映射到 CWE-77,CWE-89 的搜索结果 (4758)

CVE-2018-1292(发布:2018-04-20 14:29:00)NMS
CVSS5.5

[原文]Within the 'getReportType' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn't have authorization for by way of the 'reportName' parameter.

CVE-2018-1143(发布:2018-04-19 09:29:00)NMP
CVSS10.0

[原文]A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.

CVE-2018-1144(发布:2018-04-19 09:29:00)NMPS
CVSS10.0

[原文]A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.

CVE-2018-1167(发布:2018-04-18 22:29:00)NMP
CVSS6.8

[原文]This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5501.

CVE-2018-8734(发布:2018-04-17 20:29:00)NMP
CVSS7.5

[原文]SQL injection vulnerability in the core config manager in Nagios XI 5.2.x through 5.4.x before 5.4.13 allows an attacker to execute arbitrary SQL commands via the selInfoKey1 parameter.

CVE-2018-0530(发布:2018-04-16 10:29:00)NM
CVSS6.5

[原文]SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

首页上一页56789101112下一页尾页 第7页 / 共793页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站