4 matches found
CVE-2012-1467
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to 1 delete or 2 rename arbitrary files via a .. dot dot in the param parameter to...
Multiple vulnerabilities in Open Journal Systems (OJS)
Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...
Open Journal Systems 2.3.6 XSS / File Manipulation / Shell Upload
Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...
Multiple vulnerabilities in Open Journal Systems (OJS)
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Open Journal Systems which can be exploited to manipulate local files, upload arbitrary files and perform Cross-Site Scripting XSS attacks. 1 Arbitrary File Manipulation in Open Journal Systems: CVE-2012-1467 1.1...