CVE漏洞

OStack程序员社区-中国程序员成长平台 › 门户 › 漏洞›CVE漏洞

RSS

CVE-2022-29620

** DISPUTED ** FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：63 | 回复：0
CVE-2022-30466

joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：82 | 回复：0
CVE-2022-31470

An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：138 | 回复：0
CVE-2022-24065

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed t ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：282 | 回复：0
CVE-2019-25062

A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. A ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：137 | 回复：0
CVE-2019-25063

A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Loc ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：120 | 回复：0
CVE-2020-36543

A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is poss ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：73 | 回复：0
CVE-2020-36544

A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. Th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：55 | 回复：0
CVE-2022-1703

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote c ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：60 | 回复：0
CVE-2022-21122

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：64 | 回复：0
CVE-2017-20017

A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：57 | 回复：0
CVE-2022-0779

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate th ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：48 | 回复：0
CVE-2022-0788

The WP Fundraising Donation and Crowdfunding Platform WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：59 | 回复：0
CVE-2022-1005

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：58 | 回复：0
CVE-2022-1241

The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：57 | 回复：0
CVE-2022-1394

The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scriptin ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：62 | 回复：0
CVE-2022-1421

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：67 | 回复：0
CVE-2022-1422

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：73 | 回复：0
CVE-2022-1424

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：76 | 回复：0
CVE-2022-1469

The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks whe ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：179 | 回复：0
CVE-2022-1506

The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：91 | 回复：0
CVE-2022-1541

The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilte ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：66 | 回复：0
CVE-2022-1569

The Drag Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：49 | 回复：0
CVE-2022-1570

The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：38 | 回复：0
CVE-2022-1577

The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：31 | 回复：0
CVE-2022-1597

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Refle ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：41 | 回复：0
CVE-2022-1598

The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：39 | 回复：0
CVE-2022-1647

The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：40 | 回复：0
CVE-2022-1673

The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vuln ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：44 | 回复：0
CVE-2022-1683

The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authen ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：46 | 回复：0
CVE-2022-1684

The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：60 | 回复：0
CVE-2022-1685

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to a ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：50 | 回复：0
CVE-2022-1686

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQ ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：67 | 回复：0
CVE-2022-1687

The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL In ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：67 | 回复：0
CVE-2022-1688

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：117 | 回复：0
CVE-2022-1689

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL inje ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：172 | 回复：0
CVE-2022-1690

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：92 | 回复：0
CVE-2022-1691

The Realty Workstation WordPress plugin through 1.0.6 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injec ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：75 | 回复：0
CVE-2022-1692

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the is embed, allowing ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：64 | 回复：0
CVE-2022-1695

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbit ...……

作者：菜鸟教程小白 | 时间：2022-6-23 09:03 | 阅读：62 | 回复：0