请选择 进入手机版 | 继续访问电脑版
  • 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

漏洞

RSS

下级分类:

  • CVE-2020-36276
    CVE-2020-36276
    ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.……
    作者:菜鸟教程小白 | 时间:2022-9-23 21:05 | 阅读:435 | 回复:0
  • CVE-2022-36676
    CVE-2022-36676
    Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:58 | 阅读:294 | 回复:0
  • CVE-2022-36674
    CVE-2022-36674
    Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:58 | 阅读:308 | 回复:0
  • CVE-2022-36672
    CVE-2022-36672
    Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:58 | 阅读:308 | 回复:0
  • CVE-2022-36671
    CVE-2022-36671
    Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:58 | 阅读:306 | 回复:0
  • CVE-2022-36675
    CVE-2022-36675
    Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:58 | 阅读:234 | 回复:0
  • CVE-2022-36449
    CVE-2022-36449
    An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of b ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:57 | 阅读:344 | 回复:0
  • CVE-2022-36130
    CVE-2022-36130
    HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized u ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:57 | 阅读:250 | 回复:0
  • CVE-2022-37130
    CVE-2022-37130
    In D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be execu ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:57 | 阅读:293 | 回复:0
  • CVE-2022-37129
    CVE-2022-37129
    D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and fina ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:57 | 阅读:260 | 回复:0
  • CVE-2022-37123
    CVE-2022-37123
    D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:57 | 阅读:312 | 回复:0
  • CVE-2022-36619
    CVE-2022-36619
    In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:57 | 阅读:306 | 回复:0
  • CVE-2022-37125
    CVE-2022-37125
    D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:57 | 阅读:275 | 回复:0
  • CVE-2022-36051
    CVE-2022-36051
    ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:57 | 阅读:219 | 回复:0
  • CVE-2022-36620
    CVE-2022-36620
    D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/addRouting.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:56 | 阅读:294 | 回复:0
  • CVE-2022-36203
    CVE-2022-36203
    Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:56 | 阅读:246 | 回复:0
  • CVE-2022-36202
    CVE-2022-36202
    Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:56 | 阅读:299 | 回复:0
  • CVE-2022-36201
    CVE-2022-36201
    Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:56 | 阅读:252 | 回复:0
  • CVE-2022-2898
    CVE-2022-2898
    Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:56 | 阅读:270 | 回复:0
  • CVE-2022-2897
    CVE-2022-2897
    Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation..……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:56 | 阅读:258 | 回复:0
  • CVE-2022-2896
    CVE-2022-2896
    Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:56 | 阅读:288 | 回复:0
  • CVE-2022-2894
    CVE-2022-2894
    Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:56 | 阅读:278 | 回复:0
  • CVE-2022-2895
    CVE-2022-2895
    Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:56 | 阅读:220 | 回复:0
  • CVE-2022-2892
    CVE-2022-2892
    Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:55 | 阅读:260 | 回复:0
  • CVE-2022-36582
    CVE-2022-36582
    An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:55 | 阅读:287 | 回复:0
  • CVE-2022-36581
    CVE-2022-36581
    Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:55 | 阅读:281 | 回复:0
  • CVE-2022-36580
    CVE-2022-36580
    An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:55 | 阅读:319 | 回复:0
  • CVE-2022-36571
    CVE-2022-36571
    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:55 | 阅读:267 | 回复:0
  • CVE-2022-36570
    CVE-2022-36570
    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:55 | 阅读:248 | 回复:0
  • CVE-2022-36569
    CVE-2022-36569
    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:55 | 阅读:257 | 回复:0
  • CVE-2022-36568
    CVE-2022-36568
    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:55 | 阅读:237 | 回复:0
  • CVE-2022-34383
    CVE-2022-34383
    Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to b ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:54 | 阅读:248 | 回复:0
  • CVE-2022-34373
    CVE-2022-34373
    Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerab ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:54 | 阅读:232 | 回复:0
  • CVE-2022-1841
    CVE-2022-1841
    In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:54 | 阅读:280 | 回复:0
  • CVE-2022-36048
    CVE-2022-36048
    Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview vi ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:54 | 阅读:178 | 回复:0
  • CVE-2022-31233
    CVE-2022-31233
    Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and acc ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:54 | 阅读:160 | 回复:0
  • CVE-2022-37128
    CVE-2022-37128
    In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:54 | 阅读:164 | 回复:0
  • CVE-2022-36046
    CVE-2022-36046
    Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v1 ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:54 | 阅读:152 | 回复:0
  • CVE-2022-38812
    CVE-2022-38812
    AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:53 | 阅读:192 | 回复:0
  • CVE-2022-38153
    CVE-2022-38153
    An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 ...……
    作者:菜鸟教程小白 | 时间:2022-9-18 10:53 | 阅读:215 | 回复:0

关注我们

极客给你想要的成长

关注极客中国获取最新资讯

热门推荐
    热门话题
    阅读排行榜

    扫描微信二维码

    查看手机版网站

    随时了解更新最新资讯

    139-2527-9053

    在线客服(服务时间 9:00~18:00)

    在线QQ客服
    地址:深圳市南山区西丽大学城创智工业园
    电邮:jeky_zhao#qq.com
    移动电话:139-2527-9053

    Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap