Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:4 мая 2014 г.
Источник:
SecurityVulns ID:13714
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:OPENDOCMAN : OpenDocMan 1.2
 APACHE : Archiva 1.3
 KNOWLEDGETREE : KnowledgeTree 3.7
 CGILUA : CGILua 5.2
 TYPO3 : si_bibtex 0.2
 DRUPAL : Drupal 7.26
 DRUPAL : Drupal 6.30
 DRUPAL : VideoWhisper 7
 LIVETEX : Timelive 6.5
 DOMPDF : dompdf 0.6
 DJANGO : django 1.7
 MODX : MODX Revolution 2.2
 BUGZILLA : Bugzilla 4.5
 EKTRON : Ektron CMS 8.7
 XCLONER : XCloner Standalone 3.5
 ORBITSCRIPTS : Orbit Open Ad Server 1.1
 XCLONER : XCloner Wordpress plugin 3.1
 CMSIMPLE : CMSimple 3.54
 OPENCLASSIFIEDS : Open Classifieds 2.1
 ILCH : Ilch CMS 2.0
 ADROTATE : AdRotate 3.9
 APACHE : Syncope 1.1
 WORDPRESS : Js-Multi-Hotel 2.2
 CU3ER : CU3ER 1.24
 WORDPRESS : Wordpress 3.8
CVE:CVE-2014-2983 (Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.)
 CVE-2014-2875
 CVE-2014-2737 (SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function.)
 CVE-2014-2736 (Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.)
 CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which is not properly handled when displaying the Subjects tab in the View Properties menu option.)
 CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML via the (1) module or (2) message parameter to index.php.)
 CVE-2014-2654 (Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/.)
 CVE-2014-2579 (Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the administrator password via the config task to index2.php or (2) when the enable_db_backup and sql_mem options are enabled, access the database backup functionality via the dbbackup_comp parameter in the generate action to index2.php. NOTE: vector 2 might be a duplicate of CVE-2014-2340, which is for the XCloner Wordpress plugin. NOTE: remote attackers can leverage CVE-2014-2996 with vector 2 to execute arbitrary commands.)
 CVE-2014-2540 (SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.)
 CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.)
 CVE-2014-2340 (Cross-site request forgery (CSRF) vulnerability in the XCloner plugin before 3.1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that create website backups via a request to wp-admin/plugins.php.)
 CVE-2014-2219 (Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.)
 CVE-2014-2042 (Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.)
 CVE-2014-2024 (Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.)
 CVE-2014-1946
 CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.)
 CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.)
 CVE-2014-1908 (The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.)
 CVE-2014-1907 (Multiple directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_login.php or (2) delete arbitrary files via a .. (dot dot) in the s parameter to ls/rtmp_logout.php.)
 CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.)
 CVE-2014-1905 (Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-content/plugins/videowhisper-live-streaming-integration/ls/snapshots/ pathname, as demonstrated by a .php.jpg filename.)
 CVE-2014-1854 (SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.)
 CVE-2014-1517 (The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue.)
 CVE-2014-1217 (Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.)
 CVE-2014-0472 (The django.core.urlresolvers.reverse function in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 allows remote attackers to import and execute arbitrary Python modules by leveraging a view that constructs URLs using user input and a "dotted Python path.")
 CVE-2014-0166 (The wp_validate_auth_cookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie.)
 CVE-2014-0111 (Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings.")
 CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.)
 CVE-2013-2187 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.)
Оригинальный текстdocumentMustLive, Multiple vulnerabilities in Flexolio for WordPress (04.05.2014)
 documentMustLive, Multiple vulnerabilities in Js-Multi-Hotel for WordPress (04.05.2014)
 documentMustLive, XSS and FPD vulnerabilities in Js-Multi-Hotel for WordPress (04.05.2014)
 documentMustLive, Vulnerabilities in Js-Multi-Hotel for WordPress (04.05.2014)
 documentMustLive, Multiple vulnerabilities in Joomla-Base (04.05.2014)
 documentMustLive, Multiple vulnerabilities in JoomLeague for Joomla (04.05.2014)
 documentMustLive, XSS and CS vulnerabilities in DSMS (04.05.2014)
 documentMustLive, DoS via tables corruption in WordPress (04.05.2014)
 documentMustLive, New vulnerabilities in Google Maps plugin for Joomla (04.05.2014)
 documentMustLive, Vulnerabilities in plugins with CU3ER for WordPress, Joomla, SilverStripe and Plone (04.05.2014)
 documentMustLive, CS and XSS vulnerabilities in CU3ER (04.05.2014)
 documentMustLive, CS, XSS and FPD vulnerabilities in multiple plugins with CU3ER for WordPress (04.05.2014)
 documentAPACHE, [SECURITY] CVE-2014-0111 Apache Syncope (04.05.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in AdRotate (04.05.2014)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin (04.05.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Ilch CMS (04.05.2014)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in OpenDocMan (04.05.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Open Classifieds (04.05.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in CMSimple (04.05.2014)
 documentHigh-Tech Bridge Security Research, Сross-Site Request Forgery (CSRF) in XCloner Wordpress Plugin (04.05.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in Orbit Open Ad Server (04.05.2014)
 documentHigh-Tech Bridge Security Research, Сross-Site Request Forgery (CSRF) in XCloner Standalone (04.05.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in mAdserve (04.05.2014)
 documentwebmaster_(at)_josephzeng.com, [SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7 (04.05.2014)
 documentLpSolit_(at)_gmail.com, Security advisory for Bugzilla 4.5.3, 4.4.3, 4.2.8, and 4.0.12 (04.05.2014)
 documentAPACHE, [SECURITY] CVE-2013-2251: Apache Archiva Remote Command Execution (04.05.2014)
 documentAPACHE, [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability (04.05.2014)
 documentcraig.arendt_(at)_stratumsecurity.com, Multiple Vulnerabilities in MODX Revolution < = MODX 2.2.13-pl (04.05.2014)
 documentcraig.arendt_(at)_stratumsecurity.com, Blind SQL Injection Vulnerability in KnowledgeTree <= 3.7.0.2 (04.05.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-2383 - Arbitrary file read in dompdf (04.05.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-1217 - Unauthenticated access to sensitive information and functionality in Livetecs Timelive (04.05.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-2042 - Unrestricted file upload in Livetecs Timelive (04.05.2014)
 documentmdgh9_(at)_yahoo.com, [CVE-2014-2715] Cross-site scripting (XSS) vulnerability in Videowhisper (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2914-1] drupal6 security update (04.05.2014)
 documentDEBIAN, [SECURITY] [DSA 2913-1] drupal7 security update (04.05.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20140430-0 :: SQL injection and persistent XSS in the Typo3 3rd party extension si_bibtex (04.05.2014)
 documentFelipe M. Aragon, Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability (04.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород