Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:29 июля 2013 г.
Источник:
SecurityVulns ID:13227
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:XYMON : Xymon 4.3
 MAGNOLIA : Magnolia CMS 4.5
 JOOMLA : Googlemaps plugin for Joomla 3.2
 DUPLICATOR : Duplicator 0.4
 MAGNOLIA : Magnolia CMS 5.0
 APACHE : OFBiz 12.04
CVE:CVE-2013-4759 (Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.)
 CVE-2013-4625 (Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.)
 CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other products, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to (1) cmsStageAllocLabV2ToV4curves, (2) cmsPipelineDup, (3) cmsAllocProfileSequenceDescription, (4) CurvesAlloc, and (5) cmsnamed.)
 CVE-2013-2250 (Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.)
 CVE-2013-2137 (Cross-site scripting (XSS) vulnerability in the "View Log" screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentUBUNTU, [USN-1911-1] Little CMS vulnerability (29.07.2013)
 documentAPACHE, [CVE-2013-2250] Apache OFBiz Nested expression evaluation allows remote users to execute arbitrary UEL functions in OFBiz (29.07.2013)
 documentAPACHE, [CVE-2013-2137] Apache OFBiz XSS vulnerability in the "View Log" screen of the Webtools application (29.07.2013)
 documentSp3ctrecore, Easy Blog by JM LLC - Multiple Vulnerabilities (29.07.2013)
 documentSp3ctrecore, Basic Forum by JM LLC - Multiple Vulnerabilities (29.07.2013)
 documentHenrik Stoerner, Xymon Systems and Network Monitor - remote file deletion vulnerability (29.07.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Magnolia CMS (29.07.2013)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Duplicator WordPress Plugin (29.07.2013)
 documentMustLive, DoS and XSS vulnerabilities in Googlemaps plugin for Joomla (29.07.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород