查看最近更新的CVE列表 (113313)

CVE-2018-5214(发布:2018-01-04 13:29:00)NM
CVSS3.5

[原文]The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php.

CVE-2018-0104(发布:2018-01-04 01:29:00)NMS
CVSS9.3

[原文]A vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) files could allow a remote attacker to execute arbitrary code on the system of a targeted user. The attacker could exploit this vulnerability by sending the user a link or email attachment with a malicious ARF file and persuading the user to follow the link or launch the file. Successful exploitation could allow the attacker to execute arbitrary code on the user's system. This vulnerability affects Cisco WebEx Business Suite meeting sites, Cisco WebEx Meetings sites, Cisco WebEx Meetings Server, and Cisco WebEx ARF players. Cisco Bug IDs: CSCvg78853, CSCvg78856, CSCvg78857.

CVE-2014-2017(发布:2018-01-18 09:29:00)NMCPS
CVSSN/A

[CNNVD]OXID eShop‘index.php’HTTP响应拆分漏洞--OXID eSales OXID eShop是德国OXID eSales公司的一套电子商务内容管理系统。该系统包括B2C、B2B等模块。 OXID eShop中存在HTTP响应拆分漏洞,该漏洞源于程序没有正确过滤用户提交的输入。攻击者可利用该漏洞影响或篡改Web内容服务、缓存或解...

CVE-2018-0115(发布:2018-01-18 01:29:01)NM
CVSSN/A

[原文]A vulnerability in the CLI of the Cisco StarOS operating system for Cisco ASR 5000 Series routers could allow an authenticated, local attacker to execute arbitrary commands with root privileges on an affected host operating system. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by injecting malicious command arguments into a vulnerable CLI command. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. To exploit this vulnerability, the attacker would need to authenticate to the affected system by using valid administrator credentials. Cisco Bug IDs: CSCvf93332.

CVE-2018-0108(发布:2018-01-18 01:29:01)NMS
CVSSN/A

[原文]A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996.

CVE-2018-0109(发布:2018-01-18 01:29:01)NMS
CVSSN/A

[原文]A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access sensitive data about the application. An attacker could exploit this vulnerability to obtain information to conduct additional reconnaissance attacks. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server that could allow an attacker who is authenticated as root to gain shared secrets. An attacker could exploit the vulnerability by accessing the root account and viewing sensitive information. Successful exploitation could allow the attacker to discover sensitive information about the application. Cisco Bug IDs: CSCvg42664.

12345678下一页尾页 第1页 / 共18886页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站