5 matches found
EUVD-2012-5279
Malware in sbrugna...
Authentication flaw
The XSLTCompiledTransform function in Ektron Content Management System CMS before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or...
CVE-2012-5358
The XSLTCompiledTransform function in Ektron Content Management System CMS before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or...
CVE-2012-5358
The XSLTCompiledTransform function in Ektron Content Management System CMS before 8.02 SP5 configures the XSL with enableDocumentFunction set to true, which allows remote attackers to read arbitrary files and consequently bypass authentication, modify viewstate, cause a denial of service, or...
CVE-2012-5358
Affected software: Ektron Content Management System (CMS) prior to 8.02 SP5. Vulnerable component: XslCompiledTransform/XSLT processing configured with insecure flags (enableDocumentFunction or enablescript) in ekajaxtransform.aspx. Root cause: Improper XSLT handling allows crafted XSL data to tr...