Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13507
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:OWNCLOUD : owncloud 5.0
 INSTANTSOFT : InstantCMS 1.10
 MEDIAWIKI : mediawiki 1.20
 LIVEZILLA : LiveZilla 5.1
 HORIZON : QCMS 4.0
 BURDEN : Burden 1.8
 EDUTRAC : eduTrac 1.1
 WORDPRESS : Ad-minister 0.6
 WORDPRESS : AskApache 3.0
 WORDPRESS : WP-Cron Dashboard 1.1
 JOOMLA : MijoSearch 2.0
 1C : Bitrix Site Manager 12.5
 TYPO3 : TYPO3 6.1
 MUNIN : munin 2.0
 REVIVEADSERVER : Revive Adserver 3.0
 UNITEDSECURITYPR : Secure Entry Server 4.7
 JENKINS : Jenkins CI 1.523
 SAMSPADE : SAMSPADE 1.14
 VTIGER : Vtiger 5.4
 FLASHCANVAS : FlashCanvas 1.5
 APACHE : Solr 4.5
 CSP : CSP MySQL User Manager 2.3
 WORDPRESS : WordPress 3.7
 DEWPLAYER : Dewplayer 2.2
CVE:CVE-2013-7149 (SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.)
 CVE-2013-7139 (SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.)
 CVE-2013-7138 (Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.)
 CVE-2013-7137 (The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.)
 CVE-2013-7097 (Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.)
 CVE-2013-7081 (The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.)
 CVE-2013-7080 (The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment.")
 CVE-2013-7079 (Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2013-7078 (Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.)
 CVE-2013-7076 (Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-7075 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature.")
 CVE-2013-7074 (Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.)
 CVE-2013-7073 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.)
 CVE-2013-7034 (The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.)
 CVE-2013-7033 (LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.)
 CVE-2013-7032 (Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003.)
 CVE-2013-7003 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.)
 CVE-2013-6993 (Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php.)
 CVE-2013-6992 (Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php.)
 CVE-2013-6991 (Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php.)
 CVE-2013-6880
 CVE-2013-6879
 CVE-2013-6878
 CVE-2013-6839 (SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].)
 CVE-2013-6788 (The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.)
 CVE-2013-6408 (The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.)
 CVE-2013-6407 (The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
 CVE-2013-6403 (The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.)
 CVE-2013-6397 (Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.)
 CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.)
 CVE-2013-6048 (The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.)
 CVE-2013-5573 (Cross-site scripting (XSS) vulnerability in the default markup formatter in CloudBees Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.)
 CVE-2013-5573 (Cross-site scripting (XSS) vulnerability in the default markup formatter in CloudBees Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.)
 CVE-2013-4572
 CVE-2013-4568 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.)
 CVE-2013-4567 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.)
 CVE-2013-2764
 CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.)
 CVE-2013-2628 (Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.)
 CVE-2013-2627 (SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.)
Оригинальный текстdocumentMustLive, BF, LE and IAA vulnerabilities in InstantCMS (09.01.2014)
 documentMustLive, Information Leakage and Backdoor vulnerabilities in WordPress (09.01.2014)
 documentMustLive, CSRF, DoS and IL vulnerabilities in WordPress (09.01.2014)
 documentMustLive, URL Redirector Abuse and XSS vulnerabilities in WordPress (09.01.2014)
 documentMustLive, Vulnerabilities in Dewplayer (09.01.2014)
 documentMustLive, Vulnerabilities in plugins for WordPress, Joomla and Plone with Dewplayer (09.01.2014)
 documentcontact_(at)_hammamet-services.com, CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass (09.01.2014)
 documentNicolas Grégoire, Vulnerabilities in Apache Solr < 4.6.0 (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.1.0 Stored XSS in operator clients (09.01.2014)
 documentcode_(at)_7elements.co.uk, FlashCanvas 1.5 proxy.php XSS Vulnerability (09.01.2014)
 documentadvisories_(at)_enkomio.com, [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting (09.01.2014)
 documentvishal_mishra_(at)_live.com, SAMSPADE 1.14 BUFFER OVERFLOW (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.2.0 Insecure password storage (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.2.0 PHP Object Injection (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client (09.01.2014)
 documentAlexandre Herzog, [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities (09.01.2014)
 documentAlexandre Herzog, [CVE-2013-2764] Secure Entry Server - URL Redirection (09.01.2014)
 documentChristian Catalano, [CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms (09.01.2014)
 documentChristian Catalano, [CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin (09.01.2014)
 documentMANDRIVA, [ MDVSA-2013:289 ] owncloud (09.01.2014)
 documentMANDRIVA, [ MDVSA-2013:290 ] mediawiki (09.01.2014)
 documentMatteo Beccati, [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability (09.01.2014)
 documentMANDRIVA, [ MDVSA-2013:297 ] munin (09.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2834-1] typo3-src security update (09.01.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin (09.01.2014)
 documentHigh-Tech Bridge Security Research, Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin (09.01.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin (09.01.2014)
 documentHigh-Tech Bridge Security Research, XSS and Full Path Disclosure in MijoSearch Joomla Extension (09.01.2014)
 documentHigh-Tech Bridge Security Research, User Identity Spoofing in Bitrix Site Manager (09.01.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in InstantCMS (09.01.2014)
 documentHigh-Tech Bridge Security Research, Path Traversal in eduTrac (09.01.2014)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in Horizon QCMS (09.01.2014)
 documentHigh-Tech Bridge Security Research, Improper Authentication in Burden (09.01.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород