EUVD-2018-18167

Malware in sbrugna...

Appnitro MachForm Detection (HTTP)

HTTP based detection of Appnitro MachForm. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.141125...

Appnitro MachForm < 4.2.3 Multiple Vulnerabilities

Appnitro MachForm is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...

Path traversal

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...

Sql injection

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...

Sql injection

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...

CVE-2018-6409

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...

CVE-2018-6410

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...

CVE-2018-6411

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...

CVE-2018-6410

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...

CVE-2018-6410

An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter...

CVE-2018-6411

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...

CVE-2018-6409

Summary: CVE-2018-6409 affects Appnitro MachForm

CVE-2018-6411

CVE-2018-6411 affects Appnitro MachForm before 4.2.3. The vulnerability arises when a form filters: a blacklist may automatically include dangerous extensions, while a whitelist can be bypassed via an ap_form_elements SQL Injection. This implies risk of SQL Injection and filter bypass (impacting ...