Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:12791
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OPENDOCMAN : OpenDocMan 1.2
 FCKEDITOR : FCKeditor 2.6
 TINYBROWSER : TinyBrowser 1.42
 WORDPRESS : Rokbox 2.13
 FOSWIKI : Foswiki 1.1
 WORDPRESS : WordPress 3.5
 WORDPRESS : portable-phpMyAdmin 1.3
 ADDRESSBOOK : Addressbook 8.1
 FRONTACCOUNT : Front Account 2.3
 AXWAY : SecureTransport 5.1
CVE:CVE-2012-6330 (The localization functionality in TWiki before 5.1.3, and Foswiki 1.0.x through 1.0.10 and 1.1.x through 1.1.6, allows remote attackers to cause a denial of service (memory consumption) via a large integer in a %MAKETEXT% macro.)
 CVE-2012-6329 (The _compile function in in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.)
 CVE-2012-5469 (The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.)
 CVE-2012-4991 (Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.)
Original documentdocumentPerez, Sebastian (LATCO - Buenos Aires), Path Traversal Vulnerability on Secure Transport versions 5.1 SP2 and earlier (18.12.2012)
 documentbugreport_(at), FCKEditor File Upload Vulnerability (18.12.2012)
 documentKenneth F. Belva, File Upload Concern in Front Account 2.3.13 and OpenDocMan (18.12.2012)
 documentKenneth F. Belva, OpenDocMan - 3 Vulnerabilities (18.12.2012)
 documentKenneth F. Belva, Addressbook v8.1.24.1 Group Name XSS (18.12.2012)
 documentMark Stanislav, 'portable-phpMyAdmin (WordPress Plugin)' Authentication Bypass (CVE-2012-5469) (18.12.2012)
 documentFireFart_(at), Wordpress Pingback Port Scanner (18.12.2012)
 documentGeorge Clark, Foswiki Security Alert CVE-2012-6329, CVE-2012-6330 Remote code execution and other vulnerabilities in MAKETEXT macro (18.12.2012)
 documentMustLive, Multiple vulnerabilities in RokBox for WordPress (18.12.2012)
 documentMustLive, TinyBrowser Upload Shell Vulnerability (18.12.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod