60 matches found
EUVD-2015-4447
Malware in sbrugna...
EUVD-2015-3666
Malware in sbrugna...
EUVD-2014-2757
Malware in sbrugna...
Ektron CMS 9.20 SP2 - Improper Access Restrictions
Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-284 Description ================ Ektr...
Ektron CMS 9.20 SP2 Improper Access Restrictions
Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-284 Description ================ Ektr...
Authentication flaw
The XSLTCompiledTransform function in Ektron Content Management System CMS before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or...
Design/Logic Flaw
Ektron Content Management System CMS before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data...
CVE-2012-5357
Ektron Content Management System CMS before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data...
CVE-2012-5358
The XSLTCompiledTransform function in Ektron Content Management System CMS before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or...
CVE-2012-5357
Ektron Content Management System CMS before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data...
CVE-2012-5358
The XSLTCompiledTransform function in Ektron Content Management System CMS before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or...
CVE-2012-5357
CVE-2012-5357 affects Ektron CMS prior to 8.02 SP5. The vulnerability arises from XslCompiledTransform with enablescript set to true, allowing remote code execution with NETWORK SERVICE privileges via crafted XSL data. Documentation and third-party sources confirm RCE potential in Ektron’s XSLT h...
CVE-2012-5358
Affected software: Ektron Content Management System (CMS) prior to 8.02 SP5. Vulnerable component: XslCompiledTransform/XSLT processing configured with insecure flags (enableDocumentFunction or enablescript) in ekajaxtransform.aspx. Root cause: Improper XSLT handling allows crafted XSL data to tr...
Cross site scripting
Cross-site scripting XSS vulnerability in Ektron Content Management System before 9.1.0.184SP39.1.0.184.3.127 allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx...
CVE-2016-6133
Cross-site scripting XSS vulnerability in Ektron Content Management System before 9.1.0.184SP39.1.0.184.3.127 allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx...
CVE-2016-6133
Cross-site scripting XSS vulnerability in Ektron Content Management System before 9.1.0.184SP39.1.0.184.3.127 allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx...
Cross site scripting
Cross-site scripting XSS vulnerability in Ektron Content Management System CMS before 9.1.0.184 SP3 9.1.0.184.3.127 allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx...
CVE-2016-6201
Cross-site scripting XSS vulnerability in Ektron Content Management System CMS before 9.1.0.184 SP3 9.1.0.184.3.127 allows remote attackers to inject arbitrary web script or HTML via the ContType parameter in a ViewContentByCategory action to WorkArea/content.aspx...
CVE-2015-4427
Multiple cross-site scripting XSS vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System CMS before 9.10 SP1 Build 9.1.0.184.1.114 allow remote authenticated users to inject arbitrary web script or HTML via the 1 page, 2 action, 3 folderid, or 4 LangType parameter...
CVE-2015-3624
Cross-site request forgery CSRF vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System CMS before 9.10 SP1 Build 9.1.0.184.1.120 allows remote attackers to hijack the authentication of content administrators for requests that delete content via a...