Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.05.2013
Source:
SecurityVulns ID:13053
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : Advanced XML Reader 0.3
 GETSIMPLE : GetSimple CMS 3.1
 B2EVOLUTION : b2evolution 4.1
 SNMPSOFT : Syslog Watcher Pro 2.8
 JOOMLA : Joomla 3.0
 ROUNDCUBE : RoundCube Webmail 0.8
 KRIMSONAV : KrisonAV CMS 3.0
 SOSCISURVEY : Sosci Survey 2.3
 MATRIX42 : Service Store 5.3
 OPENXCHANGE : Open-Xchange Server 6
 E107 : e107 1.0
 FUDFORUM : FUDforum 3.0
 SYMPHONY : Symphony 2.3
 ROYALTS : Royal TS 2.1
 ROYALTS : mRemote 1.50
 MAILORDERWORKS : MailOrderWorks 5.907
 WORDPRESS : podPress 8.8
 AWSDMS : AWS XMS 2.5
 ICINGA : icinga 1.7
 SYNCONNECT : SynConnect 2.0
 SMOKEPING : smokeping 2.6
 ZONEMINDER : zoneminder 1.25
 OPENCART : OpenCart 1.5
 APACHE : Rave 0.20
 APACHE : VCL 2.1
 APACHE : VCL 2.2
 APACHE : VCL 2.3
 VANILLAFORUMS : Vanilla Forums 2.0
 TINYWEBGALLERY : TinyWebGallery 1.8
 TYPO3 : typo3 4.5
 WORDPRESS : WordPress 3.3
 JOOMLA : Joomla 2.5
 XENFORO : XenForo 1.1
 JFORUM : jforum 2.1
 SWFUPLOAD : SWFUpload 2.2
 JWPLAYER : JW Player 5.10
 HORNBILL : Supportworks ITSM 1.0
 JPLAYER : jPlayer 2.2
 JPLAYER : jPlayer 2.3
 DOTCLEAR : Dotclear 2.4
 DOTCLEAR : Dotclear 2.5
 ZEROCLIPBOARD : ZeroClipboard 1.1
 PHPMYADMIN : phpmyadmin 3.5
 PHPMYADMIN : phpMyAdmin 4.0
CVE:CVE-2013-3242 (plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.)
 CVE-2013-3239 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.)
 CVE-2013-3238 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.)
 CVE-2013-2945 (SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.)
 CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string.)
 CVE-2013-2714
 CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.)
 CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.)
 CVE-2013-2631
 CVE-2013-2594 (SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter.)
 CVE-2013-2582 (CRLF injection vulnerability in the redirect servlet in Open-Xchange AppSuite and Server before 6.22.0 rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allows remote attackers to inject arbitrary HTTP headers and conduct open redirect attacks by leveraging improper sanitization of whitespace characters.)
 CVE-2013-2559 (SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.)
 CVE-2013-2504 (Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string.)
 CVE-2013-2474
 CVE-2013-2267
 CVE-2013-1904 (Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _value parameter for the generic_message_footer setting in a save-perf action to index.php, as exploited in the wild in March 2013.)
 CVE-2013-1843 (Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values.")
 CVE-2013-1814 (The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.)
 CVE-2013-1420
 CVE-2013-0332 (Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x before 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) view, (2) request, or (3) action parameter.)
 CVE-2013-0232 (includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) runState parameter in the packageControl function; or (2) key or (3) command parameter in the setDeviceStatusX10 function.)
 CVE-2012-6096 (Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable.)
 CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping 2.4.2, 2.6.6, and other versions before 2.6.7 allows remote attackers to inject arbitrary web script or HTML via the displaymode parameter.)
