映射到 CWE-434 的搜索结果 (35)

CVE-2011-4334(发布:2017-10-23 14:29:00)NMOE
CVSS6.5

[原文]edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.

CVE-2014-2664(发布:2017-10-17 11:29:00)NMCS
CVSS6.5

[CNNVD]X2CRM‘ProfileController.php’任意文件上传漏洞--X2Engine X2CRM是美国X2Engine公司的一套开源的客户关系管理系统(CRM)。该系统提供生成销售报价、制定销售流程和快速查看联系人等功能。 X2CRM 3.7.3、3.7.4及3.7.5版本中存在任意文件上传漏洞,该漏洞源于程序没有充分过滤用户提交的输入。攻击者可...

CVE-2015-2780(发布:2017-10-16 14:29:00)NM
CVSS7.5

[原文]Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

CVE-2017-6090(发布:2017-10-02 21:29:03)NMP
CVSS6.5

[原文]Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.

CVE-2015-8249(发布:2017-09-27 21:29:00)NMP
CVSS10.0

[原文]The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.

CVE-2014-9619(发布:2017-09-19 11:29:00)NMP
CVSS6.5

[原文]Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.

123456下一页尾页 第1页 / 共6页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站