John McLear - Security Researcher - Exploit Intelligence Platform

CVE-2015-3297 WRITEUP HIGH WRITEUP

Etherpad <1.5.2 - Path Traversal

Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows remote attackers to read arbitrary files by leveraging replacement of backslashes with slashes in the path parameter of HTTP API requests.

CVSS 7.5

View Code

CVE-2020-22783 WRITEUP MEDIUM WRITEUP

Etherpad <1.8.3 - Info Disclosure

Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad.

CVSS 6.5

View Code

CVE-2020-22784 WRITEUP HIGH WRITEUP

Etherpad UeberDB < 0.4.4 - Auth Bypass

In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names.

CVSS 7.5

View Code