iglocska

68 exploits Active since Sep 2016
CVE-2015-5719 WRITEUP CRITICAL WRITEUP
MISP <2.3.92 - Info Disclosure
app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact and attack vectors.
CVSS 9.8
CVE-2015-5720 WRITEUP MEDIUM WRITEUP
MISP <2.3.90 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
CVSS 6.1
CVE-2015-5721 WRITEUP CRITICAL WRITEUP
MISP <2.3.90 - Code Injection
Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_event_from_template_attributes.ctp.
CVSS 9.8
CVE-2017-13671 WRITEUP MEDIUM WRITEUP
Misp < 2.4.78 - XSS
app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.
CVSS 6.1
CVE-2017-14337 WRITEUP HIGH WRITEUP
MISP <2.4.80 - Auth Bypass
When MISP before 2.4.80 is configured with X.509 certificate authentication (CertAuth) in conjunction with a non-MISP external user management ReST API, if an external user provides X.509 certificate authentication and this API returns an empty value, the unauthenticated user can be granted access as an arbitrary user.
CVSS 8.1
CVE-2017-15216 WRITEUP MEDIUM WRITEUP
Misp < 2.4.80 - XSS
MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.
CVSS 6.1
CVE-2017-16802 WRITEUP MEDIUM WRITEUP
MISP <2.4.82 - XSS
In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added.
CVSS 5.4
CVE-2017-16946 WRITEUP MEDIUM WRITEUP
MISP <2.4.82 - Info Disclosure
The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.
CVSS 4.9
CVE-2017-7215 WRITEUP MEDIUM WRITEUP
MISP <2.4.69 - XSS
Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML.
CVSS 6.1
CVE-2018-11245 WRITEUP MEDIUM WRITEUP
Misp - XSS
app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.
CVSS 6.1
CVE-2018-11562 WRITEUP MEDIUM WRITEUP
Misp - XSS
An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter.
CVSS 6.1
CVE-2018-12649 WRITEUP CRITICAL WRITEUP
MISP <2.4.92 - Auth Bypass
An issue was discovered in app/Controller/UsersController.php in MISP 2.4.92. An adversary can bypass the brute-force protection by using a PUT HTTP method instead of a POST HTTP method in the login part, because this protection was only covering POST requests.
CVSS 9.8
CVE-2018-6926 WRITEUP HIGH WRITEUP
Misp - OS Command Injection
In app/Controller/ServersController.php in MISP 2.4.87, a server setting permitted the override of a path variable on certain Red Hed Enterprise Linux and CentOS systems (where rh_shell_fix was enabled), and consequently allowed site admins to inject arbitrary OS commands. The impact is limited by the setting being only accessible to the site administrator.
CVSS 7.2
CVE-2018-8948 WRITEUP MEDIUM WRITEUP
Misp < 2.4.89 - XSS
In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has multiple XSS issues via a malicious MISP module.
CVSS 6.1
CVE-2018-8949 WRITEUP MEDIUM WRITEUP
MISP <2.4.89 - Privilege Escalation
An issue was discovered in app/Model/Attribute.php in MISP before 2.4.89. There is a critical API integrity bug, potentially allowing users to delete attributes of other events. A crafted edit for an event (without attribute UUIDs but attribute IDs set) could overwrite an existing attribute.
CVSS 4.3
CVE-2019-10254 WRITEUP MEDIUM WRITEUP
Misp < 2.4.105 - XSS
In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability.
CVSS 6.1
CVE-2019-11812 WRITEUP MEDIUM WRITEUP
MISP <2.4.107 - XSS
A persistent XSS issue was discovered in app/View/Helper/CommandHelper.php in MISP before 2.4.107. JavaScript can be included in the discussion interface, and can be triggered by clicking on the link.
CVSS 6.1
CVE-2019-11813 WRITEUP MEDIUM WRITEUP
MISP <2.4.107 - XSS
An issue was discovered in app/View/Elements/Events/View/value_field.ctp in MISP before 2.4.107. There is persistent XSS via link type attributes with javascript:// links.
CVSS 6.1
CVE-2019-11814 WRITEUP MEDIUM WRITEUP
MISP <2.4.107 - XSS
An issue was discovered in app/webroot/js/misp.js in MISP before 2.4.107. There is persistent XSS via image names in titles, as demonstrated by a screenshot.
CVSS 6.1
CVE-2019-12794 WRITEUP MEDIUM WRITEUP
Misp - Improper Privilege Management
An issue was discovered in MISP 2.4.108. Organization admins could reset credentials for site admins (organization admins have the inherent ability to reset passwords for all of their organization's users). This, however, could be abused in a situation where the host organization of an instance creates organization admins. An organization admin could set a password manually for the site admin or simply use the API key of the site admin to impersonate them. The potential for abuse only occurs when the host organization creates lower-privilege organization admins instead of the usual site admins. Also, only organization admins of the same organization as the site admin could abuse this.
CVSS 6.6
CVE-2019-12868 WRITEUP HIGH WRITEUP
Misp - Insecure Deserialization
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.
CVSS 7.2
CVE-2019-16202 WRITEUP MEDIUM WRITEUP
MISP <2.4.115 - Privilege Escalation
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.
CVSS 6.5
CVE-2019-19379 WRITEUP MEDIUM WRITEUP
MISP <2.4.118 - Auth Bypass
In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data.
CVSS 5.3
CVE-2019-9482 WRITEUP MEDIUM WRITEUP
MISP 2.4.102 - Info Disclosure
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for. Exploiting this requires access to the event that has received the sighting. The issue affects instances with restrictive sighting settings (event only / sighting reported only).
CVSS 5.3
CVE-2020-11458 WRITEUP MEDIUM WRITEUP
MISP <2.4.124 - Info Disclosure
app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php.
CVSS 4.9