52 matches found
REDAXO cross-site scripting vulnerability (CNVD-2019-18491)
REDAXO is an open source Web portal content management system . The system supports custom modules , plug-in extensions , project backup and so on. REDAXO 5.6.3 version of the addons/mediapool/pages/index.php file there is a cross-site scripting vulnerability , a remote attacker can send...
REDAXO Cross-Site Scripting Vulnerability (CNVD-2019-18493)
REDAXO is an open source Web portal content management system . The system supports custom modules , plug-in extensions , project backup and so on. REDAXO cross-site scripting vulnerability , remote attackers can use index.php?page=mediapool/media&openerinputfield=&args substring to exploit the...
CVE-2018-18198
The $openerinputfield variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=XSS request...
CVE-2018-18198
The CVE-2018-18198 issue affects REDAXO 5.6.3 via addons/mediapool/pages/index.php where the $opener_input_field is not properly filtered and is echoed to the page. This allows an attacker to inject XSS payloads through a request such as index.php?page=mediapool/media&opener_input_field=[XSS]. Re...
CVE-2018-17830
The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted only values are restricted. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=&args substring...
Redaxo CMS Mediapool Plugin File Upload Vulnerability
Redaxo CMS is an open source Web portal content management system CMS. The system supports custom modules , plug-in extensions , project backup and so on. Redaxo CMS Mediapool plugin file upload vulnerability , an attacker can exploit the vulnerability to upload arbitrary files...
Redaxo CMS Mediapool Arbitrary File Upload
Exploit Title: Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Date: 2018-06-13 Exploit Author: mn@HackerWerkstatt Vendor Homepage: https://redaxo.org Software Link: https://redaxo.org/download/redaxo/5.5.1.zip Version: 5.5.1 and older Tested on: LinuxMint More: Login required PoC In the...
Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Exploit Author: email protected Vendor Homepage: https://redaxo.org Software Link: https://redaxo.org/download/redaxo/5.5.1.zip Version: 5.5.1 and older Tested on: LinuxMi...
Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload
Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Exploit Title: Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Date: 2018-06-13 Exploit Author: mn@HackerWerkstatt Vendor Homepage: https://redaxo.org Software Link: https://redaxo.org/download/redaxo/5.5.1.zip Version: 5.5.1 and...
Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload
Exploit Title: Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Date: 2018-06-13 Exploit Author: mn@HackerWerkstatt Vendor Homepage: https://redaxo.org Software Link: https://redaxo.org/download/redaxo/5.5.1.zip Version: 5.5.1 and older Tested on: LinuxMint More: Login required PoC In the...
Redaxo CMS 5.0.0 Cross Site Scripting / SQL Injection
=== LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor:...
Backup to tape jobs fails when the source contains .vrb files
Challenge 1. When using backup to tape on a source job containing .vrb files, the jobs may fail with the error: MediaPool not found id: 00000000-0000-0000-0000-000000000000. 2. When enabling incremental mode in backup to tape, .vrb files will be transfered to tape. Cause This is a known issue...