GDPR’s First-Year Impact By the Numbers

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2019-10046
PUBLISHED: 2019-05-31

An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information.

CVE-2019-10047
PUBLISHED: 2019-05-31

A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be used t…

CVE-2019-10048
PUBLISHED: 2019-05-31

The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin’s configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying ope…

CVE-2019-10049
PUBLISHED: 2019-05-31

It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user …

CVE-2019-10069
PUBLISHED: 2019-05-31

In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly.

Read moreā€¦

Leave a Reply