19 matches found
EUVD-2015-3933
Malware in sbrugna...
VulnCheck KEV: CVE-2015-3897
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource...
CVE-2015-3898
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to 1 bonita/login.jsp or 2 bonita/loginservice...
Open redirect
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to 1 bonita/login.jsp or 2 bonita/loginservice...
CVE-2015-3898
Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to 1 bonita/login.jsp or 2 bonita/loginservice...
CVE-2015-3898
CVE-2015-3898 refers to open redirect vulnerabilities in Bonita BPM Portal prior to 6.5.3. The flaw allows remote attackers to redirect users to arbitrary sites via the redirectUrl parameter on the login flow (bonita/login.jsp and bonita/loginservice). The connected documents confirm the vulnerab...
CVE-2015-3897
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource...
Directory traversal
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource...
CVE-2015-3897
Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource...
CVE-2015-3897
Bonita BPM Portal before 6.5.3 is affected by two concrete issues: (1) Local File Inclusion via themeResource when theme and location contain .., allowing reading arbitrary server files; (2) Open Redirect via redirectUrl parameter, enabling redirection to arbitrary sites after login. The NVD/Nucl...
Bonita BPM < 6.5.3 Multiple Vulnerabilities
Bonita BPM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:bonitasoft:bonitabpm"; if...
Bonita BPM Detection
Detection of Bonita BPM. The script sends a connection request to the server and attempts to detect Bonita BPM. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Arbitrary File Disclosure and Open Redirect in Bonita BPM
Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...
Bonita BPM Path Traversal Vulnerability
Bonita BPM is an open source business process management - workflow suite. A path traversal vulnerability exists in Bonita BPM. Since the input passed to the "bonita/portal/themeResource" URL via the "theme" and "location" HTTP GET parameters is not properly validated as part of the used filename...
Bonita BPM 6.5.1 Directory Traversal / Open Redirect Vulnerabilities
Exploit for php platform in category web applications Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch:...
Bonita BPM 6.5.1 Directory Traversal / Open Redirect
Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...
Bonita BPM 6.5.1 - Multiple Vulnerabilities
Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...
Bonita BPM 6.5.1 - Multiple Vulnerabilities
Bonita BPM 6.5.1 - Multiple Vulnerabilities Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015...
Arbitrary File Disclosure and Open Redirect in Bonita BPM
High-Tech Bridge Security Research Lab two vulnerabilities in Bonita BPM Portal Bonita's web interface running by default on port 8080, which can be exploited by remote non-authenticated attacker to compromise the vulnerable web application and the web server on which it is hosted. 1 Path Travers...