CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-27289

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanL2TP. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：56 | 回复：0
CVE-2022-27290

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanDhcpplus. This vulnerability allows attackers to cause a Denial of Service (DoS) via the curTime parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：49 | 回复：0
CVE-2022-27291

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formdumpeasysetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the config.save_network ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：62 | 回复：0
CVE-2022-27292

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formLanguageChange. This vulnerability allows attackers to cause a Denial of Service (DoS) via the nextPage parameter ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：50 | 回复：0
CVE-2022-27293

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：51 | 回复：0
CVE-2022-27294

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formWlanWizardSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：48 | 回复：0
CVE-2022-27295

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formAdvanceSetup. This vulnerability allows attackers to cause a Denial of Service (DoS) via the webpage parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：55 | 回复：0
CVE-2022-27476

A cross-site scripting (XSS) vulnerability at /admin/goods/update in Newbee-Mall v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the goodsName para ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：56 | 回复：0
CVE-2022-27477

Newbee-Mall v1.0.0 was discovered to contain an arbitrary file upload via the Upload function at /admin/goods/edit.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：58 | 回复：0
CVE-2022-27958

Insecure permissions configured in the userid parameter at /user/getuserprofile of FEBS-Security v1.0 allows attackers to access and arbitrarily modify users' personal information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：60 | 回复：0
CVE-2022-27960

Insecure permissions configured in the user_id parameter at SysUserController.java of OFCMS v1.1.4 allows attackers to access and arbitrarily modify users' personal information.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：74 | 回复：0
CVE-2022-27961

A cross-site scripting (XSS) vulnerability at /ofcms/company-c-47 in OFCMS v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment text box.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：86 | 回复：0
CVE-2022-28893

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：87 | 回复：0
CVE-2021-32156

A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：84 | 回复：0
CVE-2021-32157

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：58 | 回复：0
CVE-2021-32158

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：58 | 回复：0
CVE-2021-32159

A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：62 | 回复：0
CVE-2021-32160

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：63 | 回复：0
CVE-2021-32161

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：50 | 回复：0
CVE-2021-32162

A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：48 | 回复：0
CVE-2022-0936

Cross-site Scripting (XSS) - Stored in GitHub repository autolab/autolab prior to 2.8.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：45 | 回复：0
CVE-2022-1045

Stored XSS viva .svg file upload in GitHub repository polonel/trudesk prior to v1.2.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：56 | 回复：0
CVE-2022-1252

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryptio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：60 | 回复：0
CVE-2022-0556

A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：68 | 回复：0
CVE-2022-1295

Prototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：50 | 回复：0
CVE-2022-1296

Out-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：69 | 回复：0
CVE-2022-1297

Out-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：83 | 回复：0
CVE-2022-26413

A command injection vulnerability in the CGI program of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0 could allow a local authenticated attacker to execute arbitrary OS commands on a vulnerable d ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：92 | 回复：0
CVE-2022-26414

A potential buffer overflow vulnerability was identified in some internal functions of Zyxel VMG3312-T20A firmware version 5.30(ABFX.5)C0, which could be exploited by a local authenticated attacker to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：101 | 回复：0
CVE-2022-27041

Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：94 | 回复：0
CVE-2022-27088

Ivanti DSM Remote = 6.3.1.1862 is vulnerable to an unquoted service path allowing local users to launch processes with elevated privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：83 | 回复：0
CVE-2022-27089

In Fujitsu PlugFree Network = 7.3.0.3, an Unquoted service path in PFNService.exe software allows a local attacker to potentially escalate privileges to system level.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：68 | 回复：0
CVE-2021-24986

The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Gri ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：74 | 回复：0
CVE-2021-24987

The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：48 | 回复：0
CVE-2021-25090

The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：47 | 回复：0
CVE-2021-34250

An issue was discovered in baijiacms v4. There is a CSRF vulnerability that can modify the store information and login password.……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：50 | 回复：0
CVE-2022-0246

The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by up ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：43 | 回复：0
CVE-2022-0271

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-S ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：41 | 回复：0
CVE-2022-0314

The Nimble Page Builder WordPress plugin before 3.2.2 does not sanitise and escape the preview-level-guid parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：43 | 回复：0
CVE-2022-0447

The Post Grid WordPress plugin before 2.1.16 does not sanitise and escape the post_types parameter before outputting it back in the response of the post_grid_update_taxonomies_terms_by_posttypes AJAX ...……

作者：菜鸟教程小白 | 时间：2022-6-23 10:12 | 阅读：38 | 回复：0