映射到 CWE-639,CWE-22 的搜索结果 (2035)

CVE-2015-1395(发布:2017-08-25 14:29:00)NMCPS
CVSS7.8

[CNNVD]GNU patch 本地目录遍历漏洞--GNU patch是GNU项目的一部分,它是安装主题包时所要安装的基础补丁。 GNU patch中存在本地目录遍历漏洞,该漏洞源于程序没有充分过滤用户提交的输入。本地攻击者可利用该漏洞获取受影响系统中的任意文件内容的访问权限。

CVE-2015-4180(发布:2017-08-25 14:29:00)NM
CVSS5.0

[原文]Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2009-4050.

CVE-2015-4181(发布:2017-08-25 14:29:00)NM
CVSS5.0

[原文]Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this vulnerability exists due to an incomplete fix to CVE-2015-4180.

CVE-2015-8352(发布:2017-08-24 17:29:00)NMP
CVSS10.0

[原文]Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php.

CVE-2017-9511(发布:2017-08-24 14:29:00)NM
CVSS5.0

[原文]The MultiPathResource class in Atlassian FishEye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when FishEye or Crucible is running on the Microsoft Windows operating system.

CVE-2017-7424(发布:2017-08-21 11:29:00)NM
CVSS4.0

[原文]A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote authenticated users to download arbitrary files from a system running the product, if this component is configured. Note esfadmingui is not enabled by default.

首页上一页56789101112下一页尾页 第7页 / 共340页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站