映射到 CWE-77,CWE-89,CWE-564 的搜索结果 (4700)

CVE-2018-9924(发布:2018-04-10 02:29:00)NM
CVSS7.5

[原文]An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.

CVE-2018-8820(发布:2018-03-28 16:29:00)NMP
CVSS6.0

[原文]An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials.

CVE-2018-1238(发布:2018-03-27 17:29:00)NMP
CVSS8.5

[原文]Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed.

CVE-2014-4959(发布:2018-03-27 12:29:00)NMCPS
CVSS7.5

[CNNVD]Google Android‘SQLiteDatabase.java’远程安全绕过漏洞--Google Android是美国谷歌(Google)公司和开放手持设备联盟(简称OHA)共同开发的一套以Linux为基础的开源操作系统。 Google Android中存在远程安全绕过漏洞。攻击者可利用该漏洞绕过安全限制,执行未授权操作。 ...

CVE-2018-8967(发布:2018-03-24 14:29:00)NM
CVSS7.5

[原文]An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.

CVE-2018-8943(发布:2018-03-22 17:29:00)NM
CVSS7.5

[原文]There is a SQL injection in the PHPSHE 1.6 userbank parameter.

12345678下一页尾页 第1页 / 共784页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站