漏洞 - 第90页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-27432

A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to change the password of any given user by exploiting this feature leading to account takeover.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：76 | 回复：0
CVE漏洞

CVE-2022-26951

Archer 6.x through 6.10 (6.10.0.0) contains a reflected XSS vulnerability. A remote SAML-unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim applica ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-26950

Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-26949

Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain acc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-26948

The Archer RSS feed integration for Archer 6.x through 6.9 SP1 (6.9.1.0) is affected by an insecure credential storage vulnerability. A malicious attacker may obtain access to credential information t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：73 | 回复：0
CVE漏洞

CVE-2022-26947

Archer 6.x through 6.9 SP3 (6.9.3.0) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-26244

A stored cross-site scripting (XSS) vulnerability in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sp ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-41594

In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：46 | 回复：0
CVE漏洞

CVE-2015-3298

Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshel ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：58 | 回复：0
CVE漏洞

CVE-2022-26871

An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which could lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-21821

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-43118

A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING i ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-42911

A Format String vulnerability exists in DrayTek Vigor 2960 = 1.5.1.3, DrayTek Vigor 3900 = 1.5.1.3, and DrayTek Vigor 300B = 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-22948

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：48 | 回复：0
CVE漏洞

CVE-2022-1122

A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-43110

An Access Conrol vulnerability exists in PuneethReddyHC online-shopping-system as of 11/01/2021 in add_products.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：45 | 回复：0
CVE漏洞

CVE-2021-43109

An SQL Injection vulnerability exits in PuneethReddyHC online-shopping-system as of 11/01/2021 via the p parameter in product.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：46 | 回复：0
CVE漏洞

CVE-2021-42970

Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-27175

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：42 | 回复：0
CVE漏洞

CVE-2022-26887

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_loopmapHandler.ashx. This allows an attacker to inject arbitrary SQL queries, ret ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-26839

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-26836

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL quer ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-26667

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, r ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：53 | 回复：0
CVE漏洞

CVE-2022-26666

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-26514

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：55 | 回复：0
CVE漏洞

CVE-2022-26349

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL q ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-26338

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerPageP_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrie ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：66 | 回复：0
CVE漏洞

CVE-2022-26069

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：66 | 回复：0
CVE漏洞

CVE-2022-26065

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in GetLatestDemandNode. This allows an attacker to inject arbitrary SQL queries, retrieve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-26059

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-26013

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：71 | 回复：0
CVE漏洞

CVE-2022-25980

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：72 | 回复：0
CVE漏洞

CVE-2022-25880

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：79 | 回复：0
CVE漏洞

CVE-2022-25347

Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal attacks, which may allow an attacker to write arbitrary files to locations on the file system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：83 | 回复：0
CVE漏洞

CVE-2022-22941

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：59 | 回复：0
CVE漏洞

CVE-2022-22936

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-22935

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：55 | 回复：0
CVE漏洞

CVE-2022-22934

An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：83 | 回复：0
CVE漏洞

CVE-2022-1050

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potential ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:57 | 阅读：84 | 回复：0