163 matches found
CVE-2018-9326
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...
Code injection
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...
CVE-2018-9326
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...
CVE-2018-9327
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...
Design/Logic Flaw
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...
CVE-2018-9327
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...
CVE-2018-9326
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...
CVE-2018-9325
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...
Code injection
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...
CVE-2018-9325
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...
CVE-2018-9325
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...
CVE-2018-9327
Etherpad 1.5.x and 1.6.x before 1.6.4 are affected by an arbitrary-code-execution flaw on servers when configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB). Upgrade to 1.6.4 or later to apply the fix.
CVE-2018-9327
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...
CVE-2018-9326
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...
CVE-2018-9326
Etherpad 1.6.3 prior to 1.6.4 is vulnerable to arbitrary code execution. Multiple sources (NVD, SUSE, CNVD, OSV, OSV-) confirm Etherpad 1.6.3 can be exploited to execute code remotely, with CVSS indicating high to critical impact (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The root cause details are n...
CVE-2018-9325
Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...
CVE-2018-9325
Etherpad CVE-2018-9325 affects Etherpad 1.5.x and 1.6.x prior to 1.6.4. The vulnerability allows an attacker to export all existing pads of an instance without knowing pad names. The issue is addressed in version 1.6.4 (remediation/patch). If citing sources, see NVD/SUSE entries and the project r...
Etherpad Lite Cross-Site Scripting Vulnerability
Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A cross-site scripting vulnerability exists in the static/js/padutils.js file in Etherpad Lite versions prior to 1.6.3. A remote attacker can use window.location.href to inject arbitrary Web...
Etherpad Lite Access Restriction Bypass Vulnerability
Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A security vulnerability exists in the node/hooks/express/apicalls.js file in versions of Etherpad Lite prior to 1.6.3, which stems from the program failing to handle JSONP correctly.An attack...
CVE-2018-6835
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...