90 matches found
CVE-2021-41950
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...
CVE-2021-41765
A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...
CVE-2021-41950
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...
CVE-2021-41951
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the...
Sql injection
A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...
Directory traversal
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...
Cross site scripting
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the...
CVE-2021-41950
ResourceSpace 9.6 is affected by a directory traversal vulnerability (CVE-2021-41950) that allows remote unauthenticated attackers to delete arbitrary files on the server via the provider and variant parameters in pages/ajax/tiles.php, potentially taking the application offline. Affected versions...
CVE-2021-41950
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the...
CVE-2021-41765
Affected software : ResourceSpace 9.5–9.6 (rev 18274). Vulnerability : SQL injection in pages/edit_fields/9_ajax/add_keyword.php allows remote unauthenticated attackers to run arbitrary SQL commands via the k parameter. This can reveal the full contents of the ResourceSpace database and, if an ad...
CVE-2021-41765
A SQL injection issue in pages/editfields/9ajax/addkeyword.php of ResourceSpace 9.5 and 9.6 rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user...
CVE-2021-41951
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. A victim clicking a crafted URL can have arbitrary JavaScript executed in their browser, enabling potential session hijacking...
CVE-2021-41951
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpresssso/pages/index.php via the wordpressuser parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the...
Montala ResourceSpace 路径遍历漏洞
ResourceSpace is a digital asset management tool that enables users to organize their digital assets. a directory traversal vulnerability exists in ResourceSpace. An attacker could exploit the vulnerability to delete arbitrary files on the ResourceSpace server via the provider and variant...
PT-2021-23456 · Unknown · Resourcespace
Name of the Vulnerable Software and Affected Versions: ResourceSpace versions 9.6 through 9.6 rev 18277 Description: A directory traversal issue allows remote unauthenticated attackers to delete arbitrary files on the server via the provider and variant parameters in "pages/ajax/tiles.php"...
PT-2021-23457 · Unknown · Resourcespace
Name of the Vulnerable Software and Affected Versions: ResourceSpace versions prior to 9.6 rev 18290 Description: The issue allows for malicious JavaScript content to be executed within the context of a victim's browser, due to a reflected Cross-Site Scripting vulnerability. This can occur when a...
Montala ResourceSpace 跨站脚本漏洞
ResourceSpace is a digital asset management tool that enables users to organize their digital assets. cross-site scripting exists in the wordpressuser parameter in plugins/wordpresssso/pages/index.php in versions prior to ResourceSpace 9.6 rev 18290 vulnerability. An attacker could exploit this...
Montala ResourceSpace SQL注入漏洞
ResourceSpace is a digital asset management tool that enables users to organize their digital assets. a SQL injection vulnerability exists in pages/editfields/9ajax/addkeyword.php in ResourceSpace. The vulnerability can be exploited by an attacker to execute arbitrary SQL commands via the k...
ResourceSpace 8.6 - watched_searches.php SQL Injection
ResourceSpace 8.6 - watchedsearches.php SQL Injection Exploit Title: ResourceSpace =8.6 'watchedsearches.php' SQL Injection Dork: intext:"Powered by ResourceSpace" Date: 2019-02-01 Exploit Author: dd [email protected] Vendor Homepage: https://www.resourcespace.com/ Software Link:...
ResourceSpace 8.6 - watched_searches.php SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: ResourceSpace =8.6 'watchedsearches.php' SQL Injection Dork: intext:"Powered by ResourceSpace" Exploit Author: dd email protected Vendor Homepage: https://www.resourcespace.com/ Software Link: https://www.resourcespace.com/get...