【安全通报】WebSphere 远程代码执行漏洞

WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。Accordion是使用在其中的一个用于创建响应式内容的插件。 WordPress Accordion 2.2.9之前版本中的AJAX wp_ajax_accordions_ajax_import_json操作存在跨站脚本漏洞。攻击者可利用该漏洞导入新的折叠面板并向其中注入恶意的JavaScript代码。 来源:MISC 链接:https://wordpress.org/plugins/accordions/#developers 来源:MISC 链接:https://www. Source link

This security advisory describes one low risk vulnerability. 1) Insufficiently Protected Credentials Severity: Low CVSSv3:...

来源:CONFIRM 链接:http://www.openwall.com/lists/oss-security/2020/05/28/1 来源:MISC 链接:https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03983.html 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-13361 来源:vigilance.fr 链接:https://vigilance.fr/vulnerability/QEMU-denial-of-service-via-the-es1370-device-driver-32352 Source link

|漏洞详情 Vivotek CC9381-HV等都是中国台湾晶睿通讯（Vivotek）公司的一款网络摄像机。 使用XXXXX-VVTK-2.2002.xx.01x之前版本和XXXXX-VVTK-0XXXX_Beta2之前版本固件的多款Vivotek产品中的Web服务的testserver.cgi存在安全漏洞。攻击者可利用该漏洞从摄像机的本地文件系统中获取任意文件。以下产品及版本受到影响：Vivotek CC9381-HV；FD9360-H；FD9368-HTV；FD9380-H；FD9388-HTV等。 |参考资料 来源:CONFIRM 链接:http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2020-001-v1.pdf 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-11949 Source link

来源:XF 链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/175484 来源:CONFIRM 链接:https://www.ibm.com/support/pages/node/6207913 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-4248 来源:www.ibm.com 链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-a-security-vulnerability-cve-2020-4248/ Source link

来源:MISC 链接:https://sysdream.com/news/lab/2020-05-13-cve-2020-10946-several-cross-site-scripting-xss-vulnerabilities-in-centreon/ 来源:nvd.nist.gov 链接:https://nvd.nist.gov/vuln/detail/CVE-2020-10946 来源:vigilance.fr 链接:https://vigilance.fr/vulnerability/Centreon-Web-Cross-Site-Scripting-via-widgets-32355 Source link