RSS   Vulnerabilities for 'Etherpad'   RSS

2018-04-07
 
CVE-2018-9326

CWE-noinfo
 

 
Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code.

 
2018-02-08
 
CVE-2018-6835

CWE-284
 

 
node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.

 
2018-01-12
 
CVE-2015-2298

CWE-200
 

 
node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might allow remote attackers to obtain sensitive information by leveraging an improper substring check when exporting a padID.

 
2017-09-07
 
CVE-2015-4085

 

 
Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1.

 
2017-07-07
 
CVE-2015-3297

 

 
Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.

 


Copyright 2019, cxsecurity.com

 

Back to Top