• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2022-22427
    CVE-2022-22427
    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:17 | 阅读:141 | 回复:0
  • CVE-2022-22441
    CVE-2022-22441
    IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:17 | 阅读:152 | 回复:0
  • CVE-2022-22443
    CVE-2022-22443
    IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:17 | 阅读:181 | 回复:0
  • CVE-2022-27860
    CVE-2022-27860
    Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge's Footer Text plugin = 2.0.3 on WordPress.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:17 | 阅读:173 | 回复:0
  • CVE-2022-28892
    CVE-2022-28892
    Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:17 | 阅读:206 | 回复:0
  • CVE-2022-29415
    CVE-2022-29415
    Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin = 2.16 at WordPress.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:17 | 阅读:146 | 回复:0
  • CVE-2022-29584
    CVE-2022-29584
    Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:17 | 阅读:191 | 回复:0
  • CVE-2022-29410
    CVE-2022-29410
    Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin = 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (ids).……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:17 | 阅读:126 | 回复:0
  • CVE-2022-29411
    CVE-2022-29411
    SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin = 3.1.6 on WordPress allows attackers to execute SQLi attack via (id).……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:17 | 阅读:131 | 回复:0
  • CVE-2022-0879
    CVE-2022-0879
    The Caldera Forms WordPress plugin before 1.9.7 does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:13 | 回复:0
  • CVE-2022-1037
    CVE-2022-1037
    The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which could lead to a blind SSRF issue by using local URLs……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:23 | 回复:0
  • CVE-2022-1054
    CVE-2022-1054
    The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:24 | 回复:0
  • CVE-2022-1063
    CVE-2022-1063
    The Thank Me Later WordPress plugin through 3.3.4 does not sanitise and escape the Message Subject field before outputting it in the Messages list, which could allow high privileges users such as admi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:22 | 回复:0
  • CVE-2022-1088
    CVE-2022-1088
    The Page Security Membership WordPress plugin through 1.5.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scrip ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:21 | 回复:0
  • CVE-2022-1090
    CVE-2022-1090
    The Good Bad Comments WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:25 | 回复:0
  • CVE-2022-1091
    CVE-2022-1091
    The sanitisation step of the Safe SVG WordPress plugin before 1.9.10 can be bypassed by spoofing the content-type in the POST request to upload a file. Exploiting this vulnerability, an attacker will ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:28 | 回复:0
  • CVE-2022-1112
    CVE-2022-1112
    The Autolinks WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, and does not sanitise as well as escape them, which could allow attackers to perform Stored C ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:39 | 回复:0
  • CVE-2022-24859
    CVE-2022-24859
    PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can cr ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:65 | 回复:0
  • CVE-2022-24863
    CVE-2022-24863
    http-swagger is an open source wrapper to automatically generate RESTful API documentation with Swagger 2.0. In versions of http-swagger prior to 1.2.6 an attacker may perform a denial of service atta ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:53 | 回复:0
  • CVE-2022-29457
    CVE-2022-29457
    Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:53 | 回复:0
  • CVE-2022-29458
    CVE-2022-29458
    ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:55 | 回复:0
  • CVE-2022-24841
    CVE-2022-24841
    fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without team ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:36 | 回复:0
  • CVE-2022-29464
    CVE-2022-29464
    Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:57 | 回复:0
  • CVE-2022-28108
    CVE-2022-28108
    Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:28 | 回复:0
  • CVE-2022-1065
    CVE-2022-1065
    A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-0 ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:30 | 回复:0
  • CVE-2022-0645
    CVE-2022-0645
    Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:27 | 回复:0
  • CVE-2021-41570
    CVE-2021-41570
    Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:27 | 回复:0
  • CVE-2021-43129
    CVE-2021-43129
    A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right cl ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:25 | 回复:0
  • CVE-2022-26593
    CVE-2022-26593
    Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:30 | 回复:0
  • CVE-2022-26595
    CVE-2022-26595
    Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authentic ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:27 | 回复:0
  • CVE-2022-27927
    CVE-2022-27927
    A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vu ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:26 | 回复:0
  • CVE-2022-29315
    CVE-2022-29315
    Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:31 | 回复:0
  • CVE-2021-44519
    CVE-2021-44519
    In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:34 | 回复:0
  • CVE-2022-29153
    CVE-2022-29153
    HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:49 | 回复:0
  • CVE-2021-39033
    CVE-2021-39033
    IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message i ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:60 | 回复:0
  • CVE-2021-39072
    CVE-2021-39072
    IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulner ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:55 | 回复:0
  • CVE-2021-39076
    CVE-2021-39076
    IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:51 | 回复:0
  • CVE-2021-39078
    CVE-2021-39078
    IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:67 | 回复:0
  • CVE-2022-25648
    CVE-2022-25648
    The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = 'origin', opts = {}) function, the remote parameter is passed to t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:138 | 回复:0
  • CVE-2022-27055
    CVE-2022-27055
    ** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 10:16 | 阅读:161 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap