Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:18 декабря 2012 г.
Источник:
SecurityVulns ID:12791
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:OPENDOCMAN : OpenDocMan 1.2
 FCKEDITOR : FCKeditor 2.6
 TINYBROWSER : TinyBrowser 1.42
 WORDPRESS : Rokbox 2.13
 FOSWIKI : Foswiki 1.1
 WORDPRESS : WordPress 3.5
 WORDPRESS : portable-phpMyAdmin 1.3
 ADDRESSBOOK : Addressbook 8.1
 FRONTACCOUNT : Front Account 2.3
 AXWAY : SecureTransport 5.1
CVE:CVE-2012-6330 (The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.)
 CVE-2012-6329 (The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.)
 CVE-2012-5469 (The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.)
 CVE-2012-4991 (Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.)
Оригинальный текстdocumentPerez, Sebastian (LATCO - Buenos Aires), Path Traversal Vulnerability on Secure Transport versions 5.1 SP2 and earlier (18.12.2012)
 documentbugreport_(at)_itguard.info, FCKEditor File Upload Vulnerability (18.12.2012)
 documentKenneth F. Belva, File Upload Concern in Front Account 2.3.13 and OpenDocMan 1.2.6.2 (18.12.2012)
 documentKenneth F. Belva, OpenDocMan 1.2.6.2 - 3 Vulnerabilities (18.12.2012)
 documentKenneth F. Belva, Addressbook v8.1.24.1 Group Name XSS (18.12.2012)
 documentMark Stanislav, 'portable-phpMyAdmin (WordPress Plugin)' Authentication Bypass (CVE-2012-5469) (18.12.2012)
 documentFireFart_(at)_gmail.com, Wordpress Pingback Port Scanner (18.12.2012)
 documentGeorge Clark, Foswiki Security Alert CVE-2012-6329, CVE-2012-6330 Remote code execution and other vulnerabilities in MAKETEXT macro (18.12.2012)
 documentMustLive, Multiple vulnerabilities in RokBox for WordPress (18.12.2012)
 documentMustLive, TinyBrowser Upload Shell Vulnerability (18.12.2012)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород