• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

CVE漏洞

RSS
  • CVE-2021-25013
    CVE-2021-25013
    The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:50 | 回复:0
  • CVE-2021-25015
    CVE-2021-25015
    The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:52 | 回复:0
  • CVE-2021-25017
    CVE-2021-25017
    The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:54 | 回复:0
  • CVE-2021-25028
    CVE-2021-25028
    The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:46 | 回复:0
  • CVE-2021-25031
    CVE-2021-25031
    The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attribu ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:54 | 回复:0
  • CVE-2021-25035
    CVE-2021-25035
    The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:54 | 回复:0
  • CVE-2021-25045
    CVE-2021-25045
    The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:48 | 回复:0
  • CVE-2021-25049
    CVE-2021-25049
    The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfilt ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:40 | 回复:0
  • CVE-2021-25062
    CVE-2021-25062
    The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:59 | 回复:0
  • CVE-2021-25073
    CVE-2021-25073
    The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:50 | 回复:0
  • CVE-2021-25074
    CVE-2021-25074
    The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:38 | 回复:0
  • CVE-2021-25076
    CVE-2021-25076
    The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:52 | 回复:0
  • CVE-2021-25078
    CVE-2021-25078
    The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perfo ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:50 | 回复:0
  • CVE-2021-25079
    CVE-2021-25079
    The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:59 | 回复:0
  • CVE-2021-25080
    CVE-2021-25080
    The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attac ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:43 | 回复:0
  • CVE-2021-25083
    CVE-2021-25083
    The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cros ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:51 | 回复:0
  • CVE-2022-0269
    CVE-2022-0269
    Cross-Site Request Forgery (CSRF) in Packagist yetiforce/yetiforce-crm prior to 6.3.0.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:40 | 回复:0
  • CVE-2021-44981
    CVE-2021-44981
    In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shell_exec(''); function without properly sanitizing any shell argum ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:53 | 回复:0
  • CVE-2022-22296
    CVE-2022-22296
    Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:41 | 回复:0
  • CVE-2021-40596
    CVE-2021-40596
    SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:51 | 回复:0
  • CVE-2021-40907
    CVE-2021-40907
    SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/L ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:55 | 回复:0
  • CVE-2021-40908
    CVE-2021-40908
    SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:53 | 回复:0
  • CVE-2022-23437
    CVE-2022-23437
    There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, w ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:47 | 回复:0
  • CVE-2021-40909
    CVE-2021-40909
    Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:40 | 回复:0
  • CVE-2021-41471
    CVE-2021-41471
    SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:42 | 回复:0
  • CVE-2021-41472
    CVE-2021-41472
    SQL injection vulnerability in Sourcecodester Simple Membership System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password parameters.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:49 | 回复:0
  • CVE-2021-4088
    CVE-2021-4088
    SQL injection vulnerability in Data Loss Protection (DLP) ePO extension 11.8.x prior to 11.8.100, 11.7.x prior to 11.7.101, and 11.6.401 allows a remote authenticated attacker to inject unfiltered SQL ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:59 | 回复:0
  • CVE-2021-41658
    CVE-2021-41658
    Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:55 | 回复:0
  • CVE-2021-35005
    CVE-2021-35005
    This vulnerability allows local attackers to disclose sensitive information on affected installations of TeamViewer. An attacker must first obtain the ability to execute low-privileged code on the tar ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:48 | 回复:0
  • CVE-2021-41659
    CVE-2021-41659
    SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:52 | 回复:0
  • CVE-2021-41660
    CVE-2021-41660
    SQL injection vulnerability in Sourcecodester Patient Appointment Scheduler System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username and password fields to login.php ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:57 | 回复:0
  • CVE-2021-41929
    CVE-2021-41929
    Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:69 | 回复:0
  • CVE-2021-41928
    CVE-2021-41928
    SQL injection in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) 1.0 by oretnom23, allows attackers to execute arbitrary code via the rid parameter to the view_recipe page.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:44 | 回复:0
  • CVE-2021-41930
    CVE-2021-41930
    Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/add ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:49 | 回复:0
  • CVE-2021-42168
    CVE-2021-42168
    Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:69 | 回复:0
  • CVE-2021-43420
    CVE-2021-43420
    SQL injection vulnerability in Login.php in Sourcecodester Online Payment Hub v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:44 | 回复:0
  • CVE-2022-23126
    CVE-2022-23126
    TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occur ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:51 | 回复:0
  • CVE-2020-17383
    CVE-2020-17383
    A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify config ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:43 | 回复:0
  • CVE-2021-36342
    CVE-2021-36342
    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:47 | 回复:0
  • CVE-2021-36343
    CVE-2021-36343
    Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM ...……
    作者:菜鸟教程小白 | 时间:2022-2-5 13:07 | 阅读:45 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
专题导读
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap