Showing 1 - 1 of 1

CVE-2015-0923

Status Candidate

Overview

The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference within an XML document named in the xslt parameter, related to an XML External Entity (XXE) issue.

Related Files

Ektron 8.5 / 8.7 / 9.0 XSLT Transform Remote Code Execution: Posted Mar 4, 2017; Authored by catatonicprime | Site metasploit.com; Ektron versions 8.5, 8.7 equal to and below sp1, and 9.0 before sp1 have vulnerabilities in various operations within the ServerControlWS.asmxweb services. These vulnerabilities allow for remote code execution without authentication and execute in the context of IIS on the remote system.; tags | exploit, remote, vulnerability, code execution; advisories | CVE-2015-0923; SHA-256 | 6b1de3cc6f9202a90298b9c0b5161490264ce265eaa1362e8c2215e2610223ee; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 70 files
indoushka 69 files
Debian 22 files
LiquidWorm 19 files
Google Security Research 8 files
Gentoo 7 files
malvuln 6 files
Seth Jenkins 4 files
Emiliano Febbi 4 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,147)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,676)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,132)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,946)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

CVE-2015-0923

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems