Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:8 июня 2015 г.
Источник:
SecurityVulns ID:14523
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:FUSIONFORGE : fusionforge 5.3
 DBNINJA : DbNinja 3.2
 ZEND : ZendFramework 1.12
 JSPADMIN : JSPAdmin 1.1
 WORDPRESS : zM Ajax Login & Register 1.0
 WORDPRESS : Free Counter 1.1
 MANAGEENGINE : ManageEngine EventLog Analyzer 10.0
 WORDPRESS : Users Ultra 1.5
 WORDPRESS : WP Membership 4.2
 WORDPRESS : WP Photo Album Plus 6.1
 EKTRON : Ektron 9.10
 VFRONT : vfront 0.99
 SYSAID : SysAid Help Desk 14.4
 RESOURCESPACE : ResourceSpace 7.1
 ENHANCEDSQLPORTA : Enhanced SQL Portal 5.0
 SYMPHONY : Symphony CMS 2.6
 ANIMAGALLERY : AnimaGallery 2.6
 WORDPRESS : Form 1.0
 WORDPRESS : Xloner 3.1
CVE:CVE-2015-4338 (Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field for a language, as demonstrated by language/italian.php.)
 CVE-2015-4337 (Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.)
 CVE-2015-4336 (cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrated by using the backup comments feature to create the file.)
 CVE-2015-4153 (Directory traversal vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to include and execute arbitrary php files via a relative path in the template parameter in a load_template action to wp-admin/admin-ajax.php.)
 CVE-2015-4109 (Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php.)
 CVE-2015-4084 (Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php.)
 CVE-2015-4050 (FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment.)
 CVE-2015-4039
 CVE-2015-4038 (The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php.)
 CVE-2015-4010 (Cross-site request forgery (CSRF) vulnerability in the Encrypted Contact Form plugin before 1.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the iframe_url parameter in an Update Page action in the conformconf page to wp-admin/options-general.php.)
 CVE-2015-3648 (Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.)
 CVE-2015-3647 (Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action.)
 CVE-2015-3624 (Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.)
 CVE-2015-3154
 CVE-2015-3001 (SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express user account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password.)
 CVE-2015-0850 (The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.)
 CVE-2014-9405
 CVE-2014-9382
Оригинальный текстdocumentlarry0_(at)_me.com, Xloner v3.1.2 wordpress plugin authenticated command execution and XSS (08.06.2015)
 documentvenkatesh.nitin_(at)_gmail.com, CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 (08.06.2015)
 documentd4rkr0id_(at)_gmail.com, AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability (08.06.2015)
 documentapparitionsec_(at)_gmail.com, Symphony CMS 2.6.2 (08.06.2015)
 documentapparitionsec_(at)_gmail.com, Symphony CMS XSS Vulnerability (08.06.2015)
 documenthyp3rlinx_(at)_gmail.com, Webgrind XSS vulnerability (08.06.2015)
 documentapparitionsec_(at)_gmail.com, DbNinja 3.2.6 Flash XSS Vulnerabilities (08.06.2015)
 documentapparitionsec_(at)_gmail.com, JSPMyAdmin SQL Injection, CSRF & XSS Vulnerabilities (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3275-1] fusionforge security update (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3276-1] symfony security update (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3249-2] jqueryui security update (08.06.2015)
 documentapparitionsec_(at)_gmail.com, vfront-0.99.2 CSRF & Persistent XSS (08.06.2015)
 documentapparitionsec_(at)_gmail.com, Enhanced SQL Portal 5.0.7961 XSS Vulnerability (08.06.2015)
 documenthuyngocbk_(at)_gmail.com, Freebox OS Web interface 3.0.2 XSS, CSRF (08.06.2015)
 documentjerold_(at)_v00d00sec.com, Ektron CMS 9.10 SP1 - CSRF Vulnerability (08.06.2015)
 documentjerold_(at)_v00d00sec.com, Ektron CMS 9.10 SP1 - XSS Vulnerability (08.06.2015)
 documentjerold_(at)_v00d00sec.com, Ektron CMS 9.10 SP1 - XSS Vulnerability (08.06.2015)
 documentHigh-Tech Bridge Security Research, Local PHP File Inclusion in ResourceSpace (08.06.2015)
 documentPedro Ribeiro, [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc) (08.06.2015)
 documentjerold_(at)_v00d00sec.com, IBM Watson (Cognea) - XSS and Redirect Vulnerabilities (08.06.2015)
 documentDEBIAN, [SECURITY] [DSA 3265-1] zendframework security update (08.06.2015)
 documentakashchavan0708_(at)_gmail.com, ManageEngine EventLog Analyzer V:10.0 CSRF Vulnerability (08.06.2015)
 documentVulnerability Lab, CRUCMS Crucial Networking - SQL Injection Vulnerability (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4109 - WordPress Users Ultra Plugin [SQL injection] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4153 - WordPress zM Ajax Login & Register Plugin [Local File Inclusion] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4039 - WordPress WP Membership plugin [Stored XSS] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4038 - WordPress WP Membership plugin [Privilege escalation] (08.06.2015)
 documentpan.vagenas_(at)_gmail.com, CVE-2015-4084 - WordPress Free Counter Plugin [Stored XSS] (08.06.2015)
 documentHigh-Tech Bridge Security Research, Stored XSS in WP Photo Album Plus WordPress Plugin (08.06.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород