• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号
登陆 注册
OStack程序员社区-中国程序员成长平台 门户 漏洞CVE漏洞

CVE漏洞

RSS
  • CVE-2022-28054
    CVE-2022-28054
    Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:23 | 回复:0
  • CVE-2022-28056
    CVE-2022-28056
    ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:23 | 回复:0
  • CVE-2022-28573
    CVE-2022-28573
    D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the syst ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:24 | 回复:0
  • CVE-2021-32500
    CVE-2021-32500
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:20 | 回复:0
  • CVE-2021-25002
    CVE-2021-25002
    The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to re ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:28 | 回复:0
  • CVE-2021-25086
    CVE-2021-25086
    The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cro ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:37 | 回复:0
  • CVE-2021-25102
    CVE-2021-25102
    The All In One WP Security Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:39 | 回复:0
  • CVE-2022-0191
    CVE-2022-0191
    The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:39 | 回复:0
  • CVE-2022-0418
    CVE-2022-0418
    The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:40 | 回复:0
  • CVE-2022-0428
    CVE-2022-0428
    The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-S ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:54 | 回复:0
  • CVE-2022-0649
    CVE-2022-0649
    The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disa ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:39 | 回复:0
  • CVE-2022-0662
    CVE-2022-0662
    The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capab ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:35 | 回复:0
  • CVE-2022-0771
    CVE-2022-0771
    The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated an ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:30 | 回复:0
  • CVE-2022-0773
    CVE-2022-0773
    The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:39 | 回复:0
  • CVE-2022-0783
    CVE-2022-0783
    The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to u ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:40 | 回复:0
  • CVE-2022-0952
    CVE-2022-0952
    The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:40 | 回复:0
  • CVE-2022-1046
    CVE-2022-1046
    The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form's 'Email to' field , which could allow high privilege users to perform Cross-Site Scripting atta ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:45 | 回复:0
  • CVE-2022-1239
    CVE-2022-1239
    The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) t ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:47 | 回复:0
  • CVE-2022-1250
    CVE-2022-1250
    The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:72 | 回复:0
  • CVE-2022-1255
    CVE-2022-1255
    The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:61 | 回复:0
  • CVE-2022-1269
    CVE-2022-1269
    The Fast Flow WordPress plugin before 1.2.11 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:102 | 回复:0
  • CVE-2022-1273
    CVE-2022-1273
    The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:115 | 回复:0
  • CVE-2022-1281
    CVE-2022-1281
    The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST parameter, which is appended to an SQL query, making SQL Injection attacks possible.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:80 | 回复:0
  • CVE-2022-1282
    CVE-2022-1282
    The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET variable, which is reflected back to the users when executing the editimage_bwg AJAX action.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:93 | 回复:0
  • CVE-2021-29859
    CVE-2021-29859
    IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:79 | 回复:0
  • CVE-2022-1366
    CVE-2022-1366
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve a ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:67 | 回复:0
  • CVE-2021-3643
    CVE-2021-3643
    A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensit ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:40 | 回复:0
  • CVE-2021-3750
    CVE-2021-3750
    A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted conte ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:40 | 回复:0
  • CVE-2022-1367
    CVE-2022-1367
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve an ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:42 | 回复:0
  • CVE-2022-1369
    CVE-2022-1369
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modi ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:36 | 回复:0
  • CVE-2022-1370
    CVE-2022-1370
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and mod ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:42 | 回复:0
  • CVE-2022-1371
    CVE-2022-1371
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:41 | 回复:0
  • CVE-2022-1372
    CVE-2022-1372
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and mod ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:46 | 回复:0
  • CVE-2022-1374
    CVE-2022-1374
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:64 | 回复:0
  • CVE-2022-1375
    CVE-2022-1375
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrie ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:55 | 回复:0
  • CVE-2022-1376
    CVE-2022-1376
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, ret ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:45 | 回复:0
  • CVE-2022-1377
    CVE-2022-1377
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retriev ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:45 | 回复:0
  • CVE-2022-1378
    CVE-2022-1378
    Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve ...……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:77 | 回复:0
  • CVE-2022-1475
    CVE-2022-1475
    An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:74 | 回复:0
  • CVE-2022-1515
    CVE-2022-1515
    A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS.……
    作者:菜鸟教程小白 | 时间:2022-6-23 09:32 | 阅读:71 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

加入Q群 官方微博
热门推荐
More+
专题导读
More+
热门话题
More+
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap