漏洞 - 第868页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-24161

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacke ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-24160

In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These fi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-24159

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPr ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-24158

Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-24157

Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-24156

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-24155

The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：7 | 回复：0
CVE漏洞

CVE-2021-24154

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：9 | 回复：0
CVE漏洞

CVE-2021-24153

A Stored Cross-Site Scripting vulnerability was discovered in the Yoast SEO WordPress plugin before 3.4.1, which had built-in blacklist filters which were blacklisting Parenthesis as well as several f ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-24152

The All Subscribers setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-24150

The LikeBtn WordPress Like Button Rating â™¥ LikeBtn WordPress plugin before 2.6.32 was vulnerable to Unauthenticated Full-Read Server-Side Request Forgery (SSRF).……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：10 | 回复：0
CVE漏洞

CVE-2020-4997

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：14 | 回复：0
CVE漏洞

CVE-2020-4792

IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cre ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：24 | 回复：0
CVE漏洞

CVE-2021-30109

Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-30058

Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST&#3 ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-30057

A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in /restful-services/2.0/analyticalDrivers via the 'LABEL' and 'NAME' p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：6 | 回复：0
CVE漏洞

CVE-2021-30056

Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-30055

A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-29996

Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-29261

The unofficial Svelte extension before 104.8.0 for Visual Studio Code allows attackers to execute arbitrary code via a crafted workspace configuration.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-28832

VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：22 | 回复：0
CVE漏洞

CVE-2021-30127

TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the It is only available on the l ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-21533

Wyse Management Suite versions up to 3.2 contains a vulnerability wherein a malicious authenticated user can cause a denial of service in the job status retrieval page, also affecting other users that ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：10 | 回复：0
CVE漏洞

CVE-2021-21532

Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：8 | 回复：0
CVE漏洞

CVE-2021-21529

Dell System Update (DSU) 1.9 and earlier versions contain a denial of service vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to caus ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-30074

docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the character.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：15 | 回复：0
CVE漏洞

CVE-2020-27600

HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：20 | 回复：0
CVE漏洞

CVE-2021-30126

Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP passwor ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：11 | 回复：0
CVE漏洞

CVE-2021-30125

Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：16 | 回复：0
CVE漏洞

CVE-2021-30072

An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-28941

Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpie_debug.php or /scripts/magpie_simple.php page, it's ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：15 | 回复：0
CVE漏洞

CVE-2021-28940

Because of a incorrect escaped exec command in MagpieRSS in 0.72 in the /extlib/Snoopy.class.inc file, it is possible to add a extra command to the curl binary. This creates an issue on the /scripts/m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-21590

Directory traversal in coreframe/app/template/admin/index.php in WUZHI CMS 4.1.0 allows attackers to list files in arbitrary directories via the dir parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-21588

Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a denial or service (crash) via a long string in the Setup-Users-Username editbox.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：16 | 回复：0
CVE漏洞

CVE-2020-21585

Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：14 | 回复：0
CVE漏洞

CVE-2021-3374

Directory traversal in RStudio Shiny Server before 1.5.16 allows attackers to read the application source code, involving an encoded slash.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-29661

Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：21 | 回复：0
CVE漏洞

CVE-2021-29660

A Cross-Site Request Forgery (CSRF) vulnerability in en/cfg_setpwd.html in Softing AG OPC Toolbox through 4.10.1.13035 allows attackers to reset the administrative password by inducing the Administrat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：13 | 回复：0
CVE漏洞

CVE-2021-27973

SQL injection exists in Piwigo before 11.4.0 via the language parameter to admin.php?page=languages.……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：17 | 回复：0
CVE漏洞

CVE-2021-1879

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 10:29 | 阅读：22 | 回复：0