SearchBlox <9.2.2 - Local File Inclusion

SearchBlox prior to version 9.2.2 is susceptible to local file inclusion in FileServlet that allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the...

CVE-2020-10130

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system...

CVE-2020-10129

SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality...

CVE-2020-10131

SearchBlox before Version 9.2.1 is vulnerable to CSV macro injection in "Featured Results" parameter...

EUVD-2015-0977

Malware in sbrugna...

EUVD-2020-2592

Malware in sbrugna...

EUVD-2015-3466

Malware in sbrugna...

EUVD-2013-3524

Malware in sbrugna...

EUVD-2015-0975

Malware in sbrugna...

EUVD-2015-0976

Malware in sbrugna...

EUVD-2013-3532

Malware in sbrugna...

EUVD-2015-0978

Malware in sbrugna...

EUVD-2020-2591

Malware in sbrugna...

EUVD-2018-3565

Malware in sbrugna...

EUVD-2015-7817

Malware in sbrugna...

EUVD-2020-2595

Malware in sbrugna...

EUVD-2020-2594

Malware in sbrugna...

CVE-2020-35580

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBl...

CVE-2020-10132

SearchBlox before Version 9.1 is vulnerable to cross-origin resource sharing misconfiguration...

CVE-2020-10128

SearchBlox product with version before 9.2.1 is vulnerable to stored cross-site scripting at multiple user input parameters. In SearchBlox products multiple parameters are not sanitized/validate properly which allows an attacker to inject malicious JavaScript...