Lucene search
K

4 matches found

CVE
CVE
added 2012/09/06 9:0 p.m.69 views

CVE-2012-1468

Open Journal Systems (OJS) prior to 2.3.7 contains an incomplete blacklist vulnerability that allows remote authenticated users with the Author role to upload files with executable extensions (not just .php) and access them via submission/original/ to execute arbitrary code. Public advisories tie...

6CVSS7.3AI score0.03482EPSS
Exploits2References3Affected Software1
securityvulns
securityvulns
added 2012/04/09 12:0 a.m.163 views

Multiple vulnerabilities in Open Journal Systems (OJS)

Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...

6.5CVSS5.9AI score0.03482EPSS
Exploits4
Packet Storm
Packet Storm
added 2012/03/22 12:0 a.m.87 views

Open Journal Systems 2.3.6 XSS / File Manipulation / Shell Upload

Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...

6.5CVSS6.5AI score0.03482EPSS
Exploits4
htbridge
htbridge
added 2012/02/29 12:0 a.m.117 views

Multiple vulnerabilities in Open Journal Systems (OJS)

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Open Journal Systems which can be exploited to manipulate local files, upload arbitrary files and perform Cross-Site Scripting XSS attacks. 1 Arbitrary File Manipulation in Open Journal Systems: CVE-2012-1467 1.1...

10CVSS6.3AI score0.03482EPSS
Exploits4Affected Software1
Rows per page
Query Builder