52 matches found
Unauthenticated Remote Command Injection in ep_imageconvert
epimageconvert is a plugin for Etherpad Lite. epimageconvert = 0.0.2 is vulnerable to remote command injection. Authentication is not required for remote exploitation. Recommendation Update to version 0.0.3 or greater...
CVE-2013-7380
The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...
Command injection
The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...
CVE-2013-7380
The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability Authentication is not required for remote exploitation...
UBUNTU-CVE-2013-7380
The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability Authentication is not required for remote exploitation...
CVE-2013-7380
The Etherpad Lite ep_imageconvert Plugin for Etherpad Lite is affected by a Remote Command Injection vulnerability. Affected: ep_imageconvert
CVE-2013-7380
The Etherpad Lite epimageconvert Plugin has a Remote Command Injection Vulnerability...
Etherpad-Lite Cross-Site Scripting Vulnerability
Etherpad-Lite is a Web-based open source document editor from the Etherpad Foundation. A cross-site scripting vulnerability exists in the templates/pad.html page in Etherpad-Lite version 1.7.5, which stems from a lack of proper validation of client-side data in the WEB application and can be...
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
Default credentials
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
CVE-2019-18209
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer...
CVE-2019-18209
CVE-2019-18209 affects Etherpad-Lite 1.7.5, with XSS in templates/pad.html when the browser does not encode the URL path (demonstrated in Internet Explorer). The root cause is lack of proper validation/encoding of client-side data in that page. Public disclosures in multiple feeds confirm the iss...
Etherpad Lite Access Control Bypass Vulnerability
Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A security vulnerability exists in the webaccess.js file in Etherpad Lite versions prior to 1.6.4. A remote attacker can exploit this vulnerability by sending a specially crafted request to...
CVE-2018-9845
Etherpad Lite before 1.6.4 is exploitable for admin access...
Design/Logic Flaw
Etherpad Lite before 1.6.4 is exploitable for admin access...
CVE-2018-9845
Etherpad Lite before 1.6.4 is exploitable for admin access...
CVE-2018-9845
Etherpad Lite before version 1.6.4 is vulnerable to an admin authentication bypass that allows an attacker to gain admin access. The issue is documented across multiple sources (NVD, Nuclei template, SUSE, CNVD, OSV, etc.) with the root cause described as an admin-privilege bypass affecting Ether...
CVE-2018-9845
Etherpad Lite before 1.6.4 is exploitable for admin access...
Etherpad Lite Cross-Site Scripting Vulnerability
Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A cross-site scripting vulnerability exists in the static/js/padutils.js file in Etherpad Lite versions prior to 1.6.3. A remote attacker can use window.location.href to inject arbitrary Web...