Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:14 июня 2014 г.
Источник:
SecurityVulns ID:13836
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:FCKEDITOR : FCKeditor 2.6
 MYBB : Mybb 1.6
 APACHE : Continuum 1.4
 TYPO3 : typo3 4.5
 APACHE : Struts 2.3
 CODEIGNITER : CodeIgniter 2.1
 OTRS : otrs 3.2
 REVIVEADSERVER : Revive Adserver 3.0
 XALAN : libxalan 2.7
 EGROUPWARE : eGroupware 1.8
 APACHE : Hive 0.13
 MEDIAWIKI : mediawiki 1.19
 ICINGA : icinga 1.11
 SPICEWORKS : SpiceWorks 7.2
 DEVEXPRESS : ASPxFileManager 13.2
 PYTHON : python-bottle 0.10
 PYTHON : python-jinja 2.5
 BOTTOMLINE : Transform Foundation Server 5.2
 F*EX : Frams' Fast File EXchange 20140313
 MAPSUITE : MapAPI 1.1
 WORDPRESS : Participants Database 1.5
 WEBEDITION : webEdition 6.3
 BLOGTRONIX : Sharetronix 3.3
 SEOPANEL : Seo Panel 3.4
 HANDSOMEWEB : SOS Webpages 1.1
 BSS : Continuity CMS 4.2
 DOTCLEAR : Dotclear 6.2
 WORDPRESS : Wordpress Booking System 1.2
 RAILS : Action Pack 3.2
CVE:CVE-2014-3966 (Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.)
 CVE-2014-3949 (Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-3948 (Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-3947 (Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted extension, then accessing it via unspecified vectors.)
 CVE-2014-3946 (The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.)
 CVE-2014-3945 (The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.)
 CVE-2014-3944 (The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.)
 CVE-2014-3943 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.)
 CVE-2014-3942 (The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.)
 CVE-2014-3941 (TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing.")
 CVE-2014-3877 (Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.)
 CVE-2014-3876 (Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.)
 CVE-2014-3875
 CVE-2014-3783 (SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.)
 CVE-2014-3782 (Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.)
 CVE-2014-3781 (The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.)
 CVE-2014-3749 (SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp.)
 CVE-2014-3740 (Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.)
 CVE-2014-3448
 CVE-2014-3447
 CVE-2014-3446 (SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.)
 CVE-2014-3445
 CVE-2014-3415 (SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.)
 CVE-2014-3414 (Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a user via the admin parameter to admin/administrators.)
 CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.)
 CVE-2014-3137 (Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; (semi-colon) and a Content-Type that would not be accepted, as demonstrated in YouCompleteMe to execute arbitrary code.)
 CVE-2014-2988 (EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allows remote authenticated administrators to execute arbitrary PHP code via crafted callback values to the call_user_func PHP function, as demonstrated using the newsettings[system] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2987.)
 CVE-2014-2987 (Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988.)
 CVE-2014-2843
 CVE-2014-2577 (Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI.)
 CVE-2014-2575 (Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.)
 CVE-2014-2554 (OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.)
 CVE-2014-2553 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to dynamic fields.)
 CVE-2014-2386 (Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow.)
 CVE-2014-2303 (Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.)
 CVE-2014-2302
 CVE-2014-2233 (Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecified vectors.)
 CVE-2014-2232 (Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors.)
 CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c in Nagios Core, possibly 4.0.3rc1 and earlier, and Icinga before 1.8.6, 1.9 before 1.9.5, and 1.10 before 1.10.3 allows remote attackers to cause a denial of service (segmentation fault) via a long message to cmd.cgi.)
 CVE-2014-1855 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel before 3.5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) capcheck parameter to directories.php or (2) keyword parameter to proxy.php.)
 CVE-2014-1402 (The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file with a name starting with __jinja2_ in /tmp.)
 CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.)
 CVE-2014-0130 (Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before 3.2.18, 4.0.x before 4.0.5, and 4.1.x before 4.1.1, when certain route globbing configurations are enabled, allows remote attackers to read arbitrary files via a crafted request.)
 CVE-2014-0107 (The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.)
 CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows remote attackers to cause a denial of service (memory consumption) by including these strings in headers.)
 CVE-2014-0081 (Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the (1) format, (2) negative_format, or (3) units parameter to the (a) number_to_currency, (b) number_to_percentage, or (c) number_to_human helper.)
 CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read.)
 CVE-2013-7107 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106.)
 CVE-2013-7106 (Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long string to the (1) display_nav_table, (2) page_limit_selector, (3) print_export_link, or (4) page_num_selector function in cgi/cgiutils.c; (5) status_page_num_selector function in cgi/status.c; or (6) display_command_expansion function in cgi/config.c. NOTE: this can be exploited without authentication by leveraging CVE-2013-7107.)
 CVE-2013-5954 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete (1) users via admin/agency-user-unlink.php, (2) advertisers via admin/advertiser-delete.php, (3) banners via admin/banner-delete.php, (4) campaigns via admin/campaign-delete.php, (5) channels via admin/channel-delete.php, (6) affiliate websites via admin/affiliate-delete.php, or (7) zones via admin/zone-delete.php.)
 CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.)
Оригинальный текстdocumentMustLive, LE, BF and IAA vulnerabilities in Catapulta I.W. Edition (14.06.2014)
 documentMustLive, CS and XSS vulnerabilities in DZS Video Gallery for WordPress (14.06.2014)
 documentDEBIAN, [SECURITY] [DSA 2929-1] ruby-actionpack-3.2 security update (14.06.2014)
 documentMatteo Beccati, [REVIVE-SA-2014-001] Revive Adserver 3.0.5 fixes CSRF vulnerability (14.06.2014)
 documentedge_(at)_bitmessage.ch, Construtiva CIS Manager CMS POST SQLi (14.06.2014)
 documentomgpdrv_(at)_gmail.com, Wordpress Booking System (Booking Calendar) plugin SQL Injection (14.06.2014)
 documentUBUNTU, [USN-2218-1] Xalan-Java vulnerability (14.06.2014)
 documentEgidio Romano, [KIS-2014-05] Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability (14.06.2014)
 documentEgidio Romano, [KIS-2014-06] Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability (14.06.2014)
 documentEgidio Romano, [KIS-2014-07] Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability (14.06.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-3448 - Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS (14.06.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-3447 - Remote Denial Of Service in BSS Continuity CMS (14.06.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS (14.06.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-3445 - Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages (14.06.2014)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in Sharetronix (14.06.2014)
 documentHigh-Tech Bridge Security Research, Two Cross-Site Scripting (XSS) Vulnerabilities in Seo Panel (14.06.2014)
 documentHigh-Tech Bridge Security Research, CSRF and Remote Code Execution in EGroupware (14.06.2014)
 documentRedTeam Pentesting, [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script (14.06.2014)
 documentRedTeam Pentesting, [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script (14.06.2014)
 documentyaruboscan_(at)_gmail.com, Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress (14.06.2014)
 documentiedb.team_(at)_gmail.com, Mybb Sendthread Page Denial of Service Vulnerability (14.06.2014)
 documentDEBIAN, [SECURITY] [DSA 2942-1] typo3-src security update (14.06.2014)
 documentLSE Leading Security Experts GmbH (Security Advisories), LSE Leading Security Experts GmbH - LSE-2014-05-22 - F*EX - Multiple Issues (14.06.2014)
 documentRobin Bailey, FCKedtior 2.6.10 Reflected Cross-Site Scripting (XSS) (14.06.2014)
 documentChristian Schneider, CVE-2014-2843 - "Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability in "infoware MapSuite" (14.06.2014)
 documentChristian Schneider, CVE-2014-2233 - "Server-Side Request Forgery" (CWE-918) vulnerability in "infoware MapSuite" (14.06.2014)
 documentChristian Schneider, CVE-2014-2232 - "Absolute Path Traversal" (CWE-36) vulnerability in "infoware MapSuite" (14.06.2014)
 documentFran, [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies (14.06.2014)
 documentDEBIAN, [SECURITY] [DSA 2934-1] python-django security update (14.06.2014)
 documentDEBIAN, [SECURITY] [DSA 2948-1] python-bottle security update (14.06.2014)
 documentRedTeam Pentesting, [RT-SA-2014-006] Directory Traversal in DevExpress ASP.NET File Manager (14.06.2014)
 documentcseye_ut_(at)_yahoo.com, multiple Vulnerability in "WahmShoppes eStore" (14.06.2014)
 documentiedb.team_(at)_gmail.com, NeginGroup CMS Multiple Vulnerability (14.06.2014)
 documentDolev Farhi, CVE-2014-3740 - SpiceWorks Cross-site scripting (14.06.2014)
 documentcseye_ut_(at)_yahoo.com, DNN (DotNetNuke®) ASPSlideshow Module Arbitrary File Download Vulnerability (14.06.2014)
 documentcseye_ut_(at)_yahoo.com, DNN (DotNetNuke®) CodeEditor Module Arbitrary File Download Vulnerability (14.06.2014)
 documentcseye_ut_(at)_yahoo.com, DNN (DotNetNuke®) EasyDnnGallery Module Arbitrary File Download Vulnerability (14.06.2014)
 documentcseye_ut_(at)_yahoo.com, DNN (DotNetNuke®) eventscalendar Module Arbitrary File Download Vulnerability (14.06.2014)
 documentcseye_ut_(at)_yahoo.com, DNN (DotNetNuke®) dnnUI_NewsArticlesSlider Module Arbitrary File Download Vulnerability (14.06.2014)
 documentcseye_ut_(at)_yahoo.com, DNN (DotNetNuke®) responsivesidebar Module Arbitrary File Download Vulnerability (14.06.2014)
 documentMANDRIVA, [ MDVSA-2014:111 ] otrs (14.06.2014)
 documentRobin Bailey, CodeIgniter <= 2.1.4 Session Decoding Vulnerability (14.06.2014)
 documentDEBIAN, [SECURITY] [DSA 2956-1] icinga security update (14.06.2014)
 documentDEBIAN, [SECURITY] [DSA 2957-1] mediawiki security update (14.06.2014)
 documentAPACHE, CVE-2014-0228: Apache Hive Authorization vulnerability (14.06.2014)
 documentAPACHE, [SECURITY] CVE-2013-2251: Apache Continuum affected by Remote Command Execution (14.06.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород