Computer Security
[EN] no-pyccku

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:12864
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ELGG : Elgg 1.8
 WORDPRESS : WordPress 3.5
 RAILS : Ruby on Rails 3.0
 RAILS : Ruby on Rails 2.3
 DATALIFE : DataLife Engine 9.7
 KOHANA : Kohana 2.3
 WORDPRESS : WordPress Attack Scanner 0.9
CVE:CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.)
 CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 does not properly convert JSON data to YAML data for processing by a YAML parser, which allows remote attackers to execute arbitrary code, conduct SQL injection attacks, or bypass authentication via crafted data that triggers unsafe decoding, a different vulnerability than CVE-2013-0156.)
Original documentdocumentMustLive, Re: Wordpress Pingback Port Scanner (04.02.2013)
 documentMustLive, Multiple vulnerabilities in Chocolate WP theme for WordPress (04.02.2013)
 documentMustLive, Vulnerabilities in WordPress Attack Scanner for WordPress (04.02.2013)
 documentmo bkafek, WordPressSearch plugin SQL Injection Vulnerability (04.02.2013)
 documentMustLive, Multiple vulnerabilities in Flash News theme for WordPress (04.02.2013)
 documentVulnerability Lab, nCircle PureCloud Vulnerability Scanner - Multiple Web Vulnerabilities (04.02.2013)
 documentVulnerability Lab, Kohana Framework v2.3.3 - Directory Traversal Vulnerability (04.02.2013)
 documentEgidio Romano, [KIS-2013-01] DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability (04.02.2013)
 documentMoritz Naumann, XSS in Elgg 1.8.12, 1.7.16 (core module "Twitter widget") (04.02.2013)
 documentDEBIAN, [SECURITY] [DSA 2613-1] rails security update (04.02.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod