漏洞 - 第93页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-43097

A Server-side Template Injection (SSTI) vulnerability exists in bbs 5.3 in TemplateManageAction.javawhich could let a malicoius user execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-26278

Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：55 | 回复：0
CVE漏洞

CVE-2017-20016

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Ports ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：59 | 回复：0
CVE漏洞

CVE-2017-20015

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in WEKA INTEREST Security Scanner up to 1.8. This affects an unknown part of the component LAN Viewer. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：60 | 回复：0
CVE漏洞

CVE-2017-20014

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in WEKA INTEREST Security Scanner up to 1.8. Affected by this issue is some unknown functionality o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：74 | 回复：0
CVE漏洞

CVE-2017-20013

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in WEKA INTEREST Security Scanner up to 1.8. Affected by this vulnerability is the Stresstest Configuration Handler. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：124 | 回复：0
CVE漏洞

CVE-2017-20012

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in WEKA INTEREST Security Scanner up to 1.8. Affected is Stresstest Scheme Handler which leads to a denial of s ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：270 | 回复：0
CVE漏洞

CVE-2017-20011

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WEKA INTEREST Security Scanner 1.8. It has been rated as problematic. This issue affects some unknown processing of the component HTTP Hand ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：116 | 回复：0
CVE漏洞

CVE-2010-10001

A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 10 ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：82 | 回复：0
CVE漏洞

CVE-2008-10001

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：80 | 回复：0
CVE漏洞

CVE-2005-10001

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：63 | 回复：0
CVE漏洞

CVE-2003-5003

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE漏洞

CVE-2003-5002

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has been declared as problematic. Affected by this vulnerability is the component Update Handler which allow ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：82 | 回复：0
CVE漏洞

CVE-2003-5001

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipula ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：154 | 回复：0
CVE漏洞

CVE-2022-27658

Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：98 | 回复：0
CVE漏洞

CVE-2022-26980

Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-1056

Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with comm ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-0751

Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users int ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-0738

An issue has been discovered in GitLab affecting all versions starting from 14.6 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. GitLab was ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-0735

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-0549

An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain condition ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-0488

An issue has been discovered in GitLab CE/EE affecting all versions starting with version 8.10. It was possible to trigger a timeout on a page with markdown by using a specific amount of block-quotes.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-0427

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leadin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-0371

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitL ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-0344

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private pr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：64 | 回复：0
CVE漏洞

CVE-2022-0283

An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the re ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：43 | 回复：0
CVE漏洞

CVE-2022-0249

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-0136

A vulnerability was discovered in GitLab versions 10.5 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1. GitLab was vulnerable to a blind SSRF attack through the Project Import feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：46 | 回复：0
CVE漏洞

CVE-2022-0123

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI serv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：63 | 回复：0
CVE漏洞

CVE-2021-4191

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumerat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-39876

In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee discloses the members of private groups.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-0846

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：45 | 回复：0
CVE漏洞

CVE-2022-0833

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the ref ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-0818

The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-0787

The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated u ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-0784

The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：61 | 回复：0
CVE漏洞

CVE-2022-0770

The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specifi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：93 | 回复：0
CVE漏洞

CVE-2022-0720

The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：130 | 回复：0
CVE漏洞

CVE-2022-0680

The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plz_configuration_tracker_enable option, which is then displayed in the admin panel without san ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：80 | 回复：0
CVE漏洞

CVE-2022-0679

The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX act ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：209 | 回复：0