5 matches found
CVE-2019-10045
The "action" getsessid in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her if the session is...
CVE-2019-10045
The "action" getsessid in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her if the session is...
CVE-2019-10045
CVE-2019-10045 affects Pydio (web application) up to version 8.2.2, where the action get_sess_id leaks the session cookie value in the HTTP response body. This enables a script to access the session identifier and potentially impersonate a user if a session is active. The issue is a result of lea...
Pydio 8 Command Execution / Cross Site Scripting
SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Pydio 8 Multiple Vulnerabilities 1. Advisory Information Title: Pydio 8 Multiple Vulnerabilities Advisory ID: SAUTH-2019-0002 Advisory URL: https://www.secureauth.com/labs/advisories/pydio-8-multiple-vulnerabilities Date published:...
Pydio 8 Command Execution / Cross Site Scripting Vulnerabilities
Pydio 8 suffers from cross site scripting, command injection, and various other vulnerabilities. Pydio 8 Multiple Vulnerabilities 1. Advisory Information Title: Pydio 8 Multiple Vulnerabilities Advisory ID: SAUTH-2019-0002 Advisory URL:...