Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:12 мая 2015 г.
Источник:
SecurityVulns ID:14479
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:ENCAPS : Encaps PHP/Flash Gallery 2.3
 MANAGEENGINE : Manage Engine Firewall Analyzer 8.3
 MANAGEENGINE : Manage Engine Event Log Analyzer 10
 WOLFCMS : Wolf CMS 0.8
 LANDESK : Landesk Management Suite 9.5
 GLPI : GLPI 0.84
 ZEND : ZendFramework 1.12
 MANAGEENGINE : Manage Engine Desktop Central 9
 ATLASSIAN : Comalatech Comala Workflows 4.6
 GOAUTODIAL : GoAutoDial 3.3
 PHPTRAFFICA : phpTrafficA 2.3
 APACHE : Flex 4.14
 MEDIAWIKI : MediaWiki 1.24
 PHPMYADMIN : phpmyadmin 4.3
 APACHE : Cassandra 2.1
 MARKUPFIELDS : django-markupfield 1.3
 LYCHEE : Lechee 2.7
 MOVABLETYPE : MovableType 5.1
 DRUPAL : drupal 7.34
 EGROUPWARE : eGroupware 1.8
 WSO2 : WSO2 Identity Server 5.0
CVE:CVE-2015-2940 (Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.)
 CVE-2015-2939 (Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace.)
 CVE-2015-2938 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file.)
 CVE-2015-2937 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942.)
 CVE-2015-2936 (MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password.)
 CVE-2015-2935 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT.")
 CVE-2015-2934 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file.)
 CVE-2015-2933 (Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant.)
 CVE-2015-2932 (Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.)
 CVE-2015-2931 (Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.)
 CVE-2015-2845 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.)
 CVE-2015-2844 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.)
 CVE-2015-2843 (Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.)
 CVE-2015-2842 (Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/.)
 CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.)
 CVE-2015-2750
 CVE-2015-2749
 CVE-2015-2690
 CVE-2015-2560
 CVE-2015-2559 (Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL.)
 CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests.)
 CVE-2015-2172 (DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permission for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.)
 CVE-2015-1773 (Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component.)
 CVE-2015-0845 (Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.)
 CVE-2015-0225 (The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.)
 CVE-2014-9258 (SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.)
 CVE-2014-9253 (The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF file, then accessing it via the media parameter to lib/exe/fetch.php.)
 CVE-2014-8764 (DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.)
 CVE-2014-8763 (DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.)
 CVE-2014-8762 (The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.)
 CVE-2014-8761 (inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.)
 CVE-2014-8360 (Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php.)
 CVE-2014-8089
 CVE-2014-5362
 CVE-2014-5361 (Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx.)
 CVE-2014-5032 (GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar.)
 CVE-2014-5022 (Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field.)
 CVE-2014-5021 (Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via an option group label.)
 CVE-2014-5020 (The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.)
 CVE-2014-5019 (The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration file to use.)
 CVE-2014-4914
 CVE-2014-3704 (The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.)
 CVE-2014-2983 (Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors.)
 CVE-2014-2685 (The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 violate the OpenID 2.0 protocol by ensuring only that at least one field is signed, which allows remote attackers to bypass authentication by leveraging an assertion from an OpenID provider.)
 CVE-2014-2684 (The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values.)
 CVE-2014-2683 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to cause a denial of service (CPU consumption) via (1) recursive or (2) circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity Expansion (XEE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-6532.)
 CVE-2014-2682 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0, when PHP-FPM is used, does not properly share the libxml_disable_entity_loader setting between threads, which might allow remote attackers to conduct XML External Entity (XXE) attacks via an XML external entity declaration in conjunction with an entity reference. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.)
 CVE-2014-2681 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendService_Api before 1.0.0 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack. NOTE: this issue exists because of an incomplete fix for CVE-2012-5657.)
 CVE-2014-2027 (eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php.)
Оригинальный текстdocumentUBUNTU, [USN-2558-1] Mailman vulnerability (12.05.2015)
 documentBartlomiej Balcerek, WSO2 Identity Server multiple vulnerabilities (12.05.2015)
 documentMANDRIVA, Manage Engine Desktop Central 9 - CVE-2015-2560 - Unauthorised administrative password reset (12.05.2015)
 documentMANDRIVA, [ MDVSA-2015:087 ] egroupware (12.05.2015)
 documentMANDRIVA, [ MDVSA-2015:097 ] php-ZendFramework (12.05.2015)
 documentMANDRIVA, [ MDVSA-2015:167 ] glpi (12.05.2015)
 documentMANDRIVA, [ MDVSA-2015:181 ] drupal (12.05.2015)
 documentMANDRIVA, [ MDVSA-2015:185 ] dokuwiki (12.05.2015)
 documentMANDRIVA, [ MDVSA-2015:186 ] phpmyadmin (12.05.2015)
 documentAPACHE, [SECURITY ANNOUNCEMENT] CVE-2015-0225 (12.05.2015)
 documentbhadresh.patel_(at)_helpag.com, HotExBilling Manager Cross-site scripting (XSS) vulnerability (12.05.2015)
 documentAPACHE, CVE-2015-1773 Apache Flex reflected XSS vulnerability (12.05.2015)
 documentSecurify B.V., Reflected Cross-Site Scripting vulnerability in asdoc generated documentation (12.05.2015)
 documentSecurify B.V., Reflected Cross-Site Scripting vulnerability in asdoc generated documentation (12.05.2015)
 documentDaniel Geerts, [CVE-2015-2926] XSS vuln in phpTrafficA (12.05.2015)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20150409-0 :: Multiple XSS & XSRF vulnerabilities in Comalatech Comala Workflows (12.05.2015)
 documentMANDRIVA, [ MDVSA-2015:200 ] mediawiki (12.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3227-1] movabletype-opensource security update (12.05.2015)
 documentalex_haynes_(at)_outlook.com, [CVE-2014-5361][CVE-2014-5362]Landesk Management Suite RFI & CSRF Security Vulnerabilities (12.05.2015)
 documentprathan.ptr_(at)_gmail.com, Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability (12.05.2015)
 documentFilippo Cavallarin, Lychee 2.7.1 remote code execution (12.05.2015)
 documentDEBIAN, [SECURITY] [DSA 3230-1] django-markupfield security update (12.05.2015)
 documentJouko Pynnonen, Google Analytics by Yoast stored XSS #2 (12.05.2015)
 documentroot_(at)_localhost.com, GoAutoDial 3.3 multiple vulnerabilities (12.05.2015)
 documentkkulkarni_(at)_controlcase.com, Reflected XSS Vulnerability In Manage Engine Firewall Analyzer (12.05.2015)
 documentHigh-Tech Bridge Security Research, Multiple Cross-Site Scripting (XSS) in FreePBX (12.05.2015)
 documentZoRLu Bugrahan, Avsarsoft Matbaa Script - Multiple Vulnerabilities (12.05.2015)
 documentZoRLu Bugrahan, Encaps PHP/Flash Gallery 2.3.22s Database Puffing Up Exploit (12.05.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород