163 matches found
Etherpad 跨站脚本漏洞
Etherpad is a web-based online document collaboration tool. Multiple users can write a text document simultaneously through Etherpad and see all participants' edits in real time.A cross-site scripting vulnerability exists in the chat component of Etherpad version 1.8.13, which can be exploited by...
Critical Flaws Reported in Etherpad — a Popular Google Docs Alternative
Cybersecurity researchers have disclosed new security vulnerabilities in the Etherpad text editor version 1.8.13 that could potentially enable attackers to hijack administrator accounts, execute system commands, and even steal sensitive documents. The two flaws — tracked as CVE-2021-34816 and...
Etherpad 1.8.13 - Code Execution Vulnerabilities
Etherpad is one of the most popular online text editors that allows collaborating on documents in real-time. It is customizable with more than 250 plugins available and features a version history as well as a chat functionality. There are thousands of instances deployed worldwide with millions of...
Unspecified Vulnerability in Etherpad-Lite
Etherpad-Lite is a Web-based open source document editor from the Etherpad Foundation. A security vulnerability exists in Etherpad-Lite versions prior to 1.8.3 that stems from the effects of a missing lock check and can be exploited by an attacker to cause a denial of service...
Unspecified Vulnerability in Etherpad-Lite (CNVD-2021-39572)
Etherpad-Lite is a Web-based open source document editor from the Etherpad Foundation. A security vulnerability exists in Etherpad-Lite versions prior to 1.8.3, which can be exploited by attackers to cause a denial of service...
CVE-2020-22781
In Etherpad 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service crash the instance...
CVE-2020-22781
In Etherpad 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service crash the instance...
CVE-2020-22785
Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check...
CVE-2020-22783
Etherpad 1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad...
CVE-2020-22782
Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance...
CVE-2020-22785
Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check...
CVE-2020-22783
Etherpad 1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad...
CVE-2020-22782
Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance...
CVE-2020-22784
In Etherpad UeberDB 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names...
Design/Logic Flaw
In Etherpad 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service crash the instance...
Design/Logic Flaw
In Etherpad UeberDB 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names...
Design/Logic Flaw
Etherpad 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance...
Buffer overflow
Etherpad 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check...
Code injection
Etherpad 1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad...
CVE-2020-22781
The CVE-2020-22781 vulnerability affects Etherpad Lite versions older than 1.8.3. A specially crafted URI can trigger an unhandled exception in Etherpad’s cache mechanism, leading to a denial of service (instance crash). This conclusion is supported by multiple sources in both CVE records and ext...