EPrints 3.4.2 - Cross-Site Scripting

EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI. id: CVE-2021-26475 info: name: EPrints 3.4.2 - Cross-Site Scripting author: geeknik severity: medium description: EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI...

EPrints 3.4.2 - Cross-Site Scripting

EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset dictionary URI. id: CVE-2021-26702 info: name: EPrints 3.4.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: EPrints 3.4.2 contains a reflected cross-site...

EUVD-2021-26673

Malware in sbrugna...

EUVD-2021-13281

Malware in sbrugna...

EUVD-2021-13494

Malware in sbrugna...

EUVD-2021-13492

Malware in sbrugna...

EUVD-2021-13493

Malware in sbrugna...

CVE-2021-3342

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted LaTeX input to a cgi/latex2png?latex= URI...

CVE-2021-26702

EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/datasetdictionary URI...

CVE-2021-26703

EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI...

CVE-2021-26704

EPrints 3.4.2 allows remote attackers to execute arbitrary commands via crafted input to the verb parameter in a cgi/toolbox/toolbox URI...

CVE-2021-26476

EPrints 3.4.2 allows remote attackers to execute OS commands via crafted LaTeX input to a cgi/cal?year= URI...

CVE-2021-26475

EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI...

eprints.lib.hokudai.ac.jp Cross Site Scripting vulnerability OBB-3541651

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

EPrints User Group ulcc-core 命令注入漏洞

ulcc-core is an open source repository from EPrints User Group. EPrints User Group ulcc-core suffers from a command injection vulnerability that stems from an unknown function in its cgi/toolbox/toolbox file that operates on the parameter password allowing an attacker to implement command injecti...

EPrints Arbitrary File Read (CVE-2021-3342)

An Arbitrary File Read vulnerability exists in EPrints. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary web script into the effected system...

EPrints Scholix Remote Code Execution

A remote code execution vulnerability exists in EPrints Scholix. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

EPrints Command Injection (CVE-2021-26704)

A command injection vulnerability exists in EPrints. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

EPrints Command Injection (CVE-2021-26476)

A command injection vulnerability exists in EPrints. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

EPrints Arbitrary File Read Vulnerability

EPrints is a free open source software package for building open access repositories compliant with the OAI-PMH protocol. An arbitrary file read vulnerability exists in EPrints 3.4.2. A remote attacker can exploit this vulnerability by entering specially crafted JSON/XML into a cgi/ajax/phrase UR...