漏洞 - 第928页-OStack程序员社区-中国程序员成长平台

OStack程序员社区-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-3110

The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products parameter.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：70 | 回复：0
CVE漏洞

CVE-2021-23326

This affects the package @graphql-tools/git-loader before 6.2.6. The use of exec and execSync in packages/loaders/git/src/load-git.ts allows arbitrary command injection.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-35217

Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token i ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：47 | 回复：0
CVE漏洞

CVE-2021-3137

XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：25 | 回复：0
CVE漏洞

CVE-2020-27852

A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-27851

Multiple stored HTML injection vulnerabilities in the poll and quiz features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-27850

A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-13134

Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be trigge ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-13133

Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to stored XSS. The successful exploitation requires admin privileges (for storing the XSS payload itself), and can exploit (be trigge ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：46 | 回复：0
CVE漏洞

CVE-2020-25385

Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/configure/create_snapshot through the snapshot_name parameter, which may impact users who open a malicio ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：43 | 回复：0
CVE漏洞

CVE-2020-19364

OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-19363

Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：35 | 回复：0
CVE漏洞

CVE-2020-19362

Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-19361

Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-19360

Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-29598

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Notes: none.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：39 | 回复：0
CVE漏洞

CVE-2020-28707

The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting (XSS) via stockdio_chart_historical-wp.js in wp-content/plugins/stockdio-historical-chart/assets/ be ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：32 | 回复：0
CVE漏洞

CVE-2020-27269

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measure ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：36 | 回复：0
CVE漏洞

CVE-2016-20009

** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no lo ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：60 | 回复：0
CVE漏洞

CVE-2021-22714

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the m ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：43 | 回复：0
CVE漏洞

CVE-2021-22713

A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION8650, ION8800, ION7650, ION7700/73xx, and ION83xx/84xx/85xx/8600 (see security n ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-22712

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-22711

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-22710

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-22709

A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：64 | 回复：0
CVE漏洞

CVE-2021-20261

A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：60 | 回复：0
CVE漏洞

CVE-2020-36277

Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：49 | 回复：0
CVE漏洞

CVE-2020-29045

The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdm_cart cookie in load_cart_from_cookie in incl ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：38 | 回复：0
CVE漏洞

CVE-2020-14989

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows CSRF if the attacker uses GET where POST was intended.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：58 | 回复：0
CVE漏洞

CVE-2020-14988

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elem ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：68 | 回复：0
CVE漏洞

CVE-2020-14987

An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administ ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：52 | 回复：0
CVE漏洞

CVE-2021-28144

prog.cgi on D-Link DIR-3060 devices before 1.11b04 HF2 allows remote authenticated users to inject arbitrary commands in an admin or root context because SetVirtualServerSettings calls CheckArpTables, ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：69 | 回复：0
CVE漏洞

CVE-2021-28141

** DISPUTED ** An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：115 | 回复：0
CVE漏洞

CVE-2021-28088

Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the Display Name field.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：71 | 回复：0
CVE漏洞

CVE-2021-27679

Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：54 | 回复：0
CVE漏洞

CVE-2021-27678

Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：57 | 回复：0
CVE漏洞

CVE-2021-27677

Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-26776

CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：53 | 回复：0
CVE漏洞

CVE-2021-21381

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the file forwardin ...……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：56 | 回复：0
CVE漏洞

CVE-2021-27085

Internet Explorer Remote Code Execution Vulnerability……

作者：菜鸟教程小白 | 时间：2022-2-5 09:46 | 阅读：48 | 回复：0