CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15566
https://notcve.org/view.php?id=CVE-2019-15566
The Alfresco application before 1.8.7 for Android allows SQL injection in HistorySearchProvider.java. La aplicación Alfresco anterior a 1.8.7 para Android permite la inyección SQL en HistorySearchProvider.java. • https://github.com/Alfresco/alfresco-android-app/pull/547 https://github.com/Alfresco/alfresco-android-app/releases/tag/1.8.7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3366
https://notcve.org/view.php?id=CVE-2015-3366
Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an alfresco node via unspecified vectors. Vulnerabilidad de CSRF en el módulo Alfresco anterior a 6.x-1.3 para Drupal permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que eliminan un nodo alfresco a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2015/01/29/6 http://www.securityfocus.com/bid/74273 https://www.drupal.org/node/2411501 https://www.drupal.org/node/2411523 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2014-9300
https://notcve.org/view.php?id=CVE-2014-9300
Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credentials via a URL in the url parameter. Vulnerabilidad de CSRF en el servlet cmisbrowser en Content Management Interoperability Service (CMIS) en Alfresco Community Edition anterior a 5.0.a permite a atacantes remotos secuestrar la autenticación de usuarios para solicitudes que acceden a URLs autorizadas y obtener las credenciales de usuarios a través de una URL en el parámetro url. • http://seclists.org/bugtraq/2014/Jul/72 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 2%CPEs: 1EXPL: 3CVE-2014-9301 – Alfresco - '/proxy?endpoint' Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2014-9301
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter. Vulnerabilidad de SSRF en el servlet proxy en Alfresco Community Edition anterior a 5.0.a permite a atacantes remotos provocar solicitudes salientes a servidores de intranet, realizar el escaneo de puertos, y leer ficheros arbitrarios a través de una URI manipulada en el parámetro endpoint. • https://www.exploit-db.com/exploits/39258 http://seclists.org/bugtraq/2014/Jul/72 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140716-0_Alfresco_Community_Edition_Multiple_SSRF_vulnerabilities_v10.txt •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2939
https://notcve.org/view.php?id=CVE-2014-2939
Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3) the taskId parameter to share/page/task-edit. Múltiples vulnerabilidades de XSS en Alfresco Enterprise before 4.1.6.13 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de (1) un documento XHTML, (2) una etiqueta <% o (3) el parámetro taskId hacia share/page/task-edit. • http://www.kb.cert.org/vuls/id/537684 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •