漏洞 - 第94页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2022-0647

The Bulk Creator WordPress plugin through 1.0.1 does not sanitize and escape the post_type parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：117 | 回复：0
CVE漏洞

CVE-2022-0643

The Bank Mellat WordPress plugin through 1.3.7 does not sanitize and escape the orderId parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：156 | 回复：0
CVE漏洞

CVE-2022-0641

The Popup Like box WordPress plugin before 3.6.1 does not sanitize and escape the ays_fb_tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：263 | 回复：0
CVE漏洞

CVE-2022-0621

The dTabs WordPress plugin through 1.4 does not sanitize and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：147 | 回复：0
CVE漏洞

CVE-2022-0620

The Delete Old Orders WordPress plugin through 0.2 does not sanitize and escape the date parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：118 | 回复：0
CVE漏洞

CVE-2022-0619

The Database Peek WordPress plugin through 1.2 does not sanitize and escape the match parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：125 | 回复：0
CVE漏洞

CVE-2022-0600

The Conference Scheduler WordPress plugin before 2.4.3 does not sanitize and escape the tab parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：157 | 回复：0
CVE漏洞

CVE-2022-0599

The Mapping Multiple URLs Redirect Same Page WordPress plugin through 5.8 does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page, leading to a Reflected Cross- ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：330 | 回复：0
CVE漏洞

CVE-2022-0595

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.3 allows SVG files to be uploaded by default via the dnd_codedropz_upload AJAX action, which could lead to Stored Cross-Site Script ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：171 | 回复：0
CVE漏洞

CVE-2022-0499

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：165 | 回复：0
CVE漏洞

CVE-2022-0493

The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files to be searched, allowing high privilege users such as admin to query arbitrary files on the web server ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：142 | 回复：0
CVE漏洞

CVE-2022-0479

The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：103 | 回复：0
CVE漏洞

CVE-2022-0450

The Menu Image, Icons made easy WordPress plugin before 3.0.8 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. As a result, any a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：87 | 回复：0
CVE漏洞

CVE-2022-0397

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (avai ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：82 | 回复：0
CVE漏洞

CVE-2022-0388

The Interactive Medical Drawing of Human Body WordPress plugin before 2.6 does not sanitise and escape the Link field, allowing high privilege users to perform Cross-Site Scripting attacks even when t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：73 | 回复：0
CVE漏洞

CVE-2021-25071

The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：72 | 回复：0
CVE漏洞

CVE-2021-25070

The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-25068

The Sync WooCommerce Product feed to Google Shopping WordPress plugin through 1.2.4 uses the 'feed_id' POST parameter which is not properly sanitized for use in a SQL statement, leading to a S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：71 | 回复：0
CVE漏洞

CVE-2021-25064

The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-25012

The Pz-LinkCard WordPress plugin through 2.4.4.4 does not sanitise and escape multiple parameters before outputting them back in admin dashboard pages, leading to Reflected Cross-Site Scripting issues……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：74 | 回复：0
CVE漏洞

CVE-2021-24978

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wp_ajax_nopriv prefix, making it available to un ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：101 | 回复：0
CVE漏洞

CVE-2021-24962

The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as low as Contributor to perform path traversal via a shortcode argument, which can then be used to uploa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-24746

The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the Enable 'More' icon option is enabled (whic ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：76 | 回复：0
CVE漏洞

CVE-2018-25030

A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：65 | 回复：0
CVE漏洞

CVE-2015-10002

A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is rec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-44124

Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-44103

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42192. Reason: This candidate is a duplicate of CVE-2021-42192. Notes: All CVE users should reference CVE-2021-42192 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：80 | 回复：0
CVE漏洞

CVE-2021-43721

Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : video src=x onerror=(function(){require('child_process') ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：62 | 回复：0
CVE漏洞

CVE-2022-23884

Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：70 | 回复：0
CVE漏洞

CVE-2022-0342

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：65 | 回复：0
CVE漏洞

CVE-2021-43725

There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：63 | 回复：0
CVE漏洞

CVE-2022-23882

TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-46434

** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by username enumeration in the /api /v3/auth interface. When a user login, the application returns different results depending on whe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-46433

In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：76 | 回复：0
CVE漏洞

CVE-2022-25757

In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：77 | 回复：0
CVE漏洞

CVE-2022-27950

In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：84 | 回复：0
CVE漏洞

CVE-2022-26273

EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：85 | 回复：0
CVE漏洞

CVE-2022-24303

Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-45491

3CX System through 2022-03-17 stores cleartext passwords in a database.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：55 | 回复：0
CVE漏洞

CVE-2021-45490

The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：51 | 回复：0