269 matches found
Cross site request forgery (csrf)
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery CSRF attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into...
CVE-2017-1000147
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery CSRF attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into...
CVE-2017-1000147
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery CSRF attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into...
CVE-2017-1000147
Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery CSRF attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into unknowingly uploading malicious files into...
CVE-2017-1000147
CVE-2017-1000147 affects Mahara 1.9 before 1.9.8, 1.10 before 1.10.6, and 15.04 before 15.04.3. It enables a CSRF on the uploader in Mahara’s filebrowser widget, allowing an attacker to trick a user into uploading malicious files to their Mahara account. The provided documents do not specify a pa...
Mezzanine 4.1.0 Cross Site Scripting
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-XSS.txt Vendor: =================== mezzanine.jupo.org Product: ================ Mezzanine 4.1.0 Mezzanine is an open source CMS built using the python based Django framework...
Mezzanine 4.1.0 Arbitrary File Upload
Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MEZZANINE-CMS-ARBITRARY-FILE-UPLOAD.txt Vendor: =================== mezzanine.jupo.org Product: ================ Mezzanine 4.1.0 Mezzanine is an open source CMS built using the python based...
CMSimple 4.4.4 - Remote File Inclusion
CMSimple 4.4.4 - Remote File Inclusion source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security...
CMSimple 4.4, 4.4.2 - Remote File Inclusion
No description provided by source. ============================================================================================================= o CMSimple - Open Source CMS with no database = Remote File Inclusion Vulnerability Software : CMSimple - Open Source CMS with no database Version : 4.4...
CMSimple 4.44.4.2 - Remote File Inclusion
CMSimple 4.44.4.2 - Remote File Inclusion ============================================================================================================= o CMSimple - Open Source CMS with no database = Remote File Inclusion Vulnerability Software : CMSimple - Open Source CMS with no database Versio...
Synology DiskStation Manager < 4.3-3810 Update 3 Multiple FileBrowser Component Directory Traversal Vulnerabilities
According to its version number, the Synology DiskStation Manager installed on the remote host is 4.3-x equal or prior to 4.3-3810. It is, therefore, affected by multiple directory traversal vulnerabilities in the FileBrowser component. The issue exists due to improper validation of values...
CVE-2013-6987
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager DSM before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. dot dot in the 1 path parameter to filedelete.cgi or 2 folderpath parameter to...
CVE-2013-6987
Synology DiskStation Manager
Synology DSM 4.3-3810 - Directory Traversal
Title: Synology DSM multiple directory traversal Version affected: = 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987 I'm again here with a Synology DSM vulnerability. Synolo...
Synology DSM 4.3-3810 - Directory Traversal
Exploit for cgi platform in category web applications Title: Synology DSM multiple directory traversal Version affected: = 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: email protected Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987 I'm again...
Synology DSM 4.3-3810 Directory Traversal
Title: Synology DSM multiple directory traversal Version affected: = 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987 I'm again here with a Synology DSM vulnerability. Synolo...
CVE-2013-2036
Cross-site scripting XSS vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files."...
Cross site scripting
Cross-site scripting XSS vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files."...
CVE-2013-2036
Cross-site scripting XSS vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files."...
CVE-2013-2036
CVE-2013-2036 is a reflected Cross-Site Scripting (XSS) vulnerability in the Drupal Filebrowser module (6.x-2.x) prior to 6.x-2.2. The issue arises from insufficient sanitization when presenting lists of files, allowing an attacker to inject arbitrary script/HTML. The Drupal security advisory not...