Page 7 of 60 results (0.014 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2013-6789

https://notcve.org/view.php?id=CVE-2013-6789

security/MemberLoginForm.php in SilverStripe 3.0.3 supports credentials in a GET request, which allows remote or local attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, a similar vulnerability to CVE-2013-2653. security/ MemberLoginForm.php en SilverStripe 3.0.3 apoya las credenciales en una solicitud GET, que permite a atacantes remotos o locales obtener información sensible mediante la lectura de los registros de log de acceso del servidor web, logsReferer del servidor web, o el historial del navegador, una vulnerabilidad similar a CVE-2013-2653. • http://seclists.org/bugtraq/2013/Aug/12 https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.8EPSS: 2%CPEs: 1EXPL: 2

CVE-2013-2653 – SilverStripe CMS - 'MemberLoginForm.php' Information Disclosure

https://notcve.org/view.php?id=CVE-2013-2653

security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim. security/MemberLoginForm.php en SilverStripe 3.0.3 ofrece soporte al inicio de sesión mediante el uso de una petición GET, lo que hace más sencillo para atacantes remotos llevar a cabo ataques de phishing sin detección por parte de la víctima. SilverStripe CMS version 3.0.3 suffers from an information exposure issue through query strings in GET requests. • https://www.exploit-db.com/exploits/38689 http://seclists.org/bugtraq/2013/Aug/12 https://github.com/chillu/silverstripe-framework/commit/3e88c98ca513880e2b43ed7f27ade17fef5d9170 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2012-6458

https://notcve.org/view.php?id=CVE-2012-6458

Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName, (2) Surname, or (3) Email parameter to code/forms/OrderFormAddress.php; or the (4) FirstName or (5) Surname parameter to code/forms/ShopAccountForm.php. Múltiples vulnerabilidades de cross-site scripting (XSS) en el módulo SilverStripe e-commerce v3.0 para SilverStripe CMS, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los parámetros (1) FirstName, (2) Surname, o (3) Email en code/forms/OrderFormAddress.php; o los parámetros (4) FirstName o (5) Surname en code/forms/ShopAccountForm.php. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0090.html https://code.google.com/p/silverstripe-ecommerce/source/detail?r=3739 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

CVE-2010-5078

https://notcve.org/view.php?id=CVE-2010-5078

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version. SilverStripe v2.3.x antes de v2.3.10 y v2.4.x antes de v2.4.4 almacena información sensible bajo la raíz web con controles de acceso insuficientes, lo que permite a atacantes remotos obtener información de la versión a través de una petición directa a (1) apphire/silverstripe_version ó (2) cms/silverstripe_version. • http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10 http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4 http://open.silverstripe.org/ticket/5031 http://secunia.com/advisories/42346 http://www.openwall.com/lists/oss-security/2011/01/03/12 http://www.openwall.com/lists/oss-security/2012/04/30/1 http://www.openwall.com/lists/oss-security/2012/04/30/3 http://www.openwall.com/lists/oss-security/2012/05/01/3 http://www.os • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0

CVE-2010-5079

https://notcve.org/view.php?id=CVE-2010-5079

SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak entropy when generating tokens for (1) the CSRF protection mechanism, (2) autologin, (3) "forgot password" functionality, and (4) password salts, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. SilverStripe 2.3.x antes de 2.3.10 y 2.4.x antes de 2.4.4 utiliza una entropía débil para la generación de fichas para (1) el mecanismo de protección CSRF, (2) el inicio de sesión automático (autologin), (3) la funcionalidad "Olvidó su contraseña" y (4) los "password salts", lo que hace que sea más fácil para los atacantes remotos evitar las restricciones de acceso a través de vectores no especificados. • http://doc.silverstripe.org/framework/en/trunk/changelogs//2.3.10 http://doc.silverstripe.org/framework/en/trunk/changelogs//2.4.4 http://open.silverstripe.org/changeset/114497 http://open.silverstripe.org/changeset/114498 http://open.silverstripe.org/changeset/114503 http://open.silverstripe.org/changeset/114504 http://open.silverstripe.org/changeset/114505 http://www.openwall.com/lists/oss-security/2011/01/03/12 http://www.openwall.com/lists/oss-security/2012/04/30/1 • CWE-310: Cryptographic Issues •