CVE-2020-26524

CodeLathe FileCloud before 20.2.0.11915 allows username enumeration...

Design/Logic Flaw

CodeLathe FileCloud before 20.2.0.11915 allows username enumeration...

CVE-2020-26524

CodeLathe FileCloud prior to 20.2.0.11915 contains an information-disclosure vulnerability that allows username enumeration. Affected product: CodeLathe FileCloud. Impact: attacker can enumerate usernames, facilitating targeted access attempts. Root cause: insufficient input handling leading to u...

CVE-2020-26524

CodeLathe FileCloud before 20.2.0.11915 allows username enumeration...

U.S. Dept Of Defense: Unrestricted File Upload

Summary: The endpoint at https://███████/ui/core/index.html required authentication, but navigating to https://█████/ui/core/index.html?mode=publicexpl-tabl./SHARED/rpchllmd/CSAT allow for read/write access. Description: The endpoint at...

CVE-2016-6578

CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request...

CVE-2016-6578

CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request...

Cross site request forgery (csrf)

CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request...

CVE-2016-6578 CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery (CSRF)

CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global cross-site request forgery CSRF vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request...

CVE-2016-6578

CodeLathe FileCloud, version 13.0.0.32841 and earlier, contains a global Cross-Site Request Forgery (CSRF) vulnerability. An attacker can perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. Affected...

CodeLathe FileCloud Cross-Site Request Forgery Vulnerability

CodeLathe FileCloud is a file access, synchronization and sharing solution for on-premises use. A cross-site request forgery vulnerability exists in CodeLathe FileCloud version 13.0.0.32841 and earlier. A remote attacker can exploit this vulnerability to perform unauthorized operations...

CodeLathe FileCloud is vulnerable to cross-site request forgery

Overview CodeLathe FileCloud, version 13.0.0.32841 and earlier, is vulnerable to cross-site request forgery CSRF. Description CWE-352: Cross-Site Request Forgery CSRF - CVE-2016-6578CodeLathe FileCloud is an "is an Enterprise File Access, Sync and Share solution that runs on-premise." FileCloud,...