Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:3 ноября 2014 г.
Источник:
SecurityVulns ID:14077
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SCALIX : Scalix Web Access 12.2
 DOKUWIKI : dokuwiki 0.0
 CONFLUENCE : RefinedWiki 4.0
 VIZENSOFT : Vizensoft Admin Panel 2014
 ESPOCRM : EspoCRM 2.5
 WORDPRESS : WordPress Database Manager 2.7
 INCREDIBLEPBX : Incredible PBX 11
 LITECART : LiteCart 1.1
 ELASTIX : Elastix 2.4
 BUGZILLA : Bugzilla 4.2
 TESTLINK : TestLink 1.9
 PHPMYADMIN : phpmyadmin 4.2
CVE:CVE-2014-8764 (DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.)
 CVE-2014-8763 (DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.)
 CVE-2014-8762 (The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.)
 CVE-2014-8761 (inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.)
 CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.)
 CVE-2014-8335
 CVE-2014-8334 (The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka "Path to Backup:" field) or (2) $backup['mysqldumppath'] variable.)
 CVE-2014-8326 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.)
 CVE-2014-8082 (lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.)
 CVE-2014-8081 (lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.)
 CVE-2014-7987 (Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.)
 CVE-2014-7986 (install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter.)
 CVE-2014-7985 (Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.)
 CVE-2014-7183 (Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) QUERY_STRING.)
 CVE-2014-1573 (Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not ensure that a scalar context is used for certain CGI parameters, which allows remote attackers to conduct cross-site scripting (XSS) attacks by sending three values for a single parameter name.)
 CVE-2014-1572 (The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted.)
 CVE-2014-1571 (Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.)
Оригинальный текстdocumentsimo_(at)_morxploit.com, Elastix Multiple vulnerabilities (Remote Command Execution, XSS, CSRF) (03.11.2014)
 documentOnur Yilmaz, LiteCart Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-7183 (03.11.2014)
 documentsimo_(at)_morxploit.com, Incredible PBX remote command execution exploit (03.11.2014)
 documentMANDRIVA, [ MDVSA-2014:200 ] bugzilla (03.11.2014)
 documentlarry0_(at)_me.com, Vulnerabilities in WordPress Database Manager v2.7.1 (03.11.2014)
 documentEgidio Romano, [KIS-2014-12] TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness (03.11.2014)
 documentEgidio Romano, [KIS-2014-11] TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability (03.11.2014)
 documentMANDRIVA, [ MDVSA-2014:208 ] phpmyadmin (03.11.2014)
 documentiedb.team_(at)_gmail.com, phpfusion (Search Page) Denial of Service Vulnerability (03.11.2014)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in EspoCRM (03.11.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel (03.11.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20141029-1 :: Persistent cross site scripting in Confluence RefinedWiki Original Theme (03.11.2014)
 documentresearch_(at)_protectlogic.com, CVE-2014-8399 SQL Injection in NuevoLabs flash player for clipshare (03.11.2014)
 documentDEBIAN, [SECURITY] [DSA 3059-1] dokuwiki security update (03.11.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access (03.11.2014)
 documentiedb.team_(at)_gmail.com, PARSADEV CMS Cross-Site Scripting Vulnerability (03.11.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород