映射到 CWE-287 的搜索结果 (1175)

CVE-2018-6547(发布:2018-04-13 12:29:01)NM
CVSS9.4

[原文]plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, contains an HTTP message parsing function that takes a user-defined path and writes non-user controlled data as SYSTEM to the file when the extract_files parameter is used. This occurs without properly authenticating the user.

CVE-2017-0356(发布:2018-04-13 11:29:00)NMPS
CVSS7.5

[原文]A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.

CVE-2016-9646(发布:2018-04-13 11:29:00)NMP
CVSS5.0

[原文]ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.

CVE-2014-3999(发布:2018-04-10 11:29:00)NMC
CVSS6.8

[CNNVD]Horde Horde_Ldap 身份验证绕过漏洞--Horde是美国Horde公司的一套基于PHP的Web应用框架。Horde_Ldap是其中的一个用于连接到LDAP服务器的模块。 Horde Horde_Ldap 2.6.0之前的版本中存在身份验证绕过漏洞。攻击者可利用该漏洞绕过身份验证机制,执行未授权操作。 ...

CVE-2016-8380(发布:2018-04-05 12:29:00)NM
CVSS7.5

[原文]The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.

CVE-2016-8371(发布:2018-04-05 12:29:00)NM
CVSS7.5

[原文]The web server in Phoenix Contact ILC PLCs can be accessed without authenticating even if the authentication mechanism is enabled.

首页上一页345678910下一页尾页 第5页 / 共196页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站