Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:15 мая 2014 г.
Источник:
SecurityVulns ID:13778
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:DJANGO : django 1.7
 FOG : FOG 0.32
 COBBLER : Cobbler 2.6
 EGROUPWARE : eGroupware 1.8
 PUPLATE : Pyplate 0.8
 DJANGO : django 1.6
 DRUPAL : Flag 7.x-3.5
 OPENFILER : OpenFiler 2.99
 MUMBLE : Mumble 1.2
CVE:CVE-2014-3756 (The client in Mumble 1.2.x before 1.2.6 allows remote attackers to force the loading of an external file and cause a denial of service (hang and resource consumption) via a crafted string that is treated as rich-text by a Qt widget, as demonstrated by the (1) user or (2) channel name in a Qt dialog, (3) subject common name or (4) email address to the Certificate Wizard, or (5) server name in a tooltip.)
 CVE-2014-3744
 CVE-2014-3743
 CVE-2014-3742 (The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.)
 CVE-2014-3741
 CVE-2014-3738 (Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device.)
 CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com.")
 CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrators to execute arbitrary PHP code via the "Flag import code" text area to admin/structure/flags/import. NOTE: this issue could also be exploited by other attackers if the administrator ignores a security warning on the permissions assignment page.)
 CVE-2014-3225 (Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.)
 CVE-2014-3111 (Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 through 0.32 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Printer Model field to the Printer Management page, (2) Image Name field to the Image Management page, (3) Storage Group Name field to the Storage Management page, (4) Username field to the User Cleanup FOG Configuration page, or (5) Directory Path field to the Directory Cleaner FOG Configuration page.)
 CVE-2014-2988 (EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.)
 CVE-2014-2987 (Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988.)
 CVE-2014-1418 (Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attackers to obtain sensitive information or poison the cache via a request from certain browsers.)
 CVE-2013-7381
 CVE-2013-7380
 CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in the access-key header that partially matches config.master.api.access_key.)
 CVE-2013-7378
 CVE-2013-7377
 CVE-2013-7371
 CVE-2013-7370
 CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.)
 CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.)
Оригинальный текстdocumentDolev Farhi, [oss-security] OpenFiler - Arbitrary Code Execution & Stored XSS (15.05.2014)
 documentMikkel Krautz, [oss-security] Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006 (15.05.2014)
 documentPaul Wise, [oss-security] CVE request: various NodeJS module vulnerabilities (15.05.2014)
 documentMurray McAllister, [oss-security] CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer (15.05.2014)
 documenthenri_(at)_nerv.fi, [oss-security] CVE request: Pyplate multiple vulnerabilities (15.05.2014)
 documentDolev Farhi, [oss-security] Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities (15.05.2014)
 documentDEBIAN, [oss-security] CVE Reuest: Django: Malformed URLs from user input incorrectly validated (15.05.2014)
 documentDolev Farhi, Multiple Stored XSS in FOG Image deployment system - FD (15.05.2014)
 documentDolev Farhi, FD - Cobbler Arbitrary File Read CVE-2014-3225 (15.05.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород