23 matches found
EUVD-2014-1037
Malware in sbrugna...
CVE-2024-22723
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...
Webtrees Path Traversal vulnerability
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...
GHSA-6W5Q-79RF-7C49 Webtrees Path Traversal vulnerability
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...
CVE-2024-22723
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...
CVE-2024-22723
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...
Directory traversal
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...
Webtrees Security Breach
Webtrees is a web application for publishing family trees online, collaborating with family members, and more. A security vulnerability exists in Webtrees version 2.1.18, which stems from an attacker's ability to navigate to other directories via the mediafolder parameter to access sensitive file...
CVE-2024-22723
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...
CVE-2024-22723
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...
CVE-2024-22723
Webtrees 2.1.18 is affected by a Directory Traversal via the media_folder URL parameter, enabling an administrator to access files outside the intended media/ directory. The issue is documented across multiple sources (Red Hat, GHSA, OSV, NVD, CVE records). Affected component: media_folder handli...
PT-2024-19543 Ā· Webtrees Ā· Webtrees
Name of the Vulnerable Software and Affected Versions: Webtrees version 2.1.18 Description: The issue allows an attacker, in this case, an administrator, to navigate beyond the intended directory, the 'media/' directory, to access sensitive files in other parts of the application's file system by...
FreeBSD : webtrees -- vulnerability (140a20e1-8769-11ed-b074-002b67dfc673)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 140a20e1-8769-11ed-b074-002b67dfc673 advisory. - Webtrees reports: GEDCOM imports containing errors and HTML displayed unescaped...
webtrees -- vulnerability
Webtrees reports: GEDCOM imports containing errors and HTML displayed unescaped...
in fisharebest/webtrees
Description The program allows to upload files with dangerous file types in the media upload section, leading to XSS and other exploits like shell uploads, HTML injection leading to Social Engineering attacks, etc ..., I have demonstrated HTML file upload leading to XSS here. Proof of Concept mov...
Cross-site Scripting (XSS) - Stored in fisharebest/webtrees
Description Multiple Stored XSS when Add new record at features Add a source citation, Add a shared note Proof of Concept // PoC.req POST /demo-stable/index.php?route=%2Fdemo-stable%2Ftree%2Fdemo%2Fcreate-source HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=35jvr7cdk25bf0s6k0e1r91c3e...
Open Redirect in fisharebest/webtrees
Description I saw this report : https://huntr.dev/bounties/ad4278af-52b7-4c34-8d43-9b829105d499/ and Also your fix commit https://www.github.com/fisharebest/webtrees/commit/551ad4afbcef2a72a6cf6461f1747762180b12c5 then I should say that the fix can be bypassed with such payloads : If the baseurl ...
Open Redirect in fisharebest/webtrees
Description OpenRedirect at login with parameter &url= Proof of Concept // PoC.request POST /demo-stable/index.php?route=%2Fdemo-stable%2Flogin%2Fdemo HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=ekks8678620p55do7do21jd4p1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...
Cross-site Scripting (XSS) - Stored in fisharebest/webtrees
āļø Description A malicious actor is able to add a malicious payload as a Family Tree Title, and after click the Family Tree nav button from the My Pages Menu, the XSS payload is executed. šµļøāāļø Proof of Concept 1;Create a new family tree, either when logging in after install for the first time, or...
Webtrees < 1.5.2 XSS Vulnerability - Active Check
Webtrees is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...