Lucene search
K

163 matches found

NVD
NVD
added 2018/04/07 9:29 p.m.18 views

CVE-2018-9326

Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...

9.8CVSS9.8AI score0.01988EPSS
Exploits0References1
Prion
Prion
added 2018/04/07 9:29 p.m.10 views

Code injection

Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...

7.5CVSS9.7AI score0.01988EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/04/07 9:29 p.m.12 views

CVE-2018-9326

Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...

9.8CVSS7.8AI score
Exploits0References1
OSV
OSV
added 2018/04/07 9:29 p.m.15 views

CVE-2018-9327

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...

8.1CVSS8AI score
Exploits0References1
Prion
Prion
added 2018/04/07 9:29 p.m.17 views

Design/Logic Flaw

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...

6.8CVSS8.3AI score0.0158EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/04/07 9:29 p.m.13 views

CVE-2018-9327

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...

8.1CVSS8.3AI score0.0158EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/04/07 9:29 p.m.27 views

CVE-2018-9326

Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...

9.8CVSS7.5AI score0.01988EPSS
Exploits0References2
NVD
NVD
added 2018/04/07 9:29 p.m.15 views

CVE-2018-9325

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...

7.5CVSS7.5AI score0.01186EPSS
Exploits0References1
Prion
Prion
added 2018/04/07 9:29 p.m.9 views

Code injection

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...

5CVSS7.5AI score0.01186EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/04/07 9:29 p.m.13 views

CVE-2018-9325

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...

7.5CVSS7AI score0.01186EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/04/07 9:29 p.m.27 views

CVE-2018-9325

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...

7.5CVSS7.1AI score0.01186EPSS
Exploits0References2
CVE
CVE
added 2018/04/07 9:0 p.m.44 views

CVE-2018-9327

Etherpad 1.5.x and 1.6.x before 1.6.4 are affected by an arbitrary-code-execution flaw on servers when configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB). Upgrade to 1.6.4 or later to apply the fix.

8.1CVSS8.3AI score0.0158EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/07 9:0 p.m.23 views

CVE-2018-9327

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database DirtyDB, CouchDB, MongoDB, or RethinkDB...

8.3AI score0.0158EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/07 9:0 p.m.16 views

CVE-2018-9326

Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code...

9.7AI score0.01988EPSS
Exploits0References1
CVE
CVE
added 2018/04/07 9:0 p.m.42 views

CVE-2018-9326

Etherpad 1.6.3 prior to 1.6.4 is vulnerable to arbitrary code execution. Multiple sources (NVD, SUSE, CNVD, OSV, OSV-) confirm Etherpad 1.6.3 can be exploited to execute code remotely, with CVSS indicating high to critical impact (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). The root cause details are n...

9.8CVSS9.6AI score0.01988EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/07 9:0 p.m.18 views

CVE-2018-9325

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names...

7.5AI score0.01186EPSS
Exploits0References1
CVE
CVE
added 2018/04/07 9:0 p.m.36 views

CVE-2018-9325

Etherpad CVE-2018-9325 affects Etherpad 1.5.x and 1.6.x prior to 1.6.4. The vulnerability allows an attacker to export all existing pads of an instance without knowing pad names. The issue is addressed in version 1.6.4 (remediation/patch). If citing sources, see NVD/SUSE entries and the project r...

7.5CVSS7.5AI score0.01186EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/02/27 12:0 a.m.5 views

Etherpad Lite Cross-Site Scripting Vulnerability

Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A cross-site scripting vulnerability exists in the static/js/padutils.js file in Etherpad Lite versions prior to 1.6.3. A remote attacker can use window.location.href to inject arbitrary Web...

6.1CVSS6.3AI score0.00898EPSS
Exploits0References1
CNVD
CNVD
added 2018/02/27 12:0 a.m.6 views

Etherpad Lite Access Restriction Bypass Vulnerability

Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A security vulnerability exists in the node/hooks/express/apicalls.js file in versions of Etherpad Lite prior to 1.6.3, which stems from the program failing to handle JSONP correctly.An attack...

9.8CVSS6.8AI score0.0233EPSS
Exploits1References1
NVD
NVD
added 2018/02/08 7:29 a.m.24 views

CVE-2018-6835

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions...

9.8CVSS9.4AI score0.0233EPSS
Exploits1References2
Rows per page
Query Builder