Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:1 декабря 2014 г.
Источник:
SecurityVulns ID:14113
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:DRUPAL : Drupal 7.14
 ZEND : Zend Framework 1.12
 MODX : MODX Revolution 2.2
 PHPMYADMIN : phpmyadmin 4.2
 MOJOLICIOUS : Mojolicious 5.47
 PLACK : Plack 0.988
 WORDPRESS : wordpress 3.9
 TULEAP : Tuleap 0.9
 XEPAN : xEpan
 REVSLIDER : Revslider 3.0
 REVSLIDER : Showbiz Pro 1.7
 KDE : kde-runtime 4.8
 WORDPRESS : WP-DB-Backup 2.2
 PHPSMARTY : php-smarty 3.1
 WORDPRESS : SP Client Document Manager 2.4
 WORDPRESS : CM Download Manager 2.0
 DOLIBARR : Dolibarr ERP & CRM 3.5
 JOOMLA : Simple Email Form 1.8
 GOGS : gogs 0.5
 PHPMEMCACHEDADMI : phpMemcachedAdmin 1.2
 FLOWPLAYER : Flowplayer 3.2
 WORDPRESS : Wordpress bulletproof-security 0.51
 WORDPRESS : Wordfence Firewall 5.1
 FORMALMS : Forma Lms 1.2
 HELPDEZK : HelpDezk 1.0
 OPMANAGER : OpManager 11.4
 PASSWORDMANAGERP : Password Manager Pro 7.1
 APACHE : Qpid 0.30
 TYPO3 : ke_dompdf 0.0
 TYPO3 : ke_questionnaire 2.5
CVE:CVE-2014-9039 (wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that received a password-reset message.)
 CVE-2014-9038 (wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring to a 127.0.0.0/8 resource.)
 CVE-2014-9037 (WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic type comparison for an MD5 hash.)
 CVE-2014-9036 (Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.)
 CVE-2014-9035 (Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-9034 (wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.)
 CVE-2014-9033 (Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that reset passwords.)
 CVE-2014-9032 (Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-9031 (Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.)
 CVE-2014-9016 (The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.)
 CVE-2014-9015 (Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions.)
 CVE-2014-8961 (Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obtain potentially sensitive information about a file's line count via a crafted parameter.)
 CVE-2014-8960 (Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.)
 CVE-2014-8959 (Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.)
 CVE-2014-8958 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database, (2) table, or (3) column name that is improperly handled during rendering of the table browse page; a crafted ENUM value that is improperly handled during rendering of the (4) table print view or (5) zoom search page; or (6) a crafted pma_fontsize cookie that is improperly handled during rendering of the home page.)
 CVE-2014-8877 (The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.)
 CVE-2014-8749 (Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter.)
 CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-8731
 CVE-2014-8683 (Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.)
 CVE-2014-8682 (Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.)
 CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the (1) zip, (2) trash, (3) tar, (4) thumbnail, (5) smtps, (6) smtp, (7) smb, (8) remote, (9) recentdocuments, (10) nntps, (11) nntp, (12) network, (13) mbox, (14) ldaps, (15) ldap, (16) fonts, (17) file, (18) desktop, (19) cgi, (20) bookmarks, or (21) ar scheme, which is not properly handled in an error message.)
 CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the mod_simpleemailform_field2_1 parameter to index.php.)
 CVE-2014-8499 (Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.)
 CVE-2014-8498 (SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.)
 CVE-2014-8429 (Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.)
 CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.)
 CVE-2014-8337
 CVE-2014-8088 (The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.)
 CVE-2014-7959 (SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.)
 CVE-2014-7958 (Cross-site scripting (XSS) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dbhost parameter.)
 CVE-2014-7868 (Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.)
 CVE-2014-7866 (Multiple directory traversal vulnerabilities in ZOHO ManageEngine OpManager 8 (build 88xx) through 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to write and execute arbitrary files via a .. (dot dot) in the (1) fileName parameter to the MigrateLEEData servlet or (2) zipFileName parameter in a downloadFileFromProbe operation to the MigrateCentralData servlet.)
 CVE-2014-7137 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/index.php, (10) product/stock/fiche.php, (11) product/stock/info.php, or (12) in an edit action to product/stock/fiche.php; (13) productid parameter in an addline action to product/stock/massstockmove.php; (14) project_ref parameter to projet/tasks/note.php; (15) ref parameter to element.php, (16) ganttview.php, (17) note.php, or (18) tasks.php in projet/; (19) sall or (20) sref parameter to comm/mailing/liste.php; (21) search_bon, (22) search_ligne, (23) search_societe, or (24) search_code parameter to com)
 CVE-2014-6039
 CVE-2014-6038
 CVE-2014-5269 (Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static.)
 CVE-2014-5257 (Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php.)
 CVE-2014-3629 (XML external entity (XXE) vulnerability in the XML Exchange module in Apache Qpid 0.30 allows remote attackers to cause outgoing HTTP connections via a crafted message.)
 CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception.)
Оригинальный текстdocumentjohn_(at)_secureli.com, WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034) (01.12.2014)
 documentRedTeam Pentesting, [RT-SA-2014-007] Remote Code Execution in TYPO3 Extension ke_dompdf (01.12.2014)
 documentRedTeam Pentesting, [RT-SA-2014-009] Information Disclosure in TYPO3 Extension ke_questionnaire (01.12.2014)
 documentVulnerability Lab, BookFresh - Persistent Clients Invite Vulnerability (01.12.2014)
 documentGordon Sim, CVE-2014-3629: Apache Qpid's qpidd can be induced to make http requests (01.12.2014)
 documentPedro Ribeiro, [The ManageOwnage series, part VIII]: Remote code execution and blind SQLi in OpManager, Social IT and IT360 (01.12.2014)
 documentlarry0_(at)_me.com, XCloner Wordpress/Joomla! backup Plugin v3.1.1 (Wordpress) v3.5.1 (Joomla!) Vulnerabilities (01.12.2014)
 documentmdgh9_(at)_yahoo.com, [CVE-2014-8338] Cross Site Scripting (XSS) vulnerability in videowhisper (01.12.2014)
 documentPedro Ribeiro, [The ManageOwnage Series, part VI]: 0day database info and superuser credential disclosure in EventLog Analyser (01.12.2014)
 documentHigh-Tech Bridge Security Research, Arbitrary File Upload in HelpDEZk (01.12.2014)
 documentHigh-Tech Bridge Security Research, Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms (01.12.2014)
 documentbhati.contact_(at)_gmail.com, WordPress Wordfence Firewall 5.1.2 Cross Site Scripting (01.12.2014)
 documentPietro Oliva, Wordpress bulletproof-security <=.51 multiple vulnerabilities (01.12.2014)
 documentadvisories_(at)_appcheck-ng.com, [Appcheck-NG] Unpatched Vulnerabilities in Magento E-Commerce Platform (01.12.2014)
 documentsubs_(at)_itguard.info, Reflected Cross-Site Scripting (XSS) in Flash Version of Flowplayer (01.12.2014)
 documentiedb.team_(at)_gmail.com, Modx CMS CSRF Bypass & XSS Vulnerabilities (01.12.2014)
 documentiedb.team_(at)_gmail.com, Ahrareandeysheh CMS Cross-Site Scripting Vulnerability (01.12.2014)
 documentcert_(at)_it.nrw.de, CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2 (01.12.2014)
 documentcert_(at)_it.nrw.de, CVE-2014-8732 (01.12.2014)
 documenttschmid_(at)_ernw.de, CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs (01.12.2014)
 documenttschmid_(at)_ernw.de, CVE-2014-8683 XSS in Gogs Markdown Renderer (01.12.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension (01.12.2014)
 documentadvisories_(at)_portcullis-security.com, CVE-2014-7137 - Multiple SQL Injections in Dolibarr ERP & CRM (01.12.2014)
 documentMANDRIVA, [ MDVSA-2014:216 ] php-ZendFramework (01.12.2014)
 documentphi.n.le_(at)_itas.vn, CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin (01.12.2014)
 documentDEBIAN, [SECURITY] [DSA 3075-1] drupal7 security update (01.12.2014)
 documentJouko Pynnonen, WordPress 3 persistent script injection (01.12.2014)
 documentthai.q.dang_(at)_itas.vn, Multiple SQL Injection in SP Client Document Manager plugin (01.12.2014)
 documentlarry0_(at)_me.com, [ MDVSA-2014:221 ] php-smarty (01.12.2014)
 documentlarry0_(at)_me.com, Exploit for stealing backups on WP sites with WP-DB-Backup v2.2.4 plugin (01.12.2014)
 documentUBUNTU, [USN-2414-1] KDE-Runtime vulnerability (01.12.2014)
 documentsimo_(at)_morxploit.com, Slider Revolution/Showbiz Pro shell upload exploit (01.12.2014)
 documentMANDRIVA, [ MDVSA-2014:228 ] phpmyadmin (01.12.2014)
 documentHigh-Tech Bridge Security Research, Сross-Site Request Forgery (CSRF) in xEpan (01.12.2014)
 documentEgidio Romano, [KIS-2014-13] Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability (01.12.2014)
 documentMANDRIVA, [ MDVSA-2014:233 ] wordpress (01.12.2014)
 documentMANDRIVA, [ MDVSA-2014:235 ] perl-Plack (01.12.2014)
 documentMANDRIVA, [ MDVSA-2014:237 ] perl-Mojolicious (01.12.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород