映射到 CWE-639,CWE-22 的搜索结果 (1976)

CVE-2017-11456(发布:2017-07-19 03:29:00)N
CVSS5.0

[原文]Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.

CVE-2017-10708(发布:2017-07-18 16:29:00)N
CVSS6.8

[原文]An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file.

CVE-2017-11348(发布:2017-07-17 09:18:21)N
CVSS6.3

[原文]In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in the PackageId value.

CVE-2017-1000062(发布:2017-07-17 09:18:17)N
CVSS5.0

[原文]kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution

CVE-2017-1000047(发布:2017-07-17 09:18:17)N
CVSS7.5

[原文]rbenv (all current versions) is vulnerable to Directory Traversal in the specification of Ruby version resulting in arbitrary code execution

CVE-2017-1000028(发布:2017-07-17 09:18:16)N
CVSS5.0

[原文]Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.

首页上一页12345678下一页尾页 第3页 / 共330页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站