CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2021-46703

** UNSUPPORTED WHEN ASSIGNED ** In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：55 | 回复：0
CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocate ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：62 | 回复：0
CVE-2022-26496

In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO messa ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：59 | 回复：0
CVE-2021-46704

In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from ins ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：59 | 回复：0
CVE-2022-26505

A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：69 | 回复：0
CVE-2022-0869

Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：68 | 回复：0
CVE-2022-0868

Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：63 | 回复：0
CVE-2021-44748

A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：64 | 回复：0
CVE-2021-44749

A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web brows ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：87 | 回复：0
CVE-2022-0697

Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：73 | 回复：0
CVE-2022-0766

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：68 | 回复：0
CVE-2022-0767

Server-Side Request Forgery (SSRF) in GitHub repository janeczku/calibre-web prior to 0.6.17.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：78 | 回复：0
CVE-2021-24216

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：79 | 回复：0
CVE-2021-24777

The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：102 | 回复：0
CVE-2021-24778

The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：114 | 回复：0
CVE-2021-24810

The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even w ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：98 | 回复：0
CVE-2021-24821

The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator Price Set ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：86 | 回复：0
CVE-2021-24824

The shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lea ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：78 | 回复：0
CVE-2021-24825

The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v 4.0.1) or Admin+ (v 4.0.2) users to display arbi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：97 | 回复：0
CVE-2021-24826

The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v 4.0.1) or Admin+ (v 4.0.2) users to perform Cross-S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：128 | 回复：0
CVE-2021-24952

The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the sync_progressive_data parameter for the tvcajax_product_sync_bantch_wise AJAX action before using it in a SQL ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：218 | 回复：0
CVE-2021-24953

The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：137 | 回复：0
CVE-2021-24960

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 allows users with a role as low as Contributor to configure the upload form in a way ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：115 | 回复：0
CVE-2021-24961

The WordPress File Upload WordPress plugin before 4.16.3, wordpress-file-upload-pro WordPress plugin before 4.16.3 does not escape some of its shortcode argument, which could allow users with a role a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：99 | 回复：0
CVE-2021-25009

The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：120 | 回复：0
CVE-2021-25038

The WordPress Multisite User Sync/Unsync WordPress plugin before 2.1.2 does not sanitise and escape the wmus_source_blog and wmus_record_per_page parameters before outputting them back in attributes, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：151 | 回复：0
CVE-2021-25039

The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.0 does not sanitise and escape the wmcc_content_type, wmcc_source_blog and wmcc_record_per_page parameters before outputting ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：207 | 回复：0
CVE-2021-25087

The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：118 | 回复：0
CVE-2021-25098

The Pricing Tables WordPress Plugin WordPress plugin before 3.1.3 does not verify the CSRF nonce when removing posts, allowing attackers to make a logged in admin remove arbitrary posts from the blog ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：86 | 回复：0
CVE-2022-0163

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its rednao_smart_forms_entries_list AJAX action, allowing any authenticated users, such as subscriber, to download arbitra ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：83 | 回复：0
CVE-2022-0205

The YOP Poll WordPress plugin before 6.3.5 does not sanitise and escape some of the settings (available to users with a role as low as author) before outputting them, leading to a Stored Cross-Site Sc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：68 | 回复：0
CVE-2022-0267

The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action before using it in a SQL statement via the adrotate_request_action function available to admins, leading to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：67 | 回复：0
CVE-2022-0347

The LoginPress | Custom Login Page Customizer WordPress plugin before 1.5.12 does not escape the redirect-page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Sc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：65 | 回复：0
CVE-2022-0349

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nx_id parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：87 | 回复：0
CVE-2022-0384

The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：123 | 回复：0
CVE-2022-0389

The WP Time Slots Booking Form WordPress plugin before 1.1.63 does not sanitise and escape Calendar names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltere ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：100 | 回复：0
CVE-2022-0410

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and escape the id parameter before using it in a SQL statement via the refUrlDetails AJAX action, available ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:49 | 阅读：156 | 回复：0
CVE-2021-43619

Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：306 | 回复：0
CVE-2021-35036

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：261 | 回复：0
CVE-2021-4039

A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:48 | 阅读：285 | 回复：0