关键字 的搜索结果 (15059)

CVE-2015-7715(发布:2017-10-18 14:29:00)NMP
CVSS6.8

[原文]Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php.

CVE-2014-8357(发布:2017-10-17 12:29:00)NMP
CVSS4.0

[原文]backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.

CVE-2014-9118(发布:2017-10-17 12:29:00)NMP
CVSS9.0

[原文]The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.

CVE-2014-9147(发布:2017-10-16 11:29:00)NMP
CVSS5.0

[原文]Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.

CVE-2014-9148(发布:2017-10-16 11:29:00)NMP
CVSS7.5

[原文]Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.

CVE-2016-5791(发布:2017-10-12 23:29:00)NMP
CVSS10.0

[原文]An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.

首页上一页12345678下一页尾页 第3页 / 共2510页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站