Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:2 января 2015 г.
Источник:
SecurityVulns ID:14189
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:WORDPRESS : Cforms 14.7
 MANTIS : mantis 1.2
 OSCLASS : OsClass 3.4
 SYMANTEC : Symantec Web Gateway 5.2
CVE:CVE-2014-8085 (Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.)
 CVE-2014-8084 (Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a custom action.)
 CVE-2014-8083 (SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.)
 CVE-2014-7862
 CVE-2014-7285 (The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.)
 CVE-2014-7146 (The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows remote attackers to execute arbitrary PHP code via a crafted (1) description field or (2) issuelink attribute in an XML file, which is not properly handled when executing the preg_replace function with the e modifier.)
Оригинальный текстdocumentz.fedotkin_(at)_infosec.ru, Remote Code Execution via Unauthorised File upload in Cforms 14.7 (02.01.2015)
 documentPedro Ribeiro, [The ManageOwnage Series, part X]: 0-day administrator account creation in Desktop Central (02.01.2015)
 documentEgidio Romano, [KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability (02.01.2015)
 documentEgidio Romano, [KIS-2014-15] Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability (02.01.2015)
 documentEgidio Romano, [KIS-2014-16] Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability (02.01.2015)
 documentEgidio Romano, [KIS-2014-18] Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability (02.01.2015)
 documentEgidio Romano, [KIS-2014-19] Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability (02.01.2015)

Атаки triple handhsake против TLS в EMC RSA BSAFE
Опубликовано:2 января 2015 г.
Источник:
SecurityVulns ID:14190
Тип:m-i-t-m
Уровень опасности:
7/10
Описание:Не проверяет сертификат при переустановке соединения.
Затронутые продукты:EMC : RSA BSAFE Micro Edition Suite 4.1
 EMC : RSA BSAFE SSL-J 6.1
CVE:CVE-2014-4630 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack.")
Оригинальный текстdocumentEMC, ESA-2014-158: RSA BSAFE® Micro Edition Suite and SSL-J Triple Handshake Vulnerability (02.01.2015)

Повышение привилегий в EMC Replication Manager / EMC AppSync
Опубликовано:2 января 2015 г.
Источник:
SecurityVulns ID:14191
Тип:удаленная
Уровень опасности:
5/10
Описание:Путь в реестре хранится без двойных кавычек.
Затронутые продукты:EMC : EMC Replication Manager 5.5
 EMC : EMC AppSync 2.1
CVE:CVE-2014-4634 (Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.)
Оригинальный текстdocumentEMC, ESA-2014-179: EMC Replication Manager and EMC AppSync Unquoted Service Path Enumeration Vulnerability (02.01.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород