映射到 CWE-639,CWE-22 的搜索结果 (2101)

CVE-2018-2380(发布:2018-03-01 12:29:00)NMPS
CVSS6.5

[原文]SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.

CVE-2015-5079(发布:2018-02-28 17:29:00)NMPS
CVSS5.0

[原文]Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.

CVE-2017-9447(发布:2018-02-28 10:29:00)NM
CVSS5.0

[原文]In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences.

CVE-2018-7482(发布:2018-02-28 02:29:00)NM
CVSS5.0

[原文]** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1_../configuration.php&download=1 request. The specific pathname ../configuration.php should be base64 encoded for a valid attack. NOTE: the vendor disputes this issue because only files under the media-manager path can be downloaded, and the documentation indicates that sensitive information does not belong there. Nonetheless, 2.8.1 has additional blocking of .php downloads.

CVE-2018-7467(发布:2018-02-27 16:29:00)NM
CVSS5.0

[原文]AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI.

CVE-2018-7172(发布:2018-02-27 10:29:00)NM
CVSS5.5

[原文]In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal.

首页上一页4567891011下一页尾页 第6页 / 共351页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站