Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:19 января 2014 г.
Источник:
SecurityVulns ID:13533
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PIVOTAL : Spring 3.2
 PIVOTAL : Spring 4.0
 MOVABLETYPE : Movable Type 6.0
 MOVABLETYPE : Movable Type 5.2
 QPULSE : Q-Pulse 0.6
 PLONE : Plone 4.3
 JOOMLA : Sexy Polling 1.0
 NAGIOS : Nagios 3.5
 NAGIOS : Nagios 4.0
 ICINGA : Icinga 1.10
CVE:CVE-2014-1238
 CVE-2014-0977 (Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-7219 (SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.)
 CVE-2013-7205 (Off-by-one error in the process_cgivars function in contrib/daemonchk.c in Nagios Core 3.5.1, 4.0.2, and earlier allows remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list, which triggers a heap-based buffer over-read.)
 CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.)
 CVE-2013-6430
 CVE-2013-6429 (The SourceHttpMessageConverter in Spring MVC in Spring Framework before 3.2.5 and 4.0.0.M1 through 4.0.0.RC1 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152 and CVE-2013-7315.)
 CVE-2013-4200 (The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.)
 CVE-2013-4152 (The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.)
Оригинальный текстdocumentali.hussein_(at)_helpag.com, [CVE-2014-1238] Cross Site Scripting(XSS) in q-pulse application (19.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2841-1] movabletype-opensource security update (19.01.2014)
 documentPivotal Security Team, CVE-2013-6429 Fix for XML External Entity (XXE) injection (CVE-2013-4152) in Spring Framework was incomplete (19.01.2014)
 documentPivotal Security Team, CVE-2013-6430 Possible XSS when using Spring MVC (19.01.2014)
 documentAlexandre Herzog, CVE-2013-4200 - Plone URL redirection / Forwarding of cookie data (session hijack) in certain browsers (19.01.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in Sexy Polling Joomla Extension (19.01.2014)
 documentMANDRIVA, [ MDVSA-2014:004 ] nagios (19.01.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород