15 matches found
EUVD-2016-8828
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-7982
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the...
CVE-2016-7999
ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...
CVE-2016-7980
Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted validerxml request. NOTE: this issue can be combin...
DEBIAN-CVE-2016-7982
Directory traversal vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the varurl parameter in a validerxml action...
CVE-2016-7980
Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted validerxml request. NOTE: this issue can be combin...
CVE-2016-7981
Cross-site scripting XSS vulnerability in validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the varurl parameter in a validerxml action...
CVE-2016-7981
Summary: CVE-2016-7981 is an XSS vulnerability in SPIP 3.1.2 and earlier. The issue occurs in the valider_xml.php handler, where the var_url parameter in a valider_xml action can be exploited by remote attackers to inject arbitrary web script or HTML into victims’ browsers. This is confined to SP...
CVE-2016-7998
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...
CVE-2016-7999
ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...
CVE-2016-7980
Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted validerxml request. NOTE: this issue can be combin...
CVE-2016-7998
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...
SPIP 3.1.2 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications SPIP 3.1.2 Exec Code Cross-Site Request Forgery CVE-2016-7980 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software,...
SPIP 3.1.2 Template CompilerComposer - PHP Code Execution
SPIP 3.1.2 Template CompilerComposer - PHP Code Execution SPIP 3.1.2 Template Compiler/Composer PHP Code Execution CVE-2016-7998 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free...
SPIP 3.1.2 - Cross-Site Request Forgery
SPIP 3.1.2 Exec Code Cross-Site Request Forgery CVE-2016-7980 Product Description SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence. Vulnerability...