6 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-7980
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of...
Linux Distros Unpatched Vulnerability : CVE-2016-7999
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl paramet...
DEBIAN-CVE-2016-7998
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...
DEBIAN-CVE-2016-7999
ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...
UBUNTU-CVE-2016-7999
ecrire/exec/validerxml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery SSRF attacks via a URL in the varurl parameter in a validerxml action...
UBUNTU-CVE-2016-7998
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...