Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28983
HistoryJan 28, 2013 - 12:00 a.m.

[SECURITY] [DSA 2611-1] movabletype-opensource security update

2013-01-2800:00:00
vulners.com
28
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Debian Security Advisory DSA-2611-1 [email protected]
http://www.debian.org/security/ Yves-Alexis Perez
January 22, 2013 http://www.debian.org/security/faq

Package : movabletype-opensource
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2013-0209
Debian Bug : 697666

An input sanitation problem has been found in upgrade functions of
movabletype-opensource, a web-based publishing platform. Using carefully
crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS
command and SQL queries.

For the stable distribution (squeeze), this problem has been fixed in
version 4.3.8+dfsg-0+squeeze3.

For the testing distribution (wheezy), this problem has been fixed in
version 5.1.2+dfsg-1.

For the unstable distribution (sid), this problem has been fixed in
version 5.1.2+dfsg-1.

We recommend that you upgrade your movabletype-opensource packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iQEcBAEBCgAGBQJQ/jMZAAoJEG3bU/KmdcClxhQH/AjkGtmqNV08gRFPbnKvAV/p
ovjbaBwCuXCwnMaYL23GCjxwJ2Ic7/jba/6f/Dnm1g6nr0T+ybbMzCjy5fQtpoQz
Nu5FMN1mfAGDQbmaruDjWcqOOdUBBv0zWAkDMCiEHJvmVyoCQxBM1/Qtrvph6gmM
SJVjd8ZkOrYZVtxEQTwxUw/um/mqKStEhlPYzMBElqYm7zXD2r3L2IrqJZz//8cm
yvYOHHVC7dwvcTgUs7bxBjkYRGTbzbynLOc13s9snOKlF7qE8BkDRuCTSzNH5BBg
wksakOGqmbjS/stTn8SsZc8tI1NHwzumJUTgOKEC7y9GwQbWzmxhw0Q9ZeNPqRo=
=Cn8s
-----END PGP SIGNATURE-----

Related

ubuntucve 1
checkpoint_advisories 1
openvas 3
seebug 1
metasploit 1
debian 1
nessus 2
prion 1
cve 2
packetstorm 1
exploitdb 1
securityvulns 1
ubuntucve
ubuntucve
CVE-2013-0209
2013-01-23 00:00:00
checkpoint_advisories
checkpoint_advisories
Movable Type Web Upgrade Remote Code Execution (CVE-2013-0209)
2016-12-06 00:00:00
openvas
openvas
Debian Security Advisory DSA 2611-1 (movabletype-opensource - several vulnerabilities)
2013-01-22 00:00:00
Movable Type Multiple SQL Injection and Command Injection Vulnerabilities
2013-01-31 00:00:00
Debian: Security Advisory (DSA-2611-1)
2013-01-21 00:00:00
seebug
seebug
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2014-07-01 00:00:00
metasploit
metasploit
Movable Type 4.2x, 4.3x Web Upgrade Remote Code Execution
2013-01-22 11:58:24
debian
debian
[SECURITY] [DSA 2611-1] movabletype-opensource security update
2013-01-22 06:35:05
nessus
nessus
Debian DSA-2611-1 : movabletype-opensource - several vulnerabilities
2013-01-23 00:00:00
Movable Type mt-upgrade.cgi Remote Command Execution
2013-01-25 00:00:00
prion
prion
Sql injection
2013-01-23 01:55:00
cve
cve
CVE-2013-0209
2013-01-23 01:55:00
CVE-2012-6315
2013-01-23 01:55:00
packetstorm
packetstorm
Movable Type 4.2x / 4.3x Web Upgrade Remote Code Execution
2013-01-25 00:00:00
exploitdb
exploitdb
Movable Type 4.2x/4.3x - Web Upgrade Remote Code Execution (Metasploit)
2013-01-07 00:00:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-01-28 00:00:00
JSON
Related for SECURITYVULNS:DOC:28983
ubuntucve1checkpoint_advisories1openvas3seebug1metasploit1debian1nessus2prion1cve2packetstorm1exploitdb1securityvulns1