Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:11 мая 2015 г.
Источник:
SecurityVulns ID:14473
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:WORDPRESS : Ultimate Profile Builder 2.3
 WORDPRESS : Twenty Fifteen 4.2
 MANAGEENGINE : Asset Explorer 6.1
 EPICOR : CRS Retail Store 3.2
 PFSENSE : pfSense 2.2
 WORDPRESS : Ultimate Product Catalogue 3.1
 VBULLETIN : vBulletin 4.2
 FRONTRANGE : FrontRange DSM 7.2
 DJANGO : django 1.7
 NTOP : ntop 4.1
 WING : Wing FTP Server Admin 4.4
 WORDPRESS : embed-articles 7.0
 WORDPRESS : Simple Ads Manager 2.6
 WORDPRESS : AB Google Map Travel 3.4
 JQUERY : jqueryui 1.10
 MANAGEENGINE : Device Expert 5.9
 WORDPRESS : Add Link to Facebook 1.215
 WORDPRESS : WP Statistics 9.1
 WORDPRESS : videowhisper-video-presentation 3.31
 WORDPRESS : videowhisper-video-conference-integration 4.91
 OVERCOFEE : Instant 2.0
 PLIGG : Pligg CMS 2.0
 WORDPRESS : Ad Buttons 2.3
 WORDPRESS : ClickBank Ads 1.7
 WORDPRESS : Ad Inserter 1.5
 WORDPRESS : eShop 6.3
 WORDPRESS : TheCartPress 1.3
 WORDPRESS : Wordpress 4.2
 ALIENVAULT : Alienvault OSSIM/USM 5.0
 TORNADO : Tornado Content Management System 2015 Q2
 NODEJS : nodejs 0.10
 SQLBUDDY : Sqlbuddy 1.3
 PRIMCORE : Pimcore 3.0
 DRUPAL : drupal 7.32
CVE:CVE-2015-3440 (Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.)
 CVE-2015-3439 (Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonstrated by executing a certain click function, related to _init.as and _fireEvent.as.)
 CVE-2015-3438 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.)
 CVE-2015-3429 (Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier.)
 CVE-2015-3421
 CVE-2015-3302
 CVE-2015-3301 (Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.)
 CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, (22) shipping_fax to shopping-cart/checkout/; (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEd)
 CVE-2015-2825 (Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.)
 CVE-2015-2824 (Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.)
 CVE-2015-2755 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AB Google Map Travel (AB-MAP) plugin before 4.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameter in the ab_map_options page to wp-admin/admin.php.)
 CVE-2015-2317 (The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.)
 CVE-2015-2316 (The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.)
 CVE-2015-2295 (Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.)
 CVE-2015-2294 (Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php.)
 CVE-2015-2210
 CVE-2015-0278 (libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent attackers to gain privileges via unspecified vectors.)
 CVE-2014-4165 (Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin.)
 CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.)
Оригинальный текстdocumentjoelvarghese7_(at)_gmail.com, Pligg CMS 2.0.2 - Stored XSS (11.05.2015)
 documentHigh-Tech Bridge Security Research, Arbitrary file deletion and multiple XSS vulnerabilities in pfSense (11.05.2015)
 documentUBUNTU, [USN-2539-1] Django vulnerabilities (11.05.2015)
 documentFilippo Cavallarin, DokuWiki persistent Cross Site Scripting (11.05.2015)
 documentkingkaustubh_(at)_me.com, Reflected XSS Vulnerability in XSS In Manage Engine Device Expert (11.05.2015)
 documentkingkaustubh_(at)_me.com, Stored XSS Vulnerability In Manage Engine Device Expert (11.05.2015)
 documentkingkaustubh_(at)_me.com, CSRF to add admin user Vulnerability In Manage Engine Device Expert (11.05.2015)
