020-28124

Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-28856

In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：19 | 回复：0
CVE漏洞

CVE-2021-28855

In Deark before 1.5.8, a specially crafted input file can cause a NULL pointer dereference in the dbuf_write function (src/deark-dbuf.c).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-28826

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Bridge - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Bri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-28825

The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition and TIBCO Messaging - Eclipse Mosquitto Distribution - Core ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-28060

A Server-Side Request Forgery (SSRF) vulnerability in Group Office 6.4.196 allows a remote attacker to forge GET requests to arbitrary URLs via the url parameter to group/api/upload.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-35419

Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：13 | 回复：0
CVE漏洞

CVE-2020-35418

Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-27708

Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS command ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-27260

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-27259

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code o ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-27258

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2020.2. Authentication is not required to exploit this vulnerability. T ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-27253

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-27252

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：5 | 回复：0
CVE漏洞

CVE-2021-27251

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Authentication is not required to exploit this vulnerability The sp ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-27250

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to ex ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-27249

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：31 | 回复：0
CVE漏洞

CVE-2021-27248

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit th ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-27247

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerabili ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-27246

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 1.0.15 routers. Authentication is not required to exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-30494

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-30493

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-28098

An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and wri ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-27707

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/portMappingIndex request. This occurs because the f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-27706

Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/IPMacBindIndex request. This occurs because ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-27705

Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/qosIndex request. This occurs because the formQOSRu ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-27608

An unquoted service path in SAPSetup, version - 9.0, could lead to privilege escalation during the installation process that is performed when an executable file is registered. This could further lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：18 | 回复：0
CVE漏洞

CVE-2021-27604

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-27599

SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain condi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：12 | 回复：0
CVE漏洞

CVE-2021-27130

Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-25314

A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise H ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：22 | 回复：0
CVE漏洞

CVE-2020-29593

An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed fil ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:34 | 阅读：21 | 回复：0