167 matches found
High severity vulnerability that affects org.dspace:dspace-xmlui
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
Dspace Directory Traversal Vulnerability
Dspace is an open source digital asset management system. The system is primarily used to manage and distribute data consisting of digital files or "bitstreams". A directory traversal vulnerability exists in the XMLUI functionality in Dspace versions prior to 3.6, 4.x versions prior to 4.5, and 5...
CVE-2016-10726
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
CVE-2016-10726
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
Directory traversal
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
CVE-2016-10726
The XMLUI feature in DSpace before 3.6, 4.x before 4.5, and 5.x before 5.5 allows directory traversal via the themes/ path in an attack with two or more arbitrary characters and a colon before a pathname, as demonstrated by a themes/Reference/aa:etc/passwd URI...
CVE-2016-10726
CVE-2016-10726 affects the DSpace XMLUI component. It describes a directory traversal vulnerability in the XMLUI feature present in DSpace versions: before 3.6, 4.x before 4.5, and 5.x before 5.5. The underlying issue is traversal via the themes/ path when a URI contains two or more arbitrary cha...