Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.10.2014
Source:
SecurityVulns ID:14008
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BUGZILLA : Bugzilla 4.5
 ZARAFA : zarafa 7.1
 MEDIAWIKI : mediawiki 1.19
 WEBEDITION : webEdition 6.3
 WORDPRESS : WordPress Slideshow Gallery 1.4
 WORDPRESS : All In One WP Security 3.8
 WORDPRESS : All In One Wordpress Firewall 3.8
 WORDPRESS : Photo Gallery 1.1
 WORDPRESS : BulletProof Security 50.8
 WORDPRESS : EWWW Image Optimizer 2.0
 WORDPRESS : Contact Form DB 2.8
 WORDPRESS : Google Calendar Events 2.0
 INPORTAL : In-Portal CMS 5.2
 HTTPCOMMANDERAJS : HTTP Commander AJS 3.1
 PHPMYADMIN : phpmyadmin 4.2
 TEXTPATTERN : Textpattern 4.5
 MODX : MODX Revolution
 BLACKCAT : BlackCat CMS 1.0
 MYWEBSQL : MyWebSQL 3.4
 FREEPBX : FreePBX 2.9
 MOAB : Moab 7.2
 MOAB : Moab 8.0
 OPMANAGER : OpManager 11.2
 X2ENGINE : X2Engine 4.1
 MANTIS : mantis 1.2
 KONAKART : KonaKart 7.2
CVE:CVE-2014-7295 (The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripting (XSS) attacks or have unspecified other impact via crafted CSS, as demonstrated by modifying MediaWiki:Common.css.)
 CVE-2014-7217 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.)
 CVE-2014-7139 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php.)
 CVE-2014-7138 (Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.)
 CVE-2014-6315 (Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.)
 CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.)
 CVE-2014-6243 (Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message.)
 CVE-2014-6242 (Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.)
 CVE-2014-6036 (Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.)
 CVE-2014-6035 (Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.)
 CVE-2014-6034 (Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.)
 CVE-2014-5516
 CVE-2014-5460 (Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.)
 CVE-2014-5451 (Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" parameter to manager/. NOTE: this issue exists because of a CVE-2014-2080 regression.)
 CVE-2014-5450
 CVE-2014-5449 (Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.)
 CVE-2014-5448 (Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.)
 CVE-2014-5447 (Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.)
 CVE-2014-5376 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticated users to impersonate arbitrary users via the actor field in a message.)
 CVE-2014-5375 (The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate arbitrary users via the UserId and Owner tags.)
 CVE-2014-5300 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature.)
 CVE-2014-5298 (FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program.)
 CVE-2014-5297 (The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.)
 CVE-2014-5274 (Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.)
 CVE-2014-5273 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.)
 CVE-2014-5259 (Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.)
 CVE-2014-5258 (Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.)
 CVE-2014-4987 (server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.)
 CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.)
 CVE-2014-4958 (Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes.)
 CVE-2014-4955 (Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page.)
 CVE-2014-4954 (Cross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page.)
 CVE-2014-4737 (Cross-site scripting (XSS) vulnerability in Textpattern CMS before 4.5.7 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to setup/index.php.)
 CVE-2014-4735 (Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php.)
 CVE-2014-4349 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.)
 CVE-2014-4348 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.)
 CVE-2014-1609 (Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608.)
 CVE-2014-1608 (SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.)
 CVE-2014-0103 (WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores credentials in cleartext, which allows local Apache users to obtain sensitive information by reading the PHP session files.)
Original documentdocumentChristian Schneider, CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product (14.10.2014)
 documentDEBIAN, [SECURITY] [DSA 3030-1] mantis security update (14.10.2014)
 documentEgidio Romano, [KIS-2014-10] X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability (14.10.2014)
 documentEgidio Romano, [KIS-2014-09] X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability (14.10.2014)
 documentMANDRIVA, [ MDVSA-2014:182 ] zarafa (14.10.2014)
 documentmain_(at)_gsmcnamara.com, CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control (14.10.2014)
 documentPedro Ribeiro, [The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360 (14.10.2014)
 documentjohn.fitzpatrick_(at)_mwrinfosecurity.com, Moab Authentication Bypass [CVE-2014-5300] (14.10.2014)
 documentjohn.fitzpatrick_(at)_mwrinfosecurity.com, Moab User Impersonation [CVE-2014-5375] (14.10.2014)
 documentjohn.fitzpatrick_(at)_mwrinfosecurity.com, Moab Authentication Bypass (insecure message signing) [CVE-2014-5376] (14.10.2014)
 documentrob.thomas_(at)_schmoozecom.com, FreePBX (All Versions) RCE (14.10.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in MyWebSQL (14.10.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in BlackCat CMS (14.10.2014)
 documentHigh-Tech Bridge Security Research, Path Traversal in webEdition (14.10.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in MODX Revolution (14.10.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in Textpattern (14.10.2014)
 documentMANDRIVA, [ MDVSA-2014:194 ] phpmyadmin (14.10.2014)
 documentMANDRIVA, [ MDVSA-2014:183 ] phpmyadmin (14.10.2014)
 documentMANDRIVA, [ MDVSA-2014:164 ] phpmyadmin (14.10.2014)
 documentMANDRIVA, [ MDVSA-2014:143 ] phpmyadmin (14.10.2014)
 documentMANDRIVA, [ MDVSA-2014:126 ] phpmyadmin (14.10.2014)
 documentVulnerability Lab, HTTP Commander AJS v3.1.9 - Client Side Exception Vulnerability (14.10.2014)
 documentDEBIAN, [SECURITY] [DSA 3046-1] mediawiki security update (14.10.2014)
 documentMOZILLA, Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15 (14.10.2014)
 documentMustLive, XSS vulnerability in In-Portal CMS (14.10.2014)
 documentMustLive, Vulnerabilities in In-Portal CMS (14.10.2014)
 documentMustLive, Multiple vulnerabilities in Refraction theme for WordPress (14.10.2014)
 documentVulnerability Lab, WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability (CVE-2014-5460) (14.10.2014)
 documentVulnerability Lab, BulletProof Security Wordpress v50.8 - POST Inject Vulnerability (14.10.2014)
 documentVulnerability Lab, All In One Wordpress Firewall 3.8.3 - Persistent Vulnerability (14.10.2014)
 documentHigh-Tech Bridge Security Research, Two SQL Injections in All In One WP Security WordPress plugin (14.10.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin (14.10.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin (14.10.2014)
 documentHigh-Tech Bridge Security Research, Two XSS in Contact Form DB WordPress plugin (14.10.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin (14.10.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod