2 matches found
CVE-2015-0933
CVE-2015-0933 is a path traversal defect in ShareLaTeX 0.1.3 and earlier where omitting the openin_any setting lets remote authenticated users read arbitrary files via the \include{} command. Affected component: the ShareLaTeX server before 0.1.3. Root cause: inadequate input/path handling allowi...
ShareLaTeX vulnerable to remote command execution and information disclosure
Overview ShareLaTeX is a server-based software allowing group collaboration on LaTeX documents. ShareLaTeX prior to version 0.1.3 has been found to be vulnerable to command injections and information disclosure. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path...