映射到 CWE-639,CWE-22 的搜索结果 (2025)

CVE-2017-9511(发布:2017-08-24 14:29:00)NM
CVSS5.0

[原文]The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system.

CVE-2017-7424(发布:2017-08-21 11:29:00)NM
CVSS4.0

[原文]A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.

CVE-2017-7675(发布:2017-08-10 22:29:00)NMS
CVSS5.0

[原文]The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

CVE-2015-0781(发布:2017-08-09 14:29:00)NMC
CVSS7.5

[CNNVD]Novell ZENworks 远程代码执行漏洞--Novell ZENworks是美国Novell公司的一套支持在组织内跨资源进行自动化IT管理和业务流程管理的软件。 Novell ZENworks的Rtrlet类中的‘doPost’方法存在远程代码执行漏洞,该漏洞源于程序没有充分过滤上传文件的路径。攻击...

CVE-2017-11152(发布:2017-08-08 11:29:07)NP
CVSS5.0

[原文]Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.

CVE-2017-12637(发布:2017-08-07 16:29:01)N
CVSS5.0

[原文]Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

首页上一页4567891011下一页尾页 第6页 / 共338页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站