 documentkingkaustubh_(at)_me.com, Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Network Configuration (11.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3200-1] drupal7 security update (11.05.2015)
 documentBHG Security Center, vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability (11.05.2015)
 documentSteevee a.k.a Stefanus, Instant v2.0 SQL Injection Vulnerability (11.05.2015)
 documentLuca Ercoli, Remote File Upload Vulnerability in WordPress Ultimate Product Catalogue Plugin (11.05.2015)
 documentapparitionsec_(at)_gmail.com, CSRF & XSS Wing FTP Server Admin <= v4.4.5 (11.05.2015)
 documentMANDRIVA, [ MDVSA-2015:216 ] ntop (11.05.2015)
 documentmatthias.deeg_(at)_syss.de, [SYSS-2014-007] FrontRange DSM - Multiple Vulnerabilities (11.05.2015)
 documentwebmaster_(at)_josephzeng.com, Code Injection in Epicor Retail Store 3.2.03.01.008 (11.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3249-1] jqueryui security update (11.05.2015)
 documentMANDRIVA, [ MDVSA-2015:228 ] nodejs (11.05.2015)
 documentVulnerability Lab, TORNADO Computer Trading CMS - SQL Injection Vulnerability (11.05.2015)
 documentkingkaustubh_(at)_me.com, CSRF/XSS In Manage Engine Asset Explorer (11.05.2015)
 documentPeter Lapp, Alienvault OSSIM/USM Multiple Vulnerabilities (11.05.2015)
 documentkingkaustubh_(at)_me.com, CSRF/Stored XSS Vulnerability in AB Google Map Travel (AB-MAP) Wordpress Plugin (11.05.2015)
 documentkingkaustubh_(at)_me.com, CVE-2015-2755 WordPress AB Google Map Travel CSRF / XSS (11.05.2015)
 documentitas.team_(at)_itas.vn, Wordpress plugin Simple Ads Manager - Arbitrary File Upload (11.05.2015)
 documentitas.team_(at)_itas.vn, Wordpress plugin Simple Ads Manager - Multiple SQL Injection (11.05.2015)
 documentitas.team_(at)_itas.vn, Wordpress plugin Simple Ads Manager - SQL Injection (11.05.2015)
 documentlarry0_(at)_me.com, Remote file upload vulnerability in videowhisper-video-conference-integration wordpress plugin v4.91.8 (11.05.2015)
 documentlarry0_(at)_me.com, Remote file upload vulnerability in wordpress plugin videowhisper-video-presentation v3.31.17 (11.05.2015)
 documentkingkaustubh_(at)_me.com, Wordpress WP Statistics persistent cross site scripting (11.05.2015)
 documentkumarrohit2255_(at)_gmail.com, Stored Cross Site Scripting Vulnerability in Add Link to Facebook WordPress Plugin (11.05.2015)
 documentJouko Pynnonen, WordPress 4.2 stored XSS (11.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3250-1] wordpress security update (11.05.2015)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in TheCartPress WordPress plugin (11.05.2015)
 documentHigh-Tech Bridge Security Research, Arbitrary Variable Overwrite in eShop WordPress Plugin (11.05.2015)
 documentkingkaustubh_(at)_me.com, CSRF/XSS In Embed ArticlesWordpress Plugin (11.05.2015)
 documentkingkaustubh_(at)_me.com, CSRF/XSSIn Ad_InSerter Wordpress (11.05.2015)
 documentkingkaustubh_(at)_me.com, CSRF/XSS In ClickBank ads Wordpress Plugin (11.05.2015)
 documentkingkaustubh_(at)_me.com, CSRF/XSS In Ultimate Profile Builder by CMSLive Wordpress Plugin (11.05.2015)
 documentOnur Yilmaz, Wordpress Twenty Fifteen Theme - DOM XSS Vulnerability - CVE-2015-3429 (11.05.2015)
 documentkingkaustubh_(at)_me.com, CSRF/XSS In Ad_Button Wordpress (11.05.2015)
 documentkingkaustubh_(at)_me.com, CSRF/XSS in embed-articles Wordpress Plugin (11.05.2015)
 documentVulnerability Lab, Pimcore v3.0.5 CMS - Multiple Web Vulnerabilities (11.05.2015)
 documentapparitionsec_(at)_gmail.com, Sqlbuddy Directory Traversal Read Arbitrary Files Vulnerability (11.05.2015)
 documenthyp3rlinx_(at)_altervista.org, Sqlbuddy Path Traversal Vulnerability (11.05.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород