12 matches found
OpenClaw 权限许可和访问控制问题漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.27 had code-related vulnerabilities. These vulnerabilities stemmed from issues with code execution during the skill installation process. The workarea.env file could override th...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities stemmed from bypassing plugin trust mechanisms, allowing attackers to circumvent the expected trust levels when...
EUVD-2008-3485
Malware in sbrugna...
Malicious code in workarea-gift-cards (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-7046 Malicious code in workarea-gift-cards (RubyGems)
--- -= Per source details. Do not edit below this line.=-...
CVE-2018-12596
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden normally available exclusively for local...
CVE-2018-12596
CVE-2018-12596 affects Episerver/Ektron CMS (notably version 9.20 SP2) where remote attackers can reach the activateuser.aspx page, even when located under /WorkArea/ (normally restricted to local admins). The vulnerability is caused by improper access restrictions, permitting unauthorized enabli...
CVE-2016-6133
Cross-site scripting XSS vulnerability in Ektron Content Management System before 9.1.0.184SP39.1.0.184.3.127 allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx...
CVE-2016-6201
Cross-site scripting XSS vulnerability in Ektron Content Management System CMS before 9.1.0.184 SP3 9.1.0.184.3.127 allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx...
Ektron Content Management System Cross-Site Scripting Vulnerability
Ektron Content Management System is an enterprise-level Web content management system. A cross-site scripting vulnerability exists in Test/WorkArea/workarea.aspx in Ektron CMS, which can be exploited by remote attackers to inject malicious script or HTML code, which can be used to obtain sensitiv...
CVE-2015-0923
The CVE-2015-0923 vulnerability affects Ektron CMS versions 8.5, 8.7 before 8.7sp2, and 9.0 before sp1, in ContentBlockEx via Workarea/ServerControlWS.asmx. An XML External Entity (XXE) flaw arises when an XML document is named in the xslt parameter, allowing remote, unauthenticated readers to ac...
Ektron CMS400.NET WorkArea/ContentRatingGraph.aspx res Parameter SQL Injection
The remote host is running CMS400.NET, a .NET content management solution. The version of CMS400.NET installed on the remote host fails to sanitize user-supplied input to the 'res' parameter of the 'WorkArea/ContentRatingGraph.aspx' script before using it in a database query. An unauthenticated...