|
302731
|
- |
|
silverstripe
|
silverstripe
|
Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination.
|
CWE-79
Cross-site Scripting
|
CVE-2010-5095
|
2024-11-21 10:22 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302732
|
- |
|
silverstripe
|
silverstripe
|
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5094
|
2024-11-21 10:22 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302733
|
- |
|
silverstripe
|
silverstripe
|
Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5093
|
2024-11-21 10:22 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302734
|
- |
|
silverstripe
|
silverstripe
|
The Add Member dialog in the Security admin page in SilverStripe 2.4.0 saves user passwords in plaintext, which allows local users to obtain sensitive information by reading a database.
|
CWE-255
Credentials Management
|
CVE-2010-5092
|
2024-11-21 10:22 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302735
|
- |
|
silverstripe
|
silverstripe
|
The setName function in filesystem/File.php in SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1 allows remote authenticated users with CMS author privileges to execute arbitrary PHP code by cha…
|
CWE-94
Code Injection
|
CVE-2010-5091
|
2024-11-21 10:22 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302736
|
- |
|
silverstripe
|
silverstripe
|
SilverStripe before 2.4.2 allows remote authenticated users to change administrator passwords via vectors related to admin/security.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5090
|
2024-11-21 10:22 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302737
|
- |
|
silverstripe
|
silverstripe
|
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5089
|
2024-11-21 10:22 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302738
|
- |
|
silverstripe
|
silverstripe
|
Multiple cross-site request forgery (CSRF) vulnerabilities in SilverStripe 2.3.x before 2.3.9 and 2.4.x before 2.4.3 allow remote attackers to hijack the authentication of administrators via destruct…
|
CWE-352
Origin Validation Error
|
CVE-2010-5088
|
2024-11-21 10:22 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302739
|
- |
|
silverstripe
|
silverstripe
|
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism and hijack the authentication of administrators vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5087
|
2024-11-21 10:22 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302740
|
- |
|
silverstripe
|
silverstripe
|
The Security/changepassword URL action in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 passes a token as a GET parameter while changing a password through email, which allows remote attack…
|
CWE-255
CWE-352
Credentials Management
Origin Validation Error
|
CVE-2010-5080
|
2024-11-21 10:22 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
