11 matches found
EUVD-2018-10711
Malware in sbrugna...
CVE-2018-1999018
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...
Pydio Cross-Site Scripting Vulnerability (CNVD-2019-14091)
Pydio AjaXplorer is a web-based remote file manager. The manager supports uploading and downloading files, online file editing, image previewing and more. A cross-site scripting vulnerability exists in Pydio version 8, which stems from a lack of proper validation of client-side data by the WEB...
CVE-2018-1999017
Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery SSRF vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath$url that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appear...
CVE-2018-1999016
Pydio version 8.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in ./core/vendor/meenie/javascript-packer/example-inline.php line 48; ./core/vendor/dapphp/securimage/examples/test.mysql.static.php lines: 114,118 that can result in an unauthenticated remote attacker manipulating...
CVE-2018-1999017
Pydio version 8.2.0 and earlier contains a Server-Side Request Forgery SSRF vulnerability in plugins/action.updater/UpgradeManager.php Line: 154, getUpgradePath$url that can result in an authenticated admin users requesting arbitrary URL's, pivoting requests through the server. This attack appear...
CVE-2018-1999018
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...
CVE-2018-1999018
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...
Remote code execution
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...
CVE-2018-1999018
Pydio version 8.2.1 and prior contains an Unvalidated user input leading to Remote Code Execution RCE vulnerability in plugins/action.antivirus/AntivirusScanner.php: Line 124, scanNow$nodeObject that can result in An attacker gaining admin access and can then execute arbitrary commands on the...
PT-2014-3067 · Zoho +1 · Zoho +1
Name of the Vulnerable Software and Affected Versions: Pydio versions prior to 5.0.4 Description: The issue is related to an unrestricted file upload vulnerability in the Zoho plugin. This allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it at a...