CVE-2017-5965
https://notcve.org/view.php?id=CVE-2017-5965
The package manager in Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to execute arbitrary ASP code by creating a ZIP archive in which a .asp file has a ..\ in its pathname, visiting sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx to upload this archive and extract its contents, and visiting a URI under sitecore/ to execute the .asp file. El administrador de paquetes de CRM versión 8.1 Rev 151207 de Sitecore, permite a los administradores autenticados remotos ejecutar código ASP arbitrario mediante la creación de un archivo ZIP en el que un archivo .asp tiene un ..\ en su nombre de ruta (path), visitando el archivo sitecore/shell/applications/install/dialogs/Upload%20Package/UploadPackage2.aspx para cargar este archivo y extraer su contenido, y visitando un URI en sitecore/ para ejecutar el archivo .asp. • http://research.aurainfosec.io/disclosures/2017-05-18-sitecore •
CVE-2017-5966
https://notcve.org/view.php?id=CVE-2017-5966
Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators to read arbitrary files via an absolute path traversal attack on sitecore/shell/download.aspx with the file parameter. CRM versión 8.1 Rev 151207 de Sitecore, permite a los administradores autenticados remotos leer archivos arbitrarios por medio de un ataque de salto de ruta (path) absoluta en el archivo sitecore/shell/download.aspx con el parámetro file. • http://research.aurainfosec.io/disclosures/2017-05-18-sitecore • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-8855 – Sitecore CMS 8.1 Update-3 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-8855
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2. XSS en "/sitecore/client/Applications/List Manager/Taskpages/Contact list" en Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) permite ataques remotos a través del parámetro Name o Description. Esto se soluciona en 8.2 Update-2. Sitecore Experience Platform version 8.1 Update-3 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/41618 https://packetstormsecurity.com/files/141655/Sitecore-Experience-Platform-8.1-Update-3-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-100004
https://notcve.org/view.php?id=CVE-2014-100004
Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information. Vulnerabilidad de XSS en Sitecore CMS anterior a 7.0 actualización-4 (rev. 140120) permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro xmlcontrol en la URI por defecto. NOTA: algunos de estos detalles se obtienen de información de terceras partes. • http://osvdb.org/102660 http://secunia.com/advisories/56705 http://sitecorekh.blogspot.dk/2014/01/sitecore-releases-70-update-4-rev-140120.html http://www.securityfocus.com/archive/1/530901/100/0/threaded http://www.securityfocus.com/bid/65254 https://exchange.xforce.ibmcloud.com/vulnerabilities/90833 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2009-4367 – Sitecore Staging Module 5.4.0 - Authentication Bypass / File Manipulation
https://notcve.org/view.php?id=CVE-2009-4367
The Staging Webservice ("sitecore modules/staging/service/api.asmx") in Sitecore Staging Module 5.4.0 rev.080625 and earlier allows remote attackers to bypass authentication and (1) upload files, (2) download files, (3) list directories, and (4) clear the server cache via crafted SOAP requests with arbitrary Username and Password values, possibly related to a direct request. Staging Webservice ("sitecore modules/staging/service/api.asmx") en Sitecore Staging Module v5.4.0 rev.080625 y anteriores permite a atacantes remotos saltar la autenticación y (1) subir ficheros, (2) bajar ficheros, (3) listar directorios, y (4) limpiar la caché del servidor mediante peticiones SOAP modificas con valores "Username" y "Password" de su elección, posiblemente relacionado con una petición directa. • https://www.exploit-db.com/exploits/10513 http://osvdb.org/61147 http://secunia.com/advisories/37763 http://www.exploit-db.com/exploits/10513 http://www.securityfocus.com/archive/1/508529/100/0/threaded http://www.securityfocus.com/bid/37388 https://exchange.xforce.ibmcloud.com/vulnerabilities/54881 https://www.sec-consult.com/files/20091217-0_sitecore_StagingModule_1.0.txt • CWE-287: Improper Authentication •