Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:		15 октября 2014 г.
Источник:
SecurityVulns ID:		14025
Тип:		удаленная
Уровень опасности:		5/10
Описание:		Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.

Затронутые продукты:		STORESPRITE : Storesprite 7
		JOBSCHEDULER : JobScheduler 1.7
		OSCLASS : OsClass 3.4
		AVOLVE : ProjectDox 8.1
		PHPCAS : php-Cas 1.3
		INNOVATIVESERVIC : Sierra Library Services 1.2
		AEROHIVE : Aerohive Hive Manager 6.1
		S3QL : s3ql 1.11
		INNOVATIVEINTERF : Encore Discovery Solution 4.3
		OWNCLOUD : owncloud 7.0
		VEMBU : Storegrid 4.4
		ZEND : Zend 1.12
		ARTICLEFR : ArticleFR 11.06
		E2 : E2 2844
		E107 : E107 2.0
		KANBOARD : Kanboard 1.0
		WEB2PROJECT : web2Project 3.1
		ENDECA : Endeca Latitude 2.2
		CGIHTTPSERVER : CGIHTTPServer 3.4
CVE:		CVE-2014-6308 (Directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.)
		CVE-2014-6280 (Multiple cross-site scripting (XSS) vulnerabilities in OSClass before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action or (2) nsextt parameter to oc-admin/index.php or the (3) nsextt parameter in an items_reported action to oc-admin/index.php.)
		CVE-2014-5393 (Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.)
		CVE-2014-5392 (XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.)
		CVE-2014-5391 (Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).)
		CVE-2014-5136 (Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
		CVE-2014-5129 (Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox 8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
		CVE-2014-5127 (Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.)
		CVE-2014-4914
		CVE-2014-4736 (SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.)
		CVE-2014-4734 (Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.)
		CVE-2014-4172
		CVE-2014-4170
		CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard before 1.0.6 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a save action to the default URI.)
		CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.)
		CVE-2014-3737 (Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.php, related to the currencyUrl function.)
		CVE-2014-3119
		CVE-2014-1546 (The response function in the JSONP endpoint in WebService/Server/JSONRPC.pm in jsonrpc.cgi in Bugzilla 3.x and 4.x before 4.0.14, 4.1.x and 4.2.x before 4.2.10, 4.3.x and 4.4.x before 4.4.5, and 4.5.x before 4.5.5 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with the _bz_callback character set.)
		CVE-2014-0992 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter.)
		CVE-2014-0991 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.)
		CVE-2014-0990 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the UserName parameter.)
		CVE-2014-0989 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.)
		CVE-2014-0988 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.)
		CVE-2014-0987 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.)
		CVE-2014-0986 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.)
		CVE-2014-0985 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.)
		CVE-2014-0485 (S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.)

Оригинальный текст		RedTeam Pentesting, [RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution (15.10.2014)
		RedTeam Pentesting, [RT-SA-2013-003] Endeca Latitude Cross-Site Scripting (15.10.2014)
		RedTeam Pentesting, [RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery (15.10.2014)
		Vulnerability Lab, Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities (15.10.2014)
		iedb.team_(at)_gmail.com, ClipBucket CMS Xss Vulnerability (15.10.2014)
		High-Tech Bridge Security Research, SQL Injection in Dolphin (15.10.2014)
		High-Tech Bridge Security Research, Multiple SQL Injection Vulnerabilities in web2Project (15.10.2014)
		High-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite (15.10.2014)
		High-Tech Bridge Security Research, Cross-Site Request Forgery (CSRF) in Kanboard (15.10.2014)
		High-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in e107 (15.10.2014)
		High-Tech Bridge Security Research, SQL Injection in Е2 (15.10.2014)
		High-Tech Bridge Security Research, Improper Access Control in ArticleFR (15.10.2014)
		MANDRIVA, [ MDVSA-2014:145 ] php-ZendFramework (15.10.2014)
		[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities], [CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities] (15.10.2014)
		Senderek Web Security, ownCloud Unencrypted Private Key Exposure (15.10.2014)
		Romano, Christian, Encore Discovery Solution Multiple Vulnerability Disclosure (15.10.2014)
		ehoward_(at)_novacoast.com, SaaS Marketing platform Hubspot export vulnerability (15.10.2014)
		Pedro Ribeiro, [The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert (15.10.2014)
		DEBIAN, [SECURITY] [DSA 3013-1] s3ql security update (15.10.2014)
		Disclosure_(at)_security-assessment.com, Aerohive Hive Manager and Hive OS Multiple Vulnerabilities (15.10.2014)
		Romano, Christian, Sierra Library Services Platform Multiple Vulnerability Disclosure (15.10.2014)
		MOZILLA, Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14 (15.10.2014)
		DEBIAN, [SECURITY] [DSA 3017-1] php-cas security update (15.10.2014)
		CORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2014-0005] - Advantech WebAccess Vulnerabilities (15.10.2014)
		Romano, Christian, Avolve Software ProjectDox Multiple Vulnerability Disclosure (15.10.2014)
		Christian Schneider, CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in "JobScheduler" (15.10.2014)
		Christian Schneider, CVE-2014-5392 XML eXternal Entity (XXE) in "JobScheduler" (15.10.2014)
		Christian Schneider, CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler" (15.10.2014)
		Onur Yilmaz, Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308 (15.10.2014)
		Onur Yilmaz, Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280 (15.10.2014)