8 matches found
K49033153: Apache Syncope vulnerabilities CVE-2018-1321 and CVE-2018-1322
Security Advisory Description CVE-2018-1321 An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations XSLT to perform malicious operations,...
org.apache.syncope:syncope-core-upgrader (>=1.2.0 <=1.2.10), org.apache.syncope:syncope-standalone (>=1.1.0 <=1.1.8) potentially affected by CVE-2018-1321 via org.apache.syncope:syncope-core (>=1.1.0 <=1.2.10)
org.apache.syncope:syncope-core MAVEN version =1.1.0, =1.2.0, =1.1.0, =1.1.8 Source cves: CVE-2018-1321 Source advisory: OSV:GHSA-XGC9-9W4V-H33H...
Apache Syncope 2.0.7 Remote Code Execution
Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory: https://syncope.apache.org/security CVE:...
Apache Syncope 2.0.7 Remote Code Execution Exploit
Exploit for windows platform in category remote exploits Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows...
Apache Syncope 2.0.7 - Remote Code Execution
Apache Syncope 2.0.7 - Remote Code Execution Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory:...
Apache Syncope 2.0.7 - Remote Code Execution
Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory: https://syncope.apache.org/security CVE:...
CVE-2018-1321
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations XSLT to perform malicious operations, including but not limited to file read, file...
CVE-2018-1321
Apache Syncope vulnerability CVE-2018-1321: An administrator with report and template entitlements can abuse XSLT to perform malicious operations (read/write files, execute code) in affected releases of Apache Syncope 1.2.x before 1.2.11 and 2.0.x before 2.0.8 (plus some unsupported 1.0/1.1 branc...