47 matches found
CVE-2011-5197
Public Knowledge Project Open Harvester Systems (PKP OHS) versions 2.3.1 and earlier are affected by a CSRF vulnerability in index/manager/fileUpload that allows remote attackers to hijack administrator authentication when uploading PHP files. The description specifies the affected component and ...
CVE-2011-5195
CVE-2011-5195 describes a CSRF vulnerability in the Open Conference Systems (Public Knowledge Project) component at index/manager/fileUpload. The flaw lets remote attackers hijack administrator sessions for requests that upload a PHP file, affecting versions 2.3.4 and earlier. The underlying issu...
CVE-2011-5196
Cross-site request forgery CSRF vulnerability in index/manager/fileUpload in Public Knowledge Project Open Journal Systems 2.3.6 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files...
Multiple vulnerabilities in Open Journal Systems (OJS)
Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...
Open Journal Systems 2.3.6 XSS / File Manipulation / Shell Upload
Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...
Open Conference/Journal/Harvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities
!/usr/bin/python Open Conference/Journal/Harvester Systems = 2.3.X multiple remote code execution vulnerabilities vendor: Public Knowledge Project pkp -http://pkp.sfu.ca/ software link: http://pkp.sfu.ca/download author: mrme::rwx kru email: steventhomasseeley!gmail!com tested on: the interwebz &...
Open ConferenceJournalHarvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities
Open ConferenceJournalHarvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities !/usr/bin/python Open Conference/Journal/Harvester Systems = 2.3.X multiple remote code execution vulnerabilities vendor: Public Knowledge Project pkp -http://pkp.sfu.ca/ software link:...