Lucene search
K

7 matches found

OpenVAS
OpenVAS
added 2020/10/21 12:0 a.m.17 views

Ubuntu: Security Advisory (USN-4590-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.03781EPSS
Exploits3References2
Ubuntu
Ubuntu
added 2020/10/19 4:27 p.m.62 views

USN-4590-1: Collabtive vulnerability

It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code. CVE-2015-0258...

8.8CVSS8.3AI score0.03781EPSS
Exploits3
NVD
NVD
added 2020/02/17 6:15 p.m.17 views

CVE-2015-0258

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a 1 .php3, 2 .php4, 3 .php5, or 4 .phtml extension...

8.8CVSS8.9AI score0.03781EPSS
Exploits3References4
UbuntuCve
UbuntuCve
added 2020/02/17 6:15 p.m.27 views

CVE-2015-0258

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a 1 .php3, 2 .php4, 3 .php5, or 4 .phtml extension...

8.8CVSS7.5AI score0.03781EPSS
Exploits3References4
Cvelist
Cvelist
added 2020/02/17 5:46 p.m.25 views

CVE-2015-0258

Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a 1 .php3, 2 .php4, 3 .php5, or 4 .phtml extension...

8.9AI score0.03781EPSS
Exploits3References4
CVE
CVE
added 2020/02/17 5:46 p.m.85 views

CVE-2015-0258

Collabtive up to version 2.0/2.1 had an avatar-upload input validation flaw in manageuser.php that could enable an authenticated user to upload crafted files (.php3/.php4/.php5/.phtml) and execute arbitrary code. Public advisories (USN-4590-1, DLA-2125-1) and Debian/Nessus entries describe fixes ...

8.8CVSS8.8AI score0.03781EPSS
Exploits3References4Affected Software1
Packet Storm
Packet Storm
added 2015/09/28 12:0 a.m.25 views

Collabtive 2.0 Shell Upload

Vulnerability title: Arbitrary File Upload In Collabtive CVE: CVE-2015-0258 Vendor: Collabtive Product: Collabtive Affected version: 2.0 Fixed version: 2.1 Reported by: Arturo Rodriguez Details: It was discovered that authenticated users were able to upload files with extensions: php3, php4, php5...

5.7CVSS0.03781EPSS
Exploits3
Rows per page
Query Builder