映射到 CWE-78 的搜索结果 (210)

CVE-2017-12581(发布:2017-08-05 22:29:00)N
CVSS9.3

[原文]GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call.

CVE-2017-2281(发布:2017-08-02 12:29:00)NM
CVSS8.3

[原文]WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

CVE-2016-7844(发布:2017-08-02 12:29:00)NMS
CVSS6.0

[原文]GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template.

CVE-2015-2279(发布:2017-07-24 21:29:00)NMCP
CVSS10.0

[CNNVD]多款OvisLink AirLive产品操作系统命令注入漏洞--OvisLink AirLive IP Cameras MD-3025、IP Cameras BU-3026和IP Cameras BU-2015都是欧立科技(OvisLink)公司的网络摄像机产品。 多款OvisLink AirLive产品的cgi_test.cgi二进制文件中...

CVE-2015-2280(发布:2017-07-24 21:29:00)NMPS
CVSS9.0

[原文]snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.

CVE-2017-6320(发布:2017-07-18 10:29:00)NMP
CVSS9.0

[原文]A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued.

12345678下一页尾页 第1页 / 共35页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站