Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.08.2014
Source:
SecurityVulns ID:13930
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CACTI : cacti 0.8
 TOMATOCART : TomatoCart 1.1
 APACHE : OFBiz 12.04
 WORDPRESS : Wordpress 3.6
 CHECKMK : check_mk 1.2
 MEDIAWIKI : mediawiki 1.19
 APACHE : Cordova 3.5
 BROWSERIFY : Browserify 4.2
 INNOVAPHONE : Innovaphone PBX 10.00
 JAMROOM : Jamroom 5.2
 DRUPAL : Drupal 7.31
 OPENDAYLIGHT : Opendaylight 1.0
 REPORTBUG : reportbug 6.4
 PROCHATROOMS : Pro Chat Rooms 8.2
 READSOFT : Readsoft Invoice Servicepack 5.6
 READSOFT : Readsoft Process Director 7.2
CVE:CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to an automation URL.)
 CVE-2014-5339 (Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote authenticated users to write check_mk config files (.mk files) to arbitrary locations via vectors related to row selections.)
 CVE-2014-5338 (Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors to the (1) render_status_icons function in htmllib.py or (2) ajax_action function in actions.py.)
 CVE-2014-5335 (Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify configurations or user accounts, as demonstrated by (1) changing the administrator password via a crafted request to CMD0/mod_cmd.xml or (2) adding a new SIP user via a crafted request to PBX0/ADMIN/mod_cmd_login.xml.)
 CVE-2014-5262 (SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.)
 CVE-2014-5261 (The graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a font size, related to the rrdtool commandline in lib/rrd.php.)
 CVE-2014-5243 (MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.)
 CVE-2014-5241 (The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive information, via a crafted OBJECT element with SWF content consistent with a restricted character set.)
 CVE-2014-5122 (Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login.)
 CVE-2014-5098 (Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML via the query string to search/results/.)
 CVE-2014-5097 (Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.)
 CVE-2014-5035 (The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, related to an XML External Entity (XXE) issue.)
 CVE-2014-5027 (Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.)
 CVE-2014-5026 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.)
 CVE-2014-5025 (Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the name_cache parameter in a ds_edit action.)
 CVE-2014-4722 (Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-4002 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php.)
 CVE-2014-3978 (SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.)
 CVE-2014-3830 (Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter.)
 CVE-2014-2709 (lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.)
 CVE-2014-2708 (Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter.)
 CVE-2014-2328 (lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.)
 CVE-2014-2327 (Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that (1) modify binary files, (2) modify configurations, or (3) add arbitrary users.)
 CVE-2014-2326 (Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2014-0483 (The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.)
 CVE-2014-0482 (The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors related to the REMOTE_USER header.)
 CVE-2014-0481 (The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a denial of service (CPU consumption) by unloading a multiple files with the same name.)
 CVE-2014-0480 (The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL to be generated.)
 CVE-2014-0479 (reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows remote attackers to execute arbitrary commands via vectors related to compare_versions and reportbug/checkversions.py.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140805-0 :: Multiple vulnerabilities in Readsoft Invoice Processing and Process Director (26.08.2014)
 documentmike.manzotti_(at)_dionach.com, Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities (26.08.2014)
 documentMustLive, XSS, FPD and RCE vulnerabilities in DZS Video Gallery for WordPress (26.08.2014)
 documentDEBIAN, [SECURITY] [DSA 2997-1] reportbug security update (26.08.2014)
 documentKenny Mathis, TomatoCart v1.x (latest-stable) Multiple Vulnerabilities (26.08.2014)
 documentMANDRIVA, [ MDVSA-2014:156 ] ocsinventory (26.08.2014)
 documentMarcel Kinard, Apache Cordova 3.5.1: CVE-2014-3502 update (26.08.2014)
 documentGregory Pickett, CVE-2014-5035 - Opendaylight Vulnerable to Local and Remote File Inclusion in the Netconf (TCP) Service (26.08.2014)
 documentDEBIAN, [SECURITY] [DSA 2999-1] drupal7 security update (26.08.2014)
 documentDEBIAN, [SECURITY] [DSA 3001-1] wordpress security update (26.08.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in Jamroom (26.08.2014)
 documentAPACHE, [CVE-2014-0232] Apache OFBiz Cross-site scripting (XSS) vulnerability (26.08.2014)
 documentCERT_(at)_telekom.de, Deutsche Telekom CERT Advisory [DTC-A-20140820-001] check_mk vulnerabilities (26.08.2014)
 documentDEBIAN, [SECURITY] [DSA 3007-1] cacti security update (26.08.2014)
 documentDEBIAN, [SECURITY] [DSA 2970-1] cacti security update (26.08.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection Vulnerability in ArticleFR (26.08.2014)
 documentRomano, Christian, ArcGIS for Server Vulnerability Disclosure (26.08.2014)
 documentrg_(at)_nsideattacklogic.de, [CVE-2014-5335] CSRF in Innovaphone PBX (26.08.2014)
 documentDEBIAN, [SECURITY] [DSA 3010-1] python-django security update (26.08.2014)
 documentCal Leeming [Simplicity Media Ltd], Node Browserify RCE vuln (<= 4.2.0) (26.08.2014)
 documentDEBIAN, [SECURITY] [DSA 3011-1] mediawiki security update (26.08.2014)
 documentcseye_ut_(at)_yahoo.com, DNN(DotNetNuke®) Iconbar Control Panel Bad Access Level config (26.08.2014)
 documentcseye_ut_(at)_yahoo.com, DNN(DotNetNuke®) Ribbon Bar Control Panel Bad Access Level config (26.08.2014)
 documentcseye_ut_(at)_yahoo.com, MEHR Automation System Arbitrary File Download Vulnerability(persian portal) (26.08.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod