Security | Elar Lang
  • Blog
  • Full disclosure
  • Research
  • Workaround
  • Archives

CVE-2017-15715 - Apache HTTP Server - FilesMatch bypass with a trailing newline at the end of the file name

CVE-2017-15715 - Apache HTTP Server - <FilesMatch> bypass with a trailing newline at the end of the file name.

more ...

CVE-2016-10007 and CVE-2016-10008 - 2 SQL injection vulnerabilities in dotCMS, blacklist defence bypass

2 SQL injection vulnerabilities in dotCMS. Related CVE list: CVE-2016-10007, CVE-2016-10008. Blacklist defence bypass.

more ...

Multiple SQL injection vulnerabilities in dotCMS (8x CVE Full Disclosure)

Multiple SQL injection vulnerabilities in dotCMS. Related CVE list: CVE-2016-8902, CVE-2016-8903, CVE-2016-8904, CVE-2016-8905, CVE-2016-8906, CVE-2016-8907, CVE-2016-8908, CVE-2016-4040.

more ...

CVE-2016-8600 dotCMS - CAPTCHA bypass by reusing valid code

CVE-2016-8600 dotCMS before version 3.6.0 allows attacker to programmatically reuse valid captcha code.

more ...

CVE-2016-4803 dotCMS - email header injection vulnerability (Full Disclosure)

CVE-2016-4803 Email Header Injection vulnerability in dotCMS framework allows attacker to send malicious emails using "valid" and "trusted" email server.

more ...
Elar Lang - penterster, lecturer, researcher

Elar Lang

Pentester, lecturer, researcher

  • Recent Posts

    • CVE-2017-15715 - Apache HTTP Server - FilesMatch bypass with a trailing newline at the end of the file name
    • CVE-2016-10007 and CVE-2016-10008 - 2 SQL injection vulnerabilities in dotCMS, blacklist defence bypass
    • Multiple SQL injection vulnerabilities in dotCMS (8x CVE Full Disclosure)
    • CVE-2016-8600 dotCMS - CAPTCHA bypass by reusing valid code
    • CVE-2016-4803 dotCMS - email header injection vulnerability (Full Disclosure)

  • Categories
    • Blog
    • Full Disclosure
    • Research
    • Workaround
© 2018 Elar Lang · Powered by pelican-bootstrap3, Pelican, Bootstrap

Back to top