CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-31301

Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：28 | 回复：0
CVE-2022-32545

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：58 | 回复：0
CVE-2022-32546

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：30 | 回复：0
CVE-2022-32547

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. W ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：35 | 回复：0
CVE-2020-35597

Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_up ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：29 | 回复：0
CVE-2022-24562

In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the vict ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：55 | 回复：0
CVE-2022-27511

Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to co ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：73 | 回复：0
CVE-2022-27512

Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：16 | 回复：0
CVE-2022-31464

Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：18 | 回复：0
CVE-2022-31295

An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2020-25459

An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2020-28865

An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2021-33295

Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2021-36608

Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2021-36609

Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2021-37764

Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2021-46820

Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2018-18907

An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sendi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-26173

JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-31299

Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-33739

CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：7 | 回复：0
CVE-2022-33750

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-33751

CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：7 | 回复：0
CVE-2022-33752

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-33753

CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-33754

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-33755

CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-33756

CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-30325

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-30326

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the b ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：6 | 回复：0
CVE-2022-30327

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP ad ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：7 | 回复：0
CVE-2022-30328

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2022-30329

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary she ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：8 | 回复：0
CVE-2018-25040

A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to priv ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：9 | 回复：0
CVE-2018-25041

A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalat ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：10 | 回复：0
CVE-2018-25042

A vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is reco ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：11 | 回复：0
CVE-2018-25043

A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：10 | 回复：0
CVE-2018-25044

A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：11 | 回复：0
CVE-2019-12352

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：11 | 回复：0
CVE-2019-12353

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:06 | 阅读：11 | 回复：0