映射到 CWE-287 的搜索结果 (1141)

CVE-2014-6436(发布:2018-01-12 12:29:00)NMCS
CVSS10.0

[CNNVD]多款Aztech Modem Router产品会话劫持漏洞--Aztech Modem Routers是新加坡快捷达(Aztech)集团公司的一款Modem和路由器一体机产品。 多款Aztech Modem Routers产品中存在会话劫持漏洞。攻击者可利用该漏洞获取受影响设备的访问权限。

CVE-2017-3765(发布:2018-01-10 13:29:01)NMS
CVSS6.2

[原文]In Enterprise Networking Operating System (ENOS) in Lenovo and IBM RackSwitch and BladeCenter products, an authentication bypass known as "HP Backdoor" was discovered during a Lenovo security audit in the serial console, Telnet, SSH, and Web interfaces. This bypass mechanism can be accessed when performing local authentication under specific circumstances. If exploited, admin-level access to the switch is granted.

CVE-2018-3810(发布:2018-01-01 01:29:00)NMP
CVSS7.5

[原文]Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code.

CVE-2014-0121(发布:2017-12-29 17:29:00)NM
CVSS7.5

[原文]The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.

CVE-2015-6237(发布:2017-12-27 14:29:00)NMP
CVSS7.5

[原文]The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."

CVE-2015-7224(发布:2017-12-21 10:29:00)NM
CVSS7.5

[原文]puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.

首页上一页56789101112下一页尾页 第7页 / 共191页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站