CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-1792

The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：15 | 回复：0
CVE-2022-1793

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and mak ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2022-1800

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injectio ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2022-1814

The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：18 | 回复：0
CVE-2022-1822

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitiz ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2022-1900

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it p ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：19 | 回复：0
CVE-2022-1918

The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：22 | 回复：0
CVE-2022-1985

The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：22 | 回复：0
CVE-2022-2065

Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：23 | 回复：0
CVE-2022-2066

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：21 | 回复：0
CVE-2022-2067

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：31 | 回复：0
CVE-2022-31041

Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensi ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：29 | 回复：0
CVE-2022-31398

A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email nam ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：30 | 回复：0
CVE-2022-31400

A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email n ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：27 | 回复：0
CVE-2022-0209

The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping on the a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：23 | 回复：0
CVE-2022-1654

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the abb_uninstall_tem ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：23 | 回复：0
CVE-2022-1657

Vulnerable versions of the Jupiter (= 6.10.1) and JupiterX (= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：20 | 回复：0
CVE-2022-1658

Vulnerable versions of the Jupiter Theme (= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registere ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：19 | 回复：0
CVE-2022-1659

Vulnerable versions of the JupiterX Core (= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2022-1749

The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：16 | 回复：0
CVE-2022-1750

The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization an ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：16 | 回复：0
CVE-2022-1768

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpma ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：16 | 回复：0
CVE-2022-1820

The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and ou ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：17 | 回复：0
CVE-2022-1961

The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options` parameter found in the `~/public/frontend.php` f ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-1969

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the ad ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：14 | 回复：0
CVE-2022-24077

Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：13 | 回复：0
CVE-2022-29244

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=name`). Anyone who has run `npm pack` ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-30308

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-web-viewer-request-on POST request doesnâ€™t check for port syntax. This can result in unauthorized execu ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-30309

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-web-viewer-request-off POST request doesnâ€™t check for port syntax. This can result in unauthorized exec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-30310

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-acknerr-request POST request doesnâ€™t check for port syntax. This can result in unauthorized execution o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-30311

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint cecc-x-refresh-request POST request doesnâ€™t check for port syntax. This can result in unauthorized execution o ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2021-46814

The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-31751

The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-31755

The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2022-31756

The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-31758

The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-31759

AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-31762

The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：11 | 回复：0
CVE-2022-31763

The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0
CVE-2021-46811

HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:04 | 阅读：10 | 回复：0