Lucene search
K

10 matches found

Prion
Prion
added 2012/09/17 5:55 p.m.16 views

Sql injection

SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

7.5CVSS9.1AI score0.01353EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2012/08/26 6:55 p.m.17 views

CVE-2010-5087

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery CSRF protection mechanism and hijack the authentication of administrators via vectors related to "form action requests" using a controller...

5CVSS6.9AI score0.02955EPSS
Exploits1References9
NVD
NVD
added 2012/08/26 6:55 p.m.19 views

CVE-2010-5080

The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HT...

6.8CVSS6.6AI score0.01223EPSS
Exploits0References9
Prion
Prion
added 2012/08/26 6:55 p.m.18 views

Code injection

MemberProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address ID of another user...

5CVSS7.2AI score0.01547EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2012/08/26 6:55 p.m.19 views

Code injection

The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by changing the extension of an uploaded file...

6CVSS7.8AI score0.01371EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2012/08/26 6:55 p.m.12 views

Design/Logic Flaw

The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt modrewrite-less URL routing."...

5CVSS7.2AI score0.01735EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2012/08/26 6:55 p.m.11 views

Session fixation

The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attackers to obtain sensitive data and hijack the session via the HTTP referer logs on a server, aka "HT...

6.8CVSS7.2AI score0.01223EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2012/08/26 6:0 p.m.40 views

CVE-2010-5095

CVE-2010-5095 is a cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x prior to 2.3.6. The issue allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination. The vulnerability affects SilverStripe’s pagination handling and could lead t...

4.3CVSS5.8AI score0.01647EPSS
Exploits0References10Affected Software1
CVE
CVE
added 2012/08/26 6:0 p.m.48 views

CVE-2010-5093

SilverStripe 2.3.x contains a vulnerability in Member_ProfileForm (security/Member.php) up to version 2.3.7 that allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user. Affected software: SilverStripe 2.3.x (before 2.3.7). Root cause: input han...

5CVSS6.9AI score0.01547EPSS
Exploits1References6Affected Software1
0day.today
0day.today
added 2010/02/25 12:0 a.m.43 views

jQuery 2.3.5 Cross Site Scripting Vulnerability

Exploit for unknown platform in category web applications =============================================== jQuery 2.3.5 Cross Site Scripting Vulnerability =============================================== +----------------------------------------------+ ADVISORY jQuery Validate 1.6.0 Demo Code...

7.1AI score
Exploits0
Rows per page
Query Builder