Original documentdocumentAPACHE, Apache VCL improper input validation (06.05.2013)
 documentAPACHE, [CVE-2013-1814] Apache Rave exposes User over API (06.05.2013)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum (06.05.2013)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] Reflected XSS in Asteriskguru Queue Statistics (06.05.2013)
 documentJanek Vind, [waraxe-2013-SA#098] - Directory Traversal Vulnerabilities in OpenCart 1.5.5.1 (06.05.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-03-13 (06.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2640-1] zoneminder security update (06.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2646-1] typo3-src security update (06.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2651-1] smokeping security update (06.05.2013)
 documentbhadresh.k.patel_(at)_cyberoam.com, SynConnect PMS SQL Injection Vulnerability (06.05.2013)
 documentDEBIAN, [SECURITY] [DSA 2653-1] icinga security update (06.05.2013)
 documentHigh-Tech Bridge Security Research, Path Traversal in AWS XMS (06.05.2013)
 documenthip_(at)_insight-labs.org, WordPress podPress Plugin XSS in SWF (06.05.2013)
 documentVulnerability Lab, MailOrderWorks v5.907 - Multiple Web Vulnerabilities (06.05.2013)
 documentJanek Vind, [waraxe-2013-SA#100] - Update Spoofing Vulnerability in mRemote 1.50 (06.05.2013)
 documentJanek Vind, [waraxe-2013-SA#101] - Update Spoofing Vulnerability in Royal TS 2.1.5 (06.05.2013)
 documentHigh-Tech Bridge Security Research, SQL Injection Vulnerability in Symphony (06.05.2013)
 documentHigh-Tech Bridge Security Research, PHP Code Injection in FUDforum (06.05.2013)
 documentSimon Bieber, TC-SA-2013-01: Reflected Cross-Site-Scripting (XSS) vulnerability in e107 CMS v1.0.2 (06.05.2013)
 documentmschratt_(at)_mfs-enterprise.com, Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable (06.05.2013)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9 (06.05.2013)
 documentJanek Vind, [waraxe-2013-SA#102] - Reflected XSS in phpMyAdmin 3.5.7 (06.05.2013)
 documentOPENXCHANGE, Open-Xchange Security Advisory 2013-04-17 (06.05.2013)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in KrisonAV CMS (06.05.2013)
 documentSEC Consult Vulnerability Lab, SEC Consult 20130417-0 :: Multiple vulnerabilities in Sosci Survey (06.05.2013)
 document43z sec, CVE-2013-2504 : Matrix42 Service Desk XSS (06.05.2013)
 documentMichal Blaszczak, [SQLi] vBilling for FreeSWITCH (06.05.2013)
 documentMANDRIVA, [ MDVSA-2013:149 ] roundcubemail (06.05.2013)
 documentJanek Vind, [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin (06.05.2013)
 documentEgidio Romano, [KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability (06.05.2013)
 documentdemonalex_(at)_163.com, Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability (06.05.2013)
 documentHigh-Tech Bridge Security Research, SQL Injection in b2evolution (06.05.2013)
 documentHigh-Tech Bridge Security Research, Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS (06.05.2013)
 documentMANDRIVA, [ MDVSA-2013:160 ] phpmyadmin (06.05.2013)
 documentadmin_(at)_elites0ft.com, WordPress Plugin: Advanced XML Reader v0.3.4 XXE Vulnerability (06.05.2013)
 documentMustLive, Vulnerabilities in SWFUpload in multiple web applications: WordPress, Dotclear, InstantCMS, AionWeb and others (06.05.2013)
 documentMustLive, XSS vulnerabilities in ZeroClipboard and multiple web applications (06.05.2013)
 documentMustLive, XSS vulnerabilities in ZeroClipboard in multiple plugins for WordPress (06.05.2013)
 documentMustLive, XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress (06.05.2013)
 documentMustLive, XSS and CS vulnerabilities in Dotclear (06.05.2013)
 documentMustLive, Vulnerabilities in AI-Bolit (06.05.2013)
 documentMustLive, Multiple vulnerabilities in Colormix theme for WordPress (06.05.2013)
 documentMustLive, Vulnerabilities in jPlayer (06.05.2013)
 documentMustLive, Vulnerabilities in multiple plugins for WordPress with jPlayer (06.05.2013)
 documentMustLive, Vulnerabilities in multiple themes for WordPress with jPlayer (06.05.2013)
 documentresearch_(at)_reactionis.co.uk, hornbill supportworks SQL injection (06.05.2013)
 documentX-Cisadane, Site by Webrevelation SQL Injection Vulnerability (06.05.2013)
 documentMustLive, XSS vulnerability in JW Player and JW Player Pro (06.05.2013)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod