etherpad etherpad vulnerabilities and exploits

(subscribe to this query)

5

CVSSv2

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is...

Etherpad Etherpad

7.5

CVSSv2

The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability...

Ep Imageconvert Project Ep Imageconvert

4.3

CVSSv2

templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer....

Etherpad Etherpad 1.7.5

7.5

CVSSv2

Etherpad Lite before 1.6.4 is exploitable for admin access....

Etherpad Etherpad Lite

5

CVSSv2

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names....

Etherpad Etherpad

7.5

CVSSv2

Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code....

Etherpad Etherpad 1.6.3

6.8

CVSSv2

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute arbitrary code on the server. The instance has to be configured to use a document database (DirtyDB, CouchDB, MongoDB, or RethinkDB)....

Etherpad Etherpad

4.3

CVSSv2

static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via window.location.href....

Etherpad Etherpad Lite

7.5

CVSSv2

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions....

Etherpad Etherpad1 Github repository available

5

CVSSv2

node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID....

Etherpad Etherpad 1.5.0 Etherpad Etherpad 1.5.1

1 2 NEXT »