映射到 CWE-77,CWE-89 的搜索结果 (4508)

CVE-2017-6157(发布:2017-10-27 10:29:00)NMS
CVSS6.8

[原文]In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system.

CVE-2017-5078(发布:2017-10-27 01:29:01)NMP
CVSS6.8

[原文]Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument.

CVE-2014-2023(发布:2017-10-26 16:29:00)NMCPS
CVSS7.5

[CNNVD]Tapatalk for vBulletin SQL注入漏洞--vBulletin是美国Internet Brands和vBulletin Solutions公司共同开发的一款开源的商业Web论坛程序。Tapatalk是Tapatalk公司的一套论坛浏览软件。 Tapatalk for vBulletin 4.9.0版本和5.2.1版本中存在...

CVE-2014-1203(发布:2017-10-24 10:29:00)NMO
CVSS7.5

[原文]The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php.

CVE-2012-4570(发布:2017-10-23 14:29:00)NMC
CVSS7.5

[CNNVD]LetoDMS 多个跨站脚本漏洞和SQL注入漏洞--LetoDMS早期版本至3.3.8版本中存在多个跨站脚本漏洞和SQL注入漏洞,这些漏洞源于没有充分验证用户提供的数据。攻击者利用这些漏洞窃取cookie认证证书,控制应用程序,访问或修改数据,或利用底层数据库中潜在的漏洞。

CVE-2017-2133(发布:2017-10-20 07:29:00)NMS
CVSS6.5

[原文]SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

12345678下一页尾页 第1页 / 共752页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站