20 matches found
EUVD-2018-2284
Malware in sbrugna...
EUVD-2018-2289
Malware in sbrugna...
EUVD-2018-2283
Malware in sbrugna...
CVE-2018-10211
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization when listing the history of another user via a modified "vaultizesessionid" value in a cookie...
CVE-2018-10210
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature...
Cross site scripting
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it...
Design/Logic Flaw
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...
Authorization
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper authorization leading to creation of folders within another account via a modified device value...
Cross site scripting
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name...
CVE-2018-10209
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name...
CVE-2018-10208
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is anonymous reflected XSS on the error page via a /share/error?message= URI...
Design/Logic Flaw
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature...
CVE-2018-10213
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is XSS in invitation mail received from a different user, who can modify the HTML in that mail before sending it...
CVE-2018-10210
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. Enumeration of users is possible through the password-reset feature...
CVE-2018-10213
Vaultize Enterprise File Sharing 17.05.31 is affected by a cross-site scripting (XSS) vulnerability in the invitation mail flow, where a recipient from a different user can modify HTML in the mail before sending it. This enables potential XSS payloads if trusted HTML is rendered by the recipient’...
CVE-2018-10206
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS via the optional message field of a file request...
CVE-2018-10207
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. An attacker can exploit Missing Authorization on the FlexPaperViewer SWF reader, and export files that should have been restricted, via vectors involving page-by-page access to a document in SWF format...
CVE-2018-10212
CVE-2018-10212 affects Vaultize Enterprise File Sharing 17.05.31, due to improper authorization that allows creation of folders in another account when a device value is modified. Multiple connected sources document this vulnerability; NVD lists CVSSv3.0 base score 5.4 (Medium). PT-2018-9759 expl...
PT-2018-9752 · Vaultize · Vaultize Enterprise File Sharing
Name of the Vulnerable Software and Affected Versions: Vaultize Enterprise File Sharing version 17.05.31 Description: An issue was discovered that allows for Stored XSS via the optional message field of a file request. Recommendations: For Vaultize Enterprise File Sharing version 17.05.31, consid...
PT-2018-9755 · Vaultize · Vaultize Enterprise File Sharing
Name of the Vulnerable Software and Affected Versions: Vaultize Enterprise File Sharing version 17.05.31 Description: An issue was discovered that allows for Stored XSS on the file or folder download pop-up. This occurs via a crafted file or folder name. Recommendations: For Vaultize Enterprise...