Lucene search
K

70 matches found

OSV
OSV
added 2018/04/25 6:29 p.m.4 views

CVE-2018-10210

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature...

5.3CVSS5.8AI score0.01055EPSS
Exploits0References2
NVD
NVD
added 2018/04/25 6:29 p.m.16 views

CVE-2018-10207

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format...

5.3CVSS5.2AI score0.01055EPSS
Exploits0References2
NVD
NVD
added 2018/04/25 6:29 p.m.16 views

CVE-2018-10211

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultizesessionid" value in a cookie...

5.3CVSS5.3AI score0.01055EPSS
Exploits0References2
NVD
NVD
added 2018/04/25 6:29 p.m.16 views

CVE-2018-10206

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...

5.4CVSS5.2AI score0.00624EPSS
Exploits0References2
NVD
NVD
added 2018/04/25 6:29 p.m.12 views

CVE-2018-10209

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name...

5.4CVSS5.2AI score0.00624EPSS
Exploits0References2
NVD
NVD
added 2018/04/25 6:29 p.m.14 views

CVE-2018-10210

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature...

5.3CVSS5.3AI score0.01055EPSS
Exploits0References2
Prion
Prion
added 2018/04/25 6:29 p.m.13 views

Design/Logic Flaw

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...

3.5CVSS5.2AI score0.00624EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/25 6:0 p.m.28 views

CVE-2018-10207

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format...

5.3AI score0.01055EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/04/25 6:0 p.m.16 views

CVE-2018-10208

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI...

6AI score0.0081EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/04/25 6:0 p.m.20 views

CVE-2018-10206

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...

5.2AI score0.00624EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/04/25 6:0 p.m.19 views

CVE-2018-10209

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name...

5.2AI score0.00624EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/04/25 6:0 p.m.17 views

CVE-2018-10210

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature...

5.3AI score0.01055EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/04/25 6:0 p.m.14 views

CVE-2018-10213

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it...

5.3AI score0.00624EPSS
Exploits0References2
CVE
CVE
added 2018/04/25 6:0 p.m.54 views

CVE-2018-10213

Vaultize Enterprise File Sharing 17.05.31 is affected by a cross-site scripting (XSS) vulnerability in the invitation mail flow, where a recipient from a different user can modify HTML in the mail before sending it. This enables potential XSS payloads if trusted HTML is rendered by the recipient’...

5.4CVSS5.2AI score0.00624EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/04/25 6:0 p.m.52 views

CVE-2018-10207

CVE-2018-10207 relates to Vaultize Enterprise File Sharing 17.05.31, where a flaw in the FlexPaperViewer SWF reader allows an attacker to export restricted files due to missing authorization. The underlying issue is insufficient access control on the SWF viewer, enabling page-by-page access vecto...

5.3CVSS5.2AI score0.01055EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/04/25 6:0 p.m.46 views

CVE-2018-10210

The CVE-2018-10210 entry concerns Vaultize Enterprise File Sharing version 17.05.31. The vulnerability is described as an inability to properly restrict the password-reset feature, allowing enumeration of users. Affected component: password-reset workflow that leaks user identifiers; root cause n...

5.3CVSS5.3AI score0.01055EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/04/25 6:0 p.m.51 views

CVE-2018-10212

CVE-2018-10212 affects Vaultize Enterprise File Sharing 17.05.31, due to improper authorization that allows creation of folders in another account when a device value is modified. Multiple connected sources document this vulnerability; NVD lists CVSSv3.0 base score 5.4 (Medium). PT-2018-9759 expl...

5.5CVSS5.4AI score0.00649EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/04/25 6:0 p.m.49 views

CVE-2018-10206

CVE-2018-10206 affects Vaultize Enterprise File Sharing version 17.05.31. The issue is a Stored XSS via the optional message field of a file request, indicating the vulnerability lies in how user-supplied content is handled in that field (root cause: reflected/stored HTML/JS in the message input ...

5.4CVSS5.1AI score0.00624EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/04/25 6:0 p.m.49 views

CVE-2018-10211

Vaultize Enterprise File Sharing 17.05.31 is affected by an improper authorization flaw that allows listing the history of another user by tampering the vaultize_session_id cookie. Root cause: insufficient access controls around user-history data, enabling unauthorized access without an exploited...

5.3CVSS5.3AI score0.01055EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/04/25 6:0 p.m.19 views

CVE-2018-10211

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultizesessionid" value in a cookie...

5.3AI score0.01055EPSS
Exploits0References2
Rows per page
Query Builder