CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-27992

Zoo Management System v1.0 was discovered to contain a SQL injection vulnerability at /public_html/animals via the class_id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：85 | 回复：0
CVE-2022-28000

Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：156 | 回复：0
CVE-2022-28001

Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：100 | 回复：0
CVE-2022-28002

Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure vulnerability via /index.php?page=home.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：75 | 回复：0
CVE-2021-46436

An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：53 | 回复：0
CVE-2021-46437

An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：52 | 回复：0
CVE-2021-46367

RiteCMS version 3.1.0 and below suffers from a remote code execution vulnerability in the admin panel. An authenticated attacker can upload a PHP file and bypass the .htacess configuration to deny exe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：44 | 回复：0
CVE-2022-24229

A cross-site scripting (XSS) vulnerability in ONLYOFFICE Document Server Example before v7.0.0 allows remote attackers inject arbitrary HTML or JavaScript through /example/editor.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：57 | 回复：0
CVE-2021-41715

libsixel 1.10.0 is vulnerable to Use after free in libsixel/src/dither.c:379.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：52 | 回复：0
CVE-2022-27044

libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：46 | 回复：0
CVE-2022-27046

libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：50 | 回复：0
CVE-2020-4668

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute maliciou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：52 | 回复：0
CVE-2021-40656

libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：54 | 回复：0
CVE-2021-43483

An Access Control vulnerability exists in CLARO KAON CG3000 1.00.67 in the router configuration, which could allow a malicious user to read or update the configuraiton without authentication.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：59 | 回复：0
CVE-2021-43521

A Buffer Overflow vulnerability exists in zlog 1.2.15 via zlog_conf_build_with_file in src/zlog/src/conf.c.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：55 | 回复：0
CVE-2022-22339

IBM Planning Analytics 2.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network e ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：63 | 回复：0
CVE-2022-27047

mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：70 | 回复：0
CVE-2022-27145

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：65 | 回复：0
CVE-2022-27146

GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：73 | 回复：0
CVE-2022-27147

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：80 | 回复：0
CVE-2022-27148

GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：153 | 回复：0
CVE-2021-43515

CSV Injection (aka Excel Macro Injection or Formula Injection) exists in creating new timesheet in Kimai. By filling the Description field with malicious payload, it will be mistreated while exporting ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：156 | 回复：0
CVE-2021-43517

FOSCAM Camera FI9805E with firmware V4.02.R12.00018510.10012.143900.00000 contains a backdoor that opens Telnet port when special command is sent on port 9530.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：304 | 回复：0
CVE-2021-43503

A Remote Code Execution (RCE) vulnerability exists in h laravel 5.8.38 via an unserialize pop chain in (1) __destruct in \Routing\PendingResourceRegistration.php, (2) __cal in Queue\Capsule\Manager.ph ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：134 | 回复：0
CVE-2022-1283

NULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：109 | 回复：0
CVE-2022-27152

Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：98 | 回复：0
CVE-2021-43498

An Access Control vulnerability exists in ATutor 2.2.4 in password_reminder.php when the g, id, h, form_password_hidden, and form_change HTTP POST parameters are set.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：90 | 回复：0
CVE-2022-1284

heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：102 | 回复：0
CVE-2022-24821

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Progr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：82 | 回复：0
CVE-2021-36287

Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：76 | 回复：0
CVE-2021-36288

Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：82 | 回复：0
CVE-2021-36290

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：74 | 回复：0
CVE-2021-36293

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：94 | 回复：0
CVE-2021-43009

A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：70 | 回复：0
CVE-2022-22563

Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：53 | 回复：0
CVE-2022-24428

Dell PowerScale OneFS, versions 8.2.x, 9.0.0.x, 9.1.0.x, 9.2.0.x, 9.2.1.x, and 9.3.0.x, contain an improper preservation of privileges. A remote filesystem user with a local account could potentially ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：53 | 回复：0
CVE-2022-24819

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to us ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：50 | 回复：0
CVE-2022-24820

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：39 | 回复：0
CVE-2022-26851

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：40 | 回复：0
CVE-2022-26852

Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：37 | 回复：0