CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-2131

OpenKM Community Edition in its 6.3.10 version and before was using XMLReader parser in XMLTextExtractor.java file without the required security flags, allowing an attacker to perform a XML external e ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：924 | 回复：0
CVE-2022-33965

Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin = 5.7 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：699 | 回复：0
CVE-2022-34961

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：859 | 回复：0
CVE-2022-34963

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1081 | 回复：0
CVE-2022-34964

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：875 | 回复：0
CVE-2022-35649

The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running Gh ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1147 | 回复：0
CVE-2022-35650

The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allow ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：968 | 回复：0
CVE-2022-35651

A stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can trick the victim to follo ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：728 | 回复：0
CVE-2022-35652

An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：695 | 回复：0
CVE-2022-35653

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the vic ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：988 | 回复：0
CVE-2022-24083

Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：832 | 回复：0
CVE-2022-34965

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1046 | 回复：0
CVE-2022-24992

A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1500 | 回复：0
CVE-2022-2032

In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administ ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1000 | 回复：0
CVE-2022-2059

In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administ ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：737 | 回复：0
CVE-2022-33969

Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin = 2.6.0 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：788 | 回复：0
CVE-2022-34962

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1946 | 回复：0
CVE-2022-35284

IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1165 | 回复：0
CVE-2022-35285

IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the we ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1030 | 回复：0
CVE-2022-35287

IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to exter ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：972 | 回复：0
CVE-2022-35288

IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：840 | 回复：0
CVE-2022-22999

Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and injec ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：648 | 回复：0
CVE-2022-23000

The Western Digital My Cloud Web App uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1037 | 回复：0
CVE-2022-34966

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：661 | 回复：0
CVE-2022-35869

This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vuln ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1669 | 回复：0
CVE-2022-35870

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Although authentication is required to exploit thi ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1084 | 回复：0
CVE-2022-35871

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vul ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1129 | 回复：0
CVE-2022-35872

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulne ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1126 | 回复：0
CVE-2022-35873

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). User interaction is required to exploit this vulne ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1085 | 回复：0
CVE-2022-36375

Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin = 3.6.0 at WordPress.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：948 | 回复：0
CVE-2022-34906

A hard-coded cryptographic key is used in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to decrypt sensitive information saved in FileWave, and eve ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：854 | 回复：0
CVE-2022-34907

An authentication bypass vulnerability exists in FileWave before 14.6.3 and 14.7.x before 14.7.2. Exploitation could allow an unauthenticated actor to gain access to the system with the highest author ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1057 | 回复：0
CVE-2022-35131

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：687 | 回复：0
CVE-2022-34570

WAVLINK WN579 X3 M79X3.V5030.191012/M79X3.V5030.191012 contains an information leak which allows attackers to obtain the key information via accessing the messages.txt page.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1081 | 回复：0
CVE-2022-34571

An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the system key information and execute arbitrary commands via accessing the page syslog.shtm ...……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：752 | 回复：0
CVE-2022-34572

An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：692 | 回复：0
CVE-2022-34573

An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to arbitrarily configure device settings via accessing the page mb_wifibasic.shtml.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：1050 | 回复：0
CVE-2022-34574

An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing Tftpd32.ini.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：670 | 回复：0
CVE-2022-34575

An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：654 | 回复：0
CVE-2022-34576

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to execute arbitrary code via a crafted POST request.……

作者：菜鸟教程小白 | 时间：2022-7-29 17:19 | 阅读：766 | 回复：0