12 matches found
EUVD-2016-4206
Malware in sbrugna...
EUVD-2022-31397
Malicious code in bioql PyPI...
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the oups parameter at /ecrire...
Design/Logic Flaw
SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js...
CVE-2023-52322
ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from request is not restricted to safe characters such as alphanumerics...
DLA-3347-1 spip - security update
Bulletin has no description...
DSA-5093-1 spip - security update
Bulletin has no description...
DSA-4532-1 spip - security update
Bulletin has no description...
SPIP ecran_securite connect Parameter RCE
SPIP core/securite/ecransecurite.php connect Parameter Remote Code Execution Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...
CVE-2013-4555
Cross-site request forgery CSRF vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors...
CVE-2009-3041
SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper access control for 1 ecrire/exec/install.php and 2 ecrire/index.php, which allows remote attackers to conduct unauthorized activities related to installation and backups, as exploited in the wild in August 2009...
CVE-2006-0519
SPIP 1.8.2-e and earlier and 1.9 Alpha 2 5539 and earlier allows remote attackers to obtain sensitive information via a direct request to inc-messforum.php3, which reveals the path in an error message...