CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-25487

Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：70 | 回复：0
CVE-2022-25488

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：77 | 回复：0
CVE-2022-25489

Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the A parameter in /widgets/debug.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：62 | 回复：0
CVE-2022-25490

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：71 | 回复：0
CVE-2022-25491

HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：67 | 回复：0
CVE-2022-25492

HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：71 | 回复：0
CVE-2022-25493

HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：72 | 回复：0
CVE-2022-25494

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：74 | 回复：0
CVE-2022-25495

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：76 | 回复：0
CVE-2022-25497

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：84 | 回复：0
CVE-2022-25498

CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：76 | 回复：0
CVE-2021-45848

Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a nul ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：73 | 回复：0
CVE-2021-29134

The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：86 | 回复：0
CVE-2022-23989

In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturati ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：94 | 回复：0
CVE-2022-26206

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：105 | 回复：0
CVE-2022-26207

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：121 | 回复：0
CVE-2022-26208

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：128 | 回复：0
CVE-2022-26209

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：341 | 回复：0
CVE-2022-26210

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：218 | 回复：0
CVE-2022-26211

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：171 | 回复：0
CVE-2022-26212

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：131 | 回复：0
CVE-2022-26213

Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to exe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：96 | 回复：0
CVE-2022-26214

Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：76 | 回复：0
CVE-2022-26990

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddres ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：61 | 回复：0
CVE-2022-26991

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This v ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：67 | 回复：0
CVE-2022-26992

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostNam ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：61 | 回复：0
CVE-2022-26993

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePass ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：50 | 回复：0
CVE-2022-26994

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPass ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：50 | 回复：0
CVE-2022-26995

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. Thi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：50 | 回复：0
CVE-2022-26996

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：47 | 回复：0
CVE-2022-26997

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：42 | 回复：0
CVE-2022-26998

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：41 | 回复：0
CVE-2022-26999

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：38 | 回复：0
CVE-2022-27000

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：39 | 回复：0
CVE-2022-27001

Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：47 | 回复：0
CVE-2022-27002

Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：41 | 回复：0
CVE-2022-27003

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. T ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：53 | 回复：0
CVE-2022-27004

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：30 | 回复：0
CVE-2022-27005

Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：36 | 回复：0
CVE-2020-36519

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed m ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:53 | 阅读：47 | 回复：0