Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:29 октября 2012 г.
Источник:
SecurityVulns ID:12674
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SIMPLEMACHINES : Simple Machines Forum 2.0
 VIEWVC : viewvc 1.1
 TASKFREAK : TaskFreak 0.6
 WORDPRESS : Wordpress 3.4
 WORDPRESS : Wordpress Download Monitor 3.3
 LAYTON : Layton Helpbox 4.4
 INVENTORY : Inventory 1.0
 WORDPRESS : GRAND Flash Album Gallery 1.9
 WORDPRESS : GRAND Flash Album Gallery 2.0
 VAM : VaM Shop 1.69
 CLIPBUCKET : ClipBucket 2.6
 CMSMINI : CMSMini 0.2
 NOVOSOLUTIONS : Knowledge Base EE 4.62
CVE:CVE-2012-4977 (Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network.)
 CVE-2012-4976 (selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.)
 CVE-2012-4975 (editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.)
 CVE-2012-4974 (Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie.)
 CVE-2012-4973
 CVE-2012-4972 (Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_problem_desc, (4) sys_solution_desc, (5) sys_problemsummary, (6) usr_Action_testing, (7) usr_Escalation, or (8) usr_Additional_Resources parameter to writesolutionuser.asp or the (9) sys_solution_id parameter to deletesolution.asp.)
 CVE-2012-4971 (Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp.)
 CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.)
 CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the "extra" details in the DiffSource._get_row function in lib/viewvc.py in ViewVC 1.0.x before 1.0.13 and 1.1.x before 1.1.16 allows remote authenticated users with repository commit access to inject arbitrary web script or HTML via the "function name" line.)
 CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak.")
 CVE-2012-3356 (The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors.)
 CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request.)
Оригинальный текстdocumentVulnerability Lab, ASTPP VoIP Billing (4cf207a) - Multiple Web Vulnerabilities (29.10.2012)
 documentVulnerability Lab, Knowledge Base EE v4.62.0 - SQL Injection Vulnerability (29.10.2012)
 documentRoberto Paleari, Multiple vulnerabilities in Ezylog photovoltaic management server (29.10.2012)
 documentJoseph Sheridan, Wordpress Download Monitor - Download Page Cross-Site Scripting (29.10.2012)
 documentNetsparker Advisories, XSS Vulnerabilities in TaskFreak (29.10.2012)
 documentNetsparker Advisories, XSS Vulnerabilities in CMSMini (29.10.2012)
 documentNetsparker Advisories, XSS Vulnerabilities in ClipBucket (29.10.2012)
 documentsec.team_(at)_cyberservices.com, VaM Shop Cross-Site Scripting and Blind SQL Injection Vulnerabilities (29.10.2012)
 documentIrIsT.Ir_(at)_gmail.com, Smf 2.0.2 Cross-Site Scripting Vulnerability (29.10.2012)
 documentJanek Vind, [waraxe-2012-SA#094] - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin (29.10.2012)
 documentIrIsT.Ir_(at)_gmail.com, Wordpress 3.4 Cross-Site Scripting Vulnerability (29.10.2012)
 documentThomas Richards, Inventory 1.0 Multiple SQL Vulnerabilities (29.10.2012)
 documentThomas Richards, Inventory 1.0 Multiple XSS Vulnerabilities (29.10.2012)
 documentJoseph Sheridan, [SECURITY] [DSA 2563-1] viewvc security update (29.10.2012)
 documentJoseph Sheridan, Layton Helpbox 4.4.0 Multiple Security Issues (29.10.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород