映射到 CWE-639,CWE-22 的搜索结果 (2131)

CVE-2018-5430(发布:2018-04-17 14:29:00)NMS
CVSS4.0

[原文]The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

CVE-2017-6020(发布:2018-04-17 10:29:00)NMPS
CVSS4.0

[原文]Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level.

CVE-2014-2069(发布:2018-04-16 05:58:01)NMCS
CVSS5.0

[CNNVD]eshtery CMS‘FileManager.aspx’本地文件泄露漏洞--Eshtery CMS是埃及Eshtery团队创建的一套内容管理系统(CMS)。 Eshtery CMS中存在本地文件泄露漏洞,该漏洞源于程序没有充分过滤用户提交的输入。攻击者可利用该漏洞本地文件的取敏感信息。

CVE-2018-9118(发布:2018-04-12 11:29:00)NM
CVSS5.0

[原文]exports/download.php in the 99 Robots WP Background Takeover Advertisements plugin before 4.1.5 for WordPress has Directory Traversal via a .. in the filename parameter.

CVE-2018-9850(发布:2018-04-07 22:29:00)NM
CVSS6.4

[原文]In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request.

CVE-2018-9851(发布:2018-04-07 22:29:00)NM
CVSS5.0

[原文]In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence.

首页上一页23456789下一页尾页 第4页 / 共356页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站