映射到 CWE-287 的搜索结果 (1087)

CVE-2017-5192(发布:2017-09-26 10:29:00)NM
CVSS6.5

[原文]When using the local_batch client from salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, and 2016.11.x before 2016.11.2, external authentication is not respected, enabling all authentication to be bypassed.

CVE-2015-1187(发布:2017-09-21 12:29:00)NMCPS
CVSS10.0

[CNNVD]D-Link DIR-636L 命令注入漏洞和身份验证绕过漏洞--D-Link DIR-636L是友讯(D-Link)公司的一款无线路由器产品。 D-Link DIR-636L中存在命令注入漏洞和身份验证绕过漏洞。攻击者可利用这些漏洞执行任意命令,或绕过身份验证机制,获取受影响设备的完全控制权限,也可能造成拒绝服务。 ...

CVE-2014-9611(发布:2017-09-19 11:29:00)NMP
CVSS7.5

[原文]Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.

CVE-2014-9618(发布:2017-09-19 11:29:00)NMP
CVSS7.5

[原文]The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.

CVE-2017-9803(发布:2017-09-18 17:29:00)NMS
CVSS6.0

[原文]Solr's Kerberos plugin can be configured to use delegation tokens, which allows an application to reuse the authentication of an end-user or another application. There are two issues with this functionality (when using SecurityAwareZkACLProvider type of ACL provider e.g. SaslZkACLProvider). Firstly, access to the security configuration can be leaked to users other than the solr super user. Secondly, malicious users can exploit this leaked configuration for privilege escalation to further expose/modify private data and/or disrupt operations in the Solr cluster. The vulnerability is fixed from Solr 6.6.1 onwards.

CVE-2017-1520(发布:2017-09-12 17:29:00)NMS
CVSS4.3

[原文]IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.

首页上一页12345678下一页尾页 第2页 / 共182页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站