Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:27 июля 2015 г.
Источник:
SecurityVulns ID:14610
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:AXIGEN : Axigen 8.0
 GETSIMPLE : GetSimpleCMS 3.3
 APACHE : Groovy 2.4
 NOVELL : GroupWise 2014
 THAIWEB : ThaiWeb CMS 2015Q3
 XCEEDIUM : Xsuite 2.4
 WORDPRESS : Count Per Day 3.4
 CACTI : cacti 0.8
 OPENWEB : Open-Web-Analytics 1.5
 NETCRACKER : NetCracker 8.0
 KASEYA : Kaseya Virtual System Administrator 9.1
 WORDPRESS : Paid Memberships Pro 1.8
CVE:CVE-2015-5533
 CVE-2015-5532
 CVE-2015-5379
 CVE-2015-4669
 CVE-2015-4664
 CVE-2015-4634 (SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.)
 CVE-2015-3423
 CVE-2015-2878
 CVE-2015-2863 (Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2015-2862 (Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users to read arbitrary files via a crafted HTTP request.)
 CVE-2015-2207
Оригинальный текстdocumentadrian.vollmer_(at)_syss.de, Novell GroupWise 2014 WebAccess vulnerable to XSS attacks (27.07.2015)
 documentCedric Champeau, [CVE-2015-3253] Apache Groovy Zero-Day Vulnerability Disclosure (27.07.2015)
 documentPedro Ribeiro, [CVE-2015-2862/2863 / CERT VU#919604] Kaseya VSA arbitrary file download / open redirect (27.07.2015)
 documentlilian_iatco_(at)_yahoo.com, XSS vulnerability in OFBiz forms (27.07.2015)
 documentTim, XSS, Code Execution, DOS, Password Leak, Weak Authentication in GetSimpleCMS 3.3.5 (27.07.2015)
 documentVulnerability Lab, FoxyCart Bug Bounty #1 - Filter Bypass & Persistent Vulnerability (27.07.2015)
 documentAXIGEN, CVE-2015-5379: Axigen XSS vulnerability for html attachments (27.07.2015)
 documentapparitionsec_(at)_gmail.com, Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure & XSS Vulnerabilities (27.07.2015)
 documentjychia.sec_(at)_gmail.com, NetCracker Resource Management 8.0 - XSS Vulnerability (27.07.2015)
 documentjychia.sec_(at)_gmail.com, NetCracker Resource Management 8.0 - SQL Injection Vulnerability (27.07.2015)
 documentDEBIAN, [SECURITY] [DSA 3312-1] cacti security update (27.07.2015)
 documentHigh-Tech Bridge Security Research, Multiple XSS Vulnerabilities in Paid Memberships Pro WordPress Plugin (27.07.2015)
 documentHigh-Tech Bridge Security Research, SQL Injection in Count Per Day WordPress Plugin (27.07.2015)
 documentmodzero security, Multiple (remote and local) Vulnerabilities in Xceedium Xsuite [MZ-15-02] (27.07.2015)
 documentVulnerability Lab, ThaiWeb CMS 2015Q3 - SQL Injection Web Vulnerability (27.07.2015)
 documentDEBIAN, [SECURITY] [DSA 3314-1] typo3-src end of life (27.07.2015)
 documentapparitionsec_(at)_gmail.com, Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878 (27.07.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород