漏洞 - 第981页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2020-10552

An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：50 | 回复：0
CVE漏洞

CVE-2020-10375

An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an obfuscated format that can be easily reversed. The file data.mdb contains these obfuscated passwords ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：56 | 回复：0
CVE漏洞

CVE-2020-9014

In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：53 | 回复：0
CVE漏洞

CVE-2020-18750

Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：64 | 回复：0
CVE漏洞

CVE-2020-10234

The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-26722

LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the No results found for message in the search bar.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-3382

Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-3258

Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：63 | 回复：0
CVE漏洞

CVE-2020-18737

An issue was discovered in Typora 0.9.67. There is an XSS vulnerability that causes Remote Code Execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-4832

IBM PowerHA 7.2 could allow a local attacker to obtain sensitive information from temporary directories after a discovery failure occurs. IBM X-Force ID: 189969.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-3333

Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-3311

An issue was discovered in October through build 471. It reactivates an old session ID (which had been invalid after a logout) once a new login occurs. NOTE: this violates the intended Auth/Manager.ph ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-26711

A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl paramet ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：67 | 回复：0
CVE漏洞

CVE-2021-26710

A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-26708

A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The rac ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-20652

Cross-site request forgery (CSRF) vulnerability in Name Directory 1.17.4 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：49 | 回复：0
CVE漏洞

CVE-2021-20623

Video Insight VMS versions prior to 7.8 allows a remote attacker to execute arbitrary code with the system user privilege by sending a specially crafted request.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE漏洞

CVE-2020-8807

In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged to obtain sensitive information about the relationship between a suspected victim's address and ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：66 | 回复：0
CVE漏洞

CVE-2020-8806

Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block heade ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：73 | 回复：0
CVE漏洞

CVE-2020-36241

autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other software, allows Directory Traversal during extraction because it lacks a check of whether a file&#3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：65 | 回复：0
CVE漏洞

CVE-2020-35765

doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：56 | 回复：0
CVE漏洞

CVE-2020-18717

SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：60 | 回复：0
CVE漏洞

CVE-2020-18716

SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：61 | 回复：0
CVE漏洞

CVE-2020-18715

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：48 | 回复：0
CVE漏洞

CVE-2020-18714

SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：56 | 回复：0
CVE漏洞

CVE-2020-18713

SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：51 | 回复：0
CVE漏洞

CVE-2020-10539

An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() function that, upon user login, checks the submitted password against the user password's MD5 hash s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：54 | 回复：0
CVE漏洞

CVE-2020-10538

An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 hashes in the database. MD5 can be brute-forced efficiently and should not be used for such purposes ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：52 | 回复：0
CVE漏洞

CVE-2020-10537

An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration is running on TCP port 4848. No password is required to access it with the administrator account.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：71 | 回复：0
CVE漏洞

CVE-2021-25249

An out-of-bounds write information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow a local ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：62 | 回复：0
CVE漏洞

CVE-2021-25248

An out-of-bounds read information disclosure vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security (10.0 SP1 and Services) could allow an attack ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-25246

An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG SP1, and Worry-Free Business Security could allow an unauthenticated user ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：50 | 回复：0
CVE漏洞

CVE-2021-25245

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of settings informaiton.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：66 | 回复：0
CVE漏洞

CVE-2021-25244

An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain various pieces of configuration informaiton.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-25243

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain patch le ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-25242

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain version ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-25241

A server-side request forgery (SSRF) information disclosure vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to locate online agents ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：58 | 回复：0
CVE漏洞

CVE-2021-25240

An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain x64 agen ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：68 | 回复：0
CVE漏洞

CVE-2021-25239

An improper access control vulnerability in Trend Micro Apex One (on-prem), OfficeScan XG SP1, and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information about ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：59 | 回复：0
CVE漏洞

CVE-2021-25238

An improper access control information disclosure vulnerability in Trend Micro OfficeScan XG SP1 and Worry-Free Business Security 10.0 SP1 could allow an unauthenticated user to obtain information abo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:38 | 阅读：43 | 回复：0