Bonita BPM Portal <6.5.3 - Local File Inclusion

Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. dot dot in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. id: CVE-2015-3897 info: name: Bonita BPM Portal 6.5.3 - Local File Inclusion author: 0xAkoko severity:...

CVE-2015-3897

Bonita BPM Portal before 6.5.3 is affected by two concrete issues: (1) Local File Inclusion via themeResource when theme and location contain .., allowing reading arbitrary server files; (2) Open Redirect via redirectUrl parameter, enabling redirection to arbitrary sites after login. The NVD/Nucl...

Bonita BPM < 6.5.3 Multiple Vulnerabilities

Bonita BPM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:bonitasoft:bonitabpm"; if...

Arbitrary File Disclosure and Open Redirect in Bonita BPM

Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...

Bonita BPM 6.5.1 Directory Traversal / Open Redirect Vulnerabilities

Exploit for php platform in category web applications Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch:...

Bonita BPM 6.5.1 Directory Traversal / Open Redirect

Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...

Bonita BPM 6.5.1 - Multiple Vulnerabilities

Bonita BPM 6.5.1 - Multiple Vulnerabilities Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015...

CVE-2015-3897

creationtimestamp| type| source ---|---|--- 2015-06-10 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/37260...

Bonita BPM 6.5.1 - Multiple Vulnerabilities

Advisory ID: HTB23259 Product: Bonita BPM Vendor: Bonitasoft Vulnerable Versions: 6.5.1 and probably prior Tested Version: 6.5.1 Windows and Mac OS packages Advisory Publication: May 7, 2015 without technical details Vendor Notification: May 7, 2015 Vendor Patch: June 9, 2015 Public Disclosure:...