漏洞 - 第95页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-44617

A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-44213

OX App Suite through 7.10.5 allows XSS via uuencoding in a multipart/alternative message.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-44212

OX App Suite through 7.10.5 allows XSS via a trailing control character such as the SCRIPT\t substring.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：49 | 回复：0
CVE漏洞

CVE-2022-26271

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url parameter at \index\controller\Download.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：51 | 回复：0
CVE漏洞

CVE-2022-26268

Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：54 | 回复：0
CVE漏洞

CVE-2022-26259

A buffer over flow in Xiongmai DVR devices NBD80X16S-KL, NBD80X09S-KL, NBD80X08S-KL, NBD80X09RA-KL, AHB80X04R-MH, AHB80X04R-MH-V2, AHB80X04-R-MH-V3, AHB80N16T-GS, AHB80N32F4-LME, and NBD90S0VT-QW allo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-44211

OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-44210

OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：51 | 回复：0
CVE漏洞

CVE-2021-44209

OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-44208

OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：36 | 回复：0
CVE漏洞

CVE-2021-26601

ImpressCMS before 1.4.3 allows libraries/image-editor/image-edit.php image_temp Directory Traversal.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-26600

ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-26599

ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-26598

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：52 | 回复：0
CVE漏洞

CVE-2022-26258

D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：40 | 回复：0
CVE漏洞

CVE-2022-26255

Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-44127

In DLink DAP-1360 F1 firmware version =v6.10 in the webupg binary, an attacker can use the file parameter to execute arbitrary system commands when the parameter is name=deleteFile after being authori ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-26254

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：38 | 回复：0
CVE漏洞

CVE-2022-26252

aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-26245

Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：39 | 回复：0
CVE漏洞

CVE-2022-1106

use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：47 | 回复：0
CVE漏洞

CVE-2022-27948

** DISPUTED ** Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：44 | 回复：0
CVE漏洞

CVE-2022-26205

Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via inje ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-26620

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-26200

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：36 | 回复：0
CVE漏洞

CVE-2022-26198

Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-27947

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-27946

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-27945

NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to passwor ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：35 | 回复：0
CVE漏洞

CVE-2022-27943

libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：34 | 回复：0
CVE漏洞

CVE-2022-27942

tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：26 | 回复：0
CVE漏洞

CVE-2022-27941

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in common/get.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：27 | 回复：0
CVE漏洞

CVE-2022-27940

tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：37 | 回复：0
CVE漏洞

CVE-2022-27939

tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：28 | 回复：0
CVE漏洞

CVE-2022-27938

stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：30 | 回复：0
CVE漏洞

CVE-2022-1071

User after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：33 | 回复：0
CVE漏洞

CVE-2022-22995

The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：32 | 回复：0
CVE漏洞

CVE-2022-22274

A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-40906

CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdo ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：38 | 回复：0
CVE漏洞

CVE-2021-40905

The web management console of CheckMK Enterprise Edition (versions 1.5.0 to 2.0.0p9) does not properly sanitise the uploading of .mkp files, which are Extension Packages, making remote code execution ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:56 | 阅读：36 | 回复：0