映射到 CWE-434 的搜索结果 (37)

CVE-2017-2737(发布:2017-11-22 14:29:01)NM
CVSS6.5

[原文]VCM5010 with software versions earlier before V100R002C50SPC100 has an arbitrary file upload vulnerability. The software does not validate the files that uploaded. An authenticated attacker could upload arbitrary files to the system.

CVE-2017-8862(发布:2017-11-22 03:29:00)NM
CVSS10.0

[原文]The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with "root" privileges.

CVE-2011-4334(发布:2017-10-23 14:29:00)NMOE
CVSS6.5

[原文]edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter.

CVE-2014-2664(发布:2017-10-17 11:29:00)NMCS
CVSS6.5

[CNNVD]X2CRM‘ProfileController.php’任意文件上传漏洞--X2Engine X2CRM是美国X2Engine公司的一套开源的客户关系管理系统(CRM)。该系统提供生成销售报价、制定销售流程和快速查看联系人等功能。 X2CRM 3.7.3、3.7.4及3.7.5版本中存在任意文件上传漏洞,该漏洞源于程序没有充分过滤用户提交的输入。攻击者可...

CVE-2015-2780(发布:2017-10-16 14:29:00)NM
CVSS7.5

[原文]Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.

CVE-2017-6090(发布:2017-10-02 21:29:03)NMP
CVSS6.5

[原文]Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/.

1234567下一页尾页 第1页 / 共7页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站