Lucene search
CVE-2012-1467
CVE-2012-1467: Multiple directory traversal vulnerabilities in the iBrowser plugin librar
Show more
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2012-1467 | 6 Sep 201221:00 | – | cvelist |
 | CVE-2012-1467 | 6 Sep 201200:00 | – | ubuntucve |
 | Directory traversal | 6 Sep 201221:55 | – | prion |
 | CVE-2012-1467 | 6 Sep 201221:55 | – | nvd |
 | Multiple vulnerabilities in Open Journal Systems (OJS) | 9 Apr 201200:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 9 Apr 201200:00 | – | securityvulns |
 | Open Journal Systems 2.3.6 XSS / File Manipulation / Shell Upload | 22 Mar 201200:00 | – | packetstorm |
 | Multiple vulnerabilities in Open Journal Systems (OJS) | 29 Feb 201200:00 | – | htbridge |
Node
| Source | Link |
|---|---|
| pkp | www.pkp.sfu.ca/support/forum/viewtopic.php |
| htbridge | www.htbridge.com/advisory/HTB23079 |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| param | query param | /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php | Directory traversal vulnerability allowing file deletion or renaming via the param parameter. | CWE-22 |
| articleId | query param | /index.php/[journal]/author/submit/2 | Potential arbitrary file upload through unvalidated file extensions. | CWE-434 |
| editor | query param | /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php | XSS vulnerability due to improper sanitization of input parameters. | CWE-79 |
| callback | query param | /lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php | XSS vulnerability due to improper sanitization of input parameters. | CWE-79 |
| articleId | query param | /index.php/[journal]/author/submit/3 | Stored XSS vulnerability due to improper sanitization of URL. | CWE-79 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo06 Sep 2012 21:55Current
6.6Medium risk
Vulners AI Score6.6
CVSS26.5
EPSS0.00304