• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号
登陆 注册
描述文字
OGeek|极客世界-中国程序员成长平台 门户 漏洞

漏洞

RSS

下级分类:

  • CVE-2020-26155
    CVE漏洞
    CVE-2020-26155
    Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with Read/Write permissions for authenticated users, which allows for binaries to be manipulated by non-admini ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:31 | 回复:0
  • CVE-2021-28796
    CVE漏洞
    CVE-2021-28796
    Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:34 | 回复:0
  • CVE-2021-28794
    CVE漏洞
    CVE-2021-28794
    The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:29 | 回复:0
  • CVE-2021-28792
    CVE漏洞
    CVE-2021-28792
    The unofficial Swift Development Environment extension before 2.12.1 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted sourc ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:29 | 回复:0
  • CVE-2021-28791
    CVE漏洞
    CVE-2021-28791
    The unofficial SwiftFormat extension before 1.3.7 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftformat.path configu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:30 | 回复:0
  • CVE-2021-28790
    CVE漏洞
    CVE-2021-28790
    The unofficial SwiftLint extension before 1.4.5 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted swiftlint.path configurati ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:30 | 回复:0
  • CVE-2021-28789
    CVE漏洞
    CVE-2021-28789
    The unofficial apple/swift-format extension before 1.1.2 for Visual Studio Code allows remote attackers to execute arbitrary code by constructing a malicious workspace with a crafted apple-swift-forma ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:20 | 回复:0
  • CVE-2021-28145
    CVE漏洞
    CVE-2021-28145
    Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:21 | 回复:0
  • CVE-2021-26216
    CVE漏洞
    CVE-2021-26216
    SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:33 | 回复:0
  • CVE-2021-26215
    CVE漏洞
    CVE-2021-26215
    SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:18 | 回复:0
  • CVE-2021-27306
    CVE漏洞
    CVE-2021-27306
    An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.2.0 allows unauthenticated users access to authenticated routes without a valid token JWT.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:19 | 回复:0
  • CVE-2021-26935
    CVE漏洞
    CVE-2021-26935
    In WoWonder 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:39 | 回复:0
  • CVE-2021-24149
    CVE漏洞
    CVE-2021-24149
    Unvalidated input in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.6, did not sanitise the mec POST parameter in the mec_fes_form AJAX action when logged in as an author+, lea ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:36 | 回复:0
  • CVE-2021-24148
    CVE漏洞
    CVE-2021-24148
    A business logic issue in the MStore API WordPress plugin, versions before 3.2.0, had an authentication bypass with Sign In With Apple allowing unauthenticated users to recover an authentication cooki ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:30 | 回复:0
  • CVE-2021-24147
    CVE漏洞
    CVE-2021-24147
    Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:32 | 回复:0
  • CVE-2021-24146
    CVE漏洞
    CVE-2021-24146
    Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to export ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:27 | 回复:0
  • CVE-2021-24145
    CVE漏洞
    CVE-2021-24145
    Arbitrary file upload in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly check the imported file, allowing PHP ones to be uploaded by administrator by using ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:43 | 回复:0
  • CVE-2021-24144
    CVE漏洞
    CVE-2021-24144
    Unvalidated input in the Contact Form 7 Database Addon plugin, versions before 1.2.5.6, was prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:30 | 回复:0
  • CVE-2021-24143
    CVE漏洞
    CVE-2021-24143
    Unvalidated input in the AccessPress Social Icons plugin, versions before 1.8.1, did not sanitise its widget attribute, allowing accounts with post permission, such as author, to perform SQL injection ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:281 | 回复:0
  • CVE-2021-24142
    CVE漏洞
    CVE-2021-24142
    Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its Redirect From column when importing a CSV file, allowing high privilege user ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:47 | 回复:0
  • CVE-2021-24141
    CVE漏洞
    CVE-2021-24141
    Unvaludated input in the Advanced Database Cleaner plugin, versions before 3.0.2, lead to SQL injection allowing high privilege users (admin+) to perform SQL attacks.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:32 | 回复:0
  • CVE-2021-24140
    CVE漏洞
    CVE-2021-24140
    Unvalidated input in the Ajax Load More WordPress plugin, versions before 5.3.2, lead to SQL Injection in POST /wp-admin/admin-ajax.php with param repeater=' or sleep(5)#type=test.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:35 | 回复:0
  • CVE-2021-24139
    CVE漏洞
    CVE-2021-24139
    Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:40 | 回复:0
  • CVE-2021-24138
    CVE漏洞
    CVE-2021-24138
    Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param id. This requires an admin privileged user.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:29 | 回复:0
  • CVE-2021-24137
    CVE漏洞
    CVE-2021-24137
    Unvalidated input in the Blog2Social WordPress plugin, versions before 6.3.1, lead to SQL Injection in the Re-Share Posts feature, allowing authenticated users to inject arbitrary SQL commands.……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:37 | 回复:0
  • CVE-2021-24136
    CVE漏洞
    CVE-2021-24136
    Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to in ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:62 | 回复:0
  • CVE-2021-24135
    CVE漏洞
    CVE-2021-24135
    Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:37 | 回复:0
  • CVE-2021-24134
    CVE漏洞
    CVE-2021-24134
    Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-pr ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:30 | 回复:0
  • CVE-2021-24133
    CVE漏洞
    CVE-2021-24133
    Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to attacker ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:24 | 回复:0
  • CVE-2021-24132
    CVE漏洞
    CVE-2021-24132
    The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:22 | 回复:0
  • CVE-2021-24131
    CVE漏洞
    CVE-2021-24131
    Unvalidated input in the Anti-Spam by CleanTalk WordPress plugin, versions before 5.149, lead to multiple authenticated SQL injection vulnerabilities, however, it requires high privilege user (admin+) ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:30 | 回复:0
  • CVE-2021-24130
    CVE漏洞
    CVE-2021-24130
    Unvalidated input in the WP Google Map Plugin WordPress plugin, versions before 4.1.5, in the Manage Locations page within the plugin settings was vulnerable to SQL Injection through a high privileged ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:33 | 回复:0
  • CVE-2021-24129
    CVE漏洞
    CVE-2021-24129
    Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:24 | 回复:0
  • CVE-2021-24128
    CVE漏洞
    CVE-2021-24128
    Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacke ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:50 | 回复:0
  • CVE-2021-24127
    CVE漏洞
    CVE-2021-24127
    Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS) ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:33 | 回复:0
  • CVE-2021-24126
    CVE漏洞
    CVE-2021-24126
    Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:49 | 回复:0
  • CVE-2021-24125
    CVE漏洞
    CVE-2021-24125
    Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privileg ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:28 | 回复:0
  • CVE-2021-24124
    CVE漏洞
    CVE-2021-24124
    Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:52 | 回复:0
  • CVE-2021-24123
    CVE漏洞
    CVE-2021-24123
    Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privileg ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:44 | 回复:0
  • CVE-2021-28133
    CVE漏洞
    CVE-2021-28133
    Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a u ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 09:50 | 阅读:32 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap