Page 32 of 158 results (0.022 seconds)

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2015-4093

https://notcve.org/view.php?id=CVE-2015-4093

Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Elasticsearch Kibana 4.x anterior a 4.0.3 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de vectores no especificados. • http://packetstormsecurity.com/files/132232/Kibana-4.0.2-Cross-Site-Scripting.html http://www.securityfocus.com/archive/1/535726/100/0/threaded http://www.securityfocus.com/bid/75107 https://www.elastic.co/community/security • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0

CVE-2014-4326

https://notcve.org/view.php?id=CVE-2014-4326

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. Elasticsearch Logstash 1.0.14 hasta 1.4.x anterior a 1.4.2 permite a atacantes remotos ejecutar comandos arbitrarios a través de un evento manipulado en (1) zabbix.rb o (2) nagios_nsca.rb en outputs/. • http://www.elasticsearch.org/blog/logstash-1-4-2 http://www.securityfocus.com/archive/1/532841/100/0/threaded https://www.elastic.co/community/security • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.0EPSS: 2%CPEs: 2EXPL: 3

CVE-2008-1606 – Elastic Path 4.1 - '/manager/FileManager.jsp?dir' Traversal Arbitrary Directory Listing

https://notcve.org/view.php?id=CVE-2008-1606

Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp. Múltiples vulnerabilidades de Salto de Directorio en Elastic Path (EP) 4.1 y 4.1.1, permiten a atacantes remotos (1) descargar archivos de su elección mediante un .. (punto punto) en el parámetro file de manager/getImportFileRedirect.jsp, (2) subir archivos de su elección mediante un “..\” (punto punto barra invertida) en el parámetro file de importData.jsp y (3) listar contenidos de directorio mediante un .. • https://www.exploit-db.com/exploits/31446 https://www.exploit-db.com/exploits/31445 http://developer.elasticpath.com/entry%21default.jspa?categoryID=4&externalID=1334 http://secunia.com/advisories/29496 http://weblog.nomejortu.com/?p=37 http://www.mwrinfosecurity.com/publications/mwri_elastic-path-arbitrary-file-system-access_2008-02-22.pdf http://www.securityfocus.com/bid/28352 https://exchange.xforce.ibmcloud.com/vulnerabilities/41356 https://exchange.xforce.ibmcloud.com/vulnerabilities/41364 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •