CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-29599

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：26 | 回复：0
CVE-2022-1810

Improper Access Control in GitHub repository publify/publify prior to 9.2.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：21 | 回复：0
CVE-2022-1816

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：35 | 回复：0
CVE-2022-1817

A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：35 | 回复：0
CVE-2022-0900

A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's aciklama parameter could allow anyone to gain users' session informations.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：39 | 回复：0
CVE-2022-28997

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：60 | 回复：0
CVE-2022-28998

Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：54 | 回复：0
CVE-2021-41714

In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, lar ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：51 | 回复：0
CVE-2022-1811

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：59 | 回复：0
CVE-2022-28932

D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：50 | 回复：0
CVE-2022-29004

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：73 | 回复：0
CVE-2022-29005

Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a craf ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：79 | 回复：0
CVE-2022-30014

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：89 | 回复：0
CVE-2022-30016

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：110 | 回复：0
CVE-2022-30017

Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：129 | 回复：0
CVE-2022-28944

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping M ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：275 | 回复：0
CVE-2021-32935

The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and loc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：155 | 回复：0
CVE-2021-32941

Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitr ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：102 | 回复：0
CVE-2021-42233

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：83 | 回复：0
CVE-2022-31466

Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system fi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：104 | 回复：0
CVE-2022-31467

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：77 | 回复：0
CVE-2021-32958

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, su ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：76 | 回复：0
CVE-2022-1467

Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：52 | 回复：0
CVE-2022-31487

Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：56 | 回复：0
CVE-2022-31488

Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：62 | 回复：0
CVE-2022-31489

Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：70 | 回复：0
CVE-2022-28999

Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：62 | 回复：0
CVE-2022-29002

A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：234 | 回复：0
CVE-2022-29376

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the direct ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：132 | 回复：0
CVE-2022-30015

In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：108 | 回复：0
CVE-2022-29377

Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：148 | 回复：0
CVE-2022-0734

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：317 | 回复：0
CVE-2022-0910

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：138 | 回复：0
CVE-2022-29305

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：91 | 回复：0
CVE-2022-29309

mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：68 | 回复：0
CVE-2022-31263

app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：63 | 回复：0
CVE-2022-1819

A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input scriptal ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：62 | 回复：0
CVE-2022-1837

A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input ?php php ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：65 | 回复：0
CVE-2022-1838

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：60 | 回复：0
CVE-2022-1839

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:38 | 阅读：67 | 回复：0