The vulnerability of the 1C-Bitrix web project management system allows a hacker to implant and exploit any arbitrary local file.

The vulnerability of the bitrix.mpbuilder module of the 1C-Bitrix web project management system exists due to insufficient restrictions on the path name to the directory. Exploiting this vulnerability allows a malicious actor to remotely introduce and open any local file by adding the symbol “..”...

The vulnerability of the 1C-Bitrix web project management system allows a hacker to trigger a service failure, obtain confidential information, or rename arbitrary files.

The vulnerability of the admin/bitrix.xscanworker.php module of the 1C-Bitrix web project management system exists due to insufficient restrictions on the path name to the catalog. Exploiting this vulnerability allows a malicious actor to rename arbitrary files, obtain confidential information, o...

aksayland.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-124935 Description| Value ---|--- Affected Website:| aksayland.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet Vulnerabl...

autogoda.ru Open Redirect vulnerability

Open Bug Bounty ID: OBB-124934 Description| Value ---|--- Affected Website:| autogoda.ru Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet Vulnerable...

mcart.xls Bitrix Module 6.5.2 - SQL Injection

Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Public Disclosure: January 13, 2016 Vulnerabilit...

mcart.xls Bitrix Module 6.5.2 - SQL Injection

Exploit for php platform in category web applications Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Public Disclosur...

mcart.xls Bitrix Module 6.5.2 - SQL Injection

mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...

Bitrix mcart.xls 6.5.2 SQL Injection

Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Public Disclosure: January 13, 2016 Vulnerabilit...

Multiple SQL Injection Vulnerabilities in mccart.xls Bitrix Module

Multiple SQL injection vulnerabilities exist in the mccart.xls Bitrix module. Multiple SQL injection vulnerabilities exist in the Bitrix module due to the "xlsprofile" HTTP GET parameter passed to the "/bitrix/admin/mcartxlsimport.php" script; the "/bitrix/admin/mcartxlsimport.php" script; the...

orion.extfeedbackform Bitrix模块SQL注入漏洞

No description provided by source...

orion.extfeedbackform Bitrix Module 2.1.2 CSRF / SQL Injection

Advisory ID: HTB23280 Product: orion.extfeedbackform Bitrix module Vendor: www.orion-soft.ru Vulnerable Versions: 2.1.2 and probably prior Tested Version: 2.1.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: December 11, 2015...

CVE-2015-8358

Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. dot dot in the element name of the "work" array parameter to admin/bitrix.mpbuilderstep2.php...

CVE-2015-8357

Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. dot dot in the file parameter to admin/bitrix.xscanworker.php...

Directory traversal

Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. dot dot in the file parameter to admin/bitrix.xscanworker.php...

Directory traversal

Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. dot dot in the element name of the "work" array parameter to admin/bitrix.mpbuilderstep2.php...

CVE-2015-8357

Directory traversal vulnerability in the bitrix.xscan module before 1.0.4 for Bitrix allows remote authenticated users to rename arbitrary files, and consequently obtain sensitive information or cause a denial of service, via a .. dot dot in the file parameter to admin/bitrix.xscanworker.php...

CVE-2015-8357

CVE-2015-8357 affects the Bitrix bitrix.xscan module prior to v1.0.4. A path traversal in the file parameter fed to /bitrix/admin/bitrix.xscan_worker.php allows an authenticated remote user to rename arbitrary files and disclose contents (via ../ path tricks). The vulnerability is triggered by un...

CVE-2015-8358

Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. dot dot in the element name of the "work" array parameter to admin/bitrix.mpbuilderstep2.php...

orion.extfeedbackform Bitrix Module SQL Injection Vulnerability

An SQL injection vulnerability exists in the orion.extfeedbackform Bitrix module. Due to insufficient filtering of input passed to the "/bitrix/admin/orion.extfeedbackformefbfforms.php" script via the "order" and "by" HTTP GET parameters, an attacker can exploit the vulnerability to execute SQL...

Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal

Bitrix bitrix.xscan Module 1.0.3 - Directory Traversal Advisory ID: HTB23278 Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18,...