Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:2 октября 2013 г.
Источник:
SecurityVulns ID:13311
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:APACHE : Struts 2.3
 DJANGO : django 1.5
 GLPI : GLPI 0.84
 GNEW : Gnew 2013.1
 X2ENGINE : X2CRM 3.4
 WORDPRESS : Bradesco Gateway 2.0
 WORDPRESS : NOSpamPTI 2.1
 MONSTRACMS : Monstra CMS v.2
 WORDPRESS : Wordpress 3.6
 PHPLETTER : Ajax File and Image Manager 1.1
 WORDPRESS : Complete Gallery Manager 3.3
CVE:CVE-2013-5917 (SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.)
 CVE-2013-5916 (Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.)
 CVE-2013-5739 (The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.)
 CVE-2013-5738 (The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file.)
 CVE-2013-5696 (inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.)
 CVE-2013-5693 (Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.)
 CVE-2013-5692 (Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.)
 CVE-2013-5640 (Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors.)
 CVE-2013-5639 (Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.)
 CVE-2013-4340 (wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.)
 CVE-2013-4339 (WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.)
 CVE-2013-4338 (wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP unserialize operations.)
 CVE-2013-4315 (Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_ROOTS setting followed by a .. (dot dot) in a ssi template tag.)
 CVE-2013-2226 (Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php.)
 CVE-2013-2225 (inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.)
 CVE-2013-1443 (The authentication framework (django.contrib.auth) in Django 1.4.x before 1.4.8, 1.5.x before 1.5.4, and 1.6.x before 1.6 beta 4 allows remote attackers to cause a denial of service (CPU consumption) via a long password which is then hashed.)
Оригинальный текстdocumentVulnerability Lab, Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability (02.10.2013)
 documentnoreply_(at)_ptsecurity.ru, [PT-2013-41] Arbitrary Code Execution in Ajax File and Image Manager (02.10.2013)
 documentMANDRIVA, [ MDVSA-2013:239 ] wordpress (02.10.2013)
 documentVulnerability Lab, Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability (02.10.2013)
 documentAlexandro Silva, [iBliss Security Advisory] Blind SQL injection vulnerability in NOSpamPTI wordpress plugin (02.10.2013)
 documentAPACHE, [ANN] Struts 2.3.15.2 GA release available - security fix (02.10.2013)
 documentiedb.team_(at)_gmail.com, Wordpress fgallery_plus Plugin Xss vulnerabilities (02.10.2013)
 documentAlexandro Silva, [IBliss Security Advisory] Cross-site scripting ( XSS ) in Bradesco gateway wordpress plugin (02.10.2013)
 documentUBUNTU, [USN-1967-1] Django vulnerabilities (02.10.2013)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in X2CRM (02.10.2013)
 documentiedb.team_(at)_gmail.com, joomla com_zimbcomment Components Local File Include vulnerability (02.10.2013)
 documentHigh-Tech Bridge Security Research, Remote Code Execution in GLPI (02.10.2013)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in Gnew (02.10.2013)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород