EUVD-2015-0941

Malware in sbrugna...

EUVD-2015-0942

Malware in sbrugna...

PT-2024-31565 · Overleaf · Overleaf Server Pro

Name of the Vulnerable Software and Affected Versions: Overleaf Server Pro versions prior to 2024-07-17 Overleaf Server Pro using legacy docker-compose.yml versions prior to 2024-08-28 Description: Overleaf is a web-based collaborative LaTeX editor. When installing Server Pro using the Overleaf...

ShareLaTeX Remote Command Injection Vulnerability

ShareLaTeX is an open source web-based real-time collaborative LaTex editor developed by the ShareLaTeX team, which supports local editing, real-time collaboration and compilation of LaTeX documents. ShareLaTeX suffers from a remote command injection vulnerability due to the program failing to...

ShareLaTeX Absolute Path Traversal Vulnerability

ShareLaTeX is an open source web-based real-time collaborative LaTex editor developed by the ShareLaTeX team, which supports local editing, real-time collaboration and compilation of LaTeX documents. An absolute path traversal vulnerability exists in ShareLaTeX 0.1.3 and earlier versions. When th...

CVE-2015-0933

Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openinany setting is omitted, allows remote authenticated users to read arbitrary files via a \include command...

Path traversal

Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openinany setting is omitted, allows remote authenticated users to read arbitrary files via a \include command...

Code injection

Common LaTeX Service Interface CLSI before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via backtick characters in a filename...

CVE-2015-0933

Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openinany setting is omitted, allows remote authenticated users to read arbitrary files via a \include command...

CVE-2015-0934

CVE-2015-0934 affects ShareLaTeX via CLSI before 0.1.3. The vulnerability arises from backtick characters in filenames, allowing remote authenticated users to execute arbitrary commands on the server (command injection). CLSI 0.1.3 fixes the issue and is included in ShareLaTeX 0.1.3; upgrade to t...

CVE-2015-0934

Common LaTeX Service Interface CLSI before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via backtick characters in a filename...

CVE-2015-0933

CVE-2015-0933 is a path traversal defect in ShareLaTeX 0.1.3 and earlier where omitting the openin_any setting lets remote authenticated users read arbitrary files via the \include{} command. Affected component: the ShareLaTeX server before 0.1.3. Root cause: inadequate input/path handling allowi...

ShareLaTeX vulnerable to remote command execution and information disclosure

Overview ShareLaTeX is a server-based software allowing group collaboration on LaTeX documents. ShareLaTeX prior to version 0.1.3 has been found to be vulnerable to command injections and information disclosure. Description CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path...