RSS   Vulnerabilities for 'Sharelatex'   RSS

2015-03-03
 
CVE-2015-0934

 

 
Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename.

 
 
CVE-2015-0933

 

 
Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include command.

 


Copyright 2024, cxsecurity.com

 

Back to Top