映射到 CWE-434 的搜索结果 (71)

CVE-2018-6411(发布:2018-05-26 18:29:00)NMP
CVSS7.5

[原文]An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.

CVE-2017-2617(发布:2018-05-22 13:29:00)NMS
CVSS6.8

[原文]hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.

CVE-2018-7505(发布:2018-05-15 18:29:00)NM
CVSS7.5

[原文]In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a TFTP application has unrestricted file uploads to the web application without authorization, which may allow an attacker to execute arbitrary code.

CVE-2018-0587(发布:2018-05-14 09:29:02)NM
CVSS4.0

[原文]Unrestricted file upload vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote authenticated users to upload arbitrary image files via unspecified vectors.

CVE-2018-0568(发布:2018-05-14 09:29:00)NM
CVSS6.5

[原文]Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw Ver 3.2.0 and earlier allows remote authenticated users to execute arbitrary PHP code via unspecified vectors.

CVE-2018-2420(发布:2018-05-09 16:29:00)NMS
CVSS7.5

[原文]SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, allows an attacker to upload any file (including script files) without proper file format validation.

12345678下一页尾页 第1页 / 共12页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站