Page 4 of 26 results (0.008 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-7999 – SPIP 3.1.2 Server Side Request Forgery

https://notcve.org/view.php?id=CVE-2016-7999

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. Ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes llevar a cabo ataques de SSRF a través de una URL en el parámetro var_url en una acción valider_xml. SPIP versions 3.1.2 and below suffer from a server-side request forgery vulnerability. • http://www.openwall.com/lists/oss-security/2016/10/05/17 http://www.openwall.com/lists/oss-security/2016/10/07/5 http://www.openwall.com/lists/oss-security/2016/10/08/6 http://www.openwall.com/lists/oss-security/2016/10/12/10 http://www.securityfocus.com/bid/93451 https://core.spip.net/projects/spip/repository/revisions/23188 https://core.spip.net/projects/spip/repository/revisions/23193 https://sysdream.com/news/lab/2016-10-19-spip-3-1-2-server-side • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2016-7998 – SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution

https://notcve.org/view.php?id=CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action. El compositor/compilador de plantillas de SPIP en SPIP 3.1.2 y versiones anteriores permite a usuarios remotos autentificados ejecutar código PHP arbitrario cargando un archivo HTML con una etiqueta INCLUDE (1) o INCLURE (2) manipulada y después accediendo a ella con una acción valider_xml. SPIP versions 3.1.2 and below suffer from a PHP code execution vulnerability. • https://www.exploit-db.com/exploits/40595 http://www.openwall.com/lists/oss-security/2016/10/05/17 http://www.openwall.com/lists/oss-security/2016/10/07/5 http://www.openwall.com/lists/oss-security/2016/10/08/6 http://www.securityfocus.com/bid/93451 https://core.spip.net/projects/spip/repository/revisions/23186 https://core.spip.net/projects/spip/repository/revisions/23189 https://core.spip.net/projects/spip/repository/revisions/23192 https://sysdream.com/news • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1

CVE-2016-7982 – SPIP 3.1.1/3.1.2 - File Enumeration / Path Traversal

https://notcve.org/view.php?id=CVE-2016-7982

Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action. Vulnerabilidad de salto de directorio en ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos enumerar los archivos en el sistema a través del parámetro var_url en una acción valider_xml. SPIP versions 3.1.2 and below suffer from file enumeration and path traversal vulnerabilities. • https://www.exploit-db.com/exploits/40596 http://www.openwall.com/lists/oss-security/2016/10/05/17 http://www.openwall.com/lists/oss-security/2016/10/06/6 http://www.openwall.com/lists/oss-security/2016/10/12/8 http://www.securityfocus.com/bid/93451 https://core.spip.net/projects/spip/repository/revisions/23200 https://sysdream.com/news/lab/2016-10-19-spip-3-1-1-3-1-2-file-enumeration-path-traversal-cve-2016-7982 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-7981 – SPIP 3.1.2 Cross Site Scripting

https://notcve.org/view.php?id=CVE-2016-7981

Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. Vulnerabilidad de XSS en valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro var_url en una acción valider_xml. SPIP versions 3.1.2 and below suffer from a cross site scripting vulnerability. • http://www.openwall.com/lists/oss-security/2016/10/05/17 http://www.openwall.com/lists/oss-security/2016/10/06/6 http://www.openwall.com/lists/oss-security/2016/10/12/7 http://www.securityfocus.com/bid/93451 https://core.spip.net/projects/spip/repository/revisions/23200 https://core.spip.net/projects/spip/repository/revisions/23201 https://core.spip.net/projects/spip/repository/revisions/23202 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2016-7980 – SPIP 3.1.2 - Cross-Site Request Forgery

https://notcve.org/view.php?id=CVE-2016-7980

Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code. Vulnerabilidad de CSRF en ecrire/exec/valider_xml.php en SPIP 3.1.2 y versiones anteriores permite a atacantes remotos secuestrar la autenticación de los administradores de las solicitudes que ejecutan el validador XML en un archivo local a través de una solicitud valider_xml manipulada. NOTA: este problema se puede combinar con CVE-2016-7998 para ejecutar código PHP arbitrario. SPIP versions 3.1.2 and below suffer from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/40597 http://www.openwall.com/lists/oss-security/2016/10/05/17 http://www.openwall.com/lists/oss-security/2016/10/06/6 http://www.openwall.com/lists/oss-security/2016/10/12/6 http://www.securityfocus.com/bid/93451 https://core.spip.net/projects/spip/repository/revisions/23201 https://core.spip.net/projects/spip/repository/revisions/23202 https://core.spip.net/projects/spip/repository/revisions/23203 https://sysdream.com/news • CWE-352: Cross-Site Request Forgery (CSRF) •