映射到 CWE-639,CWE-22 的搜索结果 (2101)

CVE-2018-7212(发布:2018-02-18 01:29:00)NM
CVSS5.0

[原文]An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters.

CVE-2017-8961(发布:2018-02-15 17:29:08)NM
CVSS9.0

[原文]A directory traversal vulnerability in HPE Intelligent Management Center (IMC) PLAT 7.3 E0504P02 could allow remote code execution.

CVE-2017-8947(发布:2018-02-15 17:29:07)NMPS
CVSS10.0

[原文]A Remote Code Execution vulnerability in HPE UCMDB version v10.10, v10.11, v10.20, v10.21, v10.22, v10.30, v10.31 was found.

CVE-2018-0123(发布:2018-02-08 02:29:00)NMS
CVSS4.9

[原文]A Path Traversal vulnerability in the diagnostic shell for Cisco IOS and IOS XE Software could allow an authenticated, local attacker to use certain diagnostic shell commands that can overwrite system files. These system files may be sensitive and should not be able to be overwritten by a user of the diagnostic shell. The vulnerability is due to lack of proper input validation for certain diagnostic shell commands. An attacker could exploit this vulnerability by authenticating to the device, entering the diagnostic shell, and providing crafted user input to commands at the local diagnostic shell CLI. Successful exploitation could allow the attacker to overwrite system files that should be restricted. Cisco Bug IDs: CSCvg41950.

CVE-2018-1299(发布:2018-02-06 15:29:00)NM
CVSS5.0

[原文]In Apache Allura before 1.8.0, unauthenticated attackers may retrieve arbitrary files through the Allura web application. Some webservers used with Allura, such as Nginx, Apache/mod_wsgi or paster may prevent the attack from succeeding. Others, such as gunicorn do not prevent it and leave Allura vulnerable.

CVE-2015-4461(发布:2018-02-05 11:29:00)NM
CVSS4.0

[原文]Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.

首页上一页678910111213下一页尾页 第8页 / 共351页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站