Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.10.2015
Source:
SecurityVulns ID:14750
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : ResAds 1.0
 WORDPRESS : Payment Form for PayPal Pro 1.0
 SOURCEBANS : SourceBans 1.4
 LINUXOPTIC : LinuxOptic CMS 2009
 WORDPRESS : Font 7.5
 GTSOLUTIONS : Pie Register 2.0
 OPENFIRE : Openfire 3.10
 NODEBB : NodeBB 0.8
 WEBGROUPMEDIA : Cerb 7.0
 DRUPAL : drupal 7.39
 ATLASSIAN : Bamboo 5.9
 WEBCOMINDIA : WebComIndia CMS 2015Q4
 ZEND : ZendFramework 1.12
 EASY2MAP : Easy2Map 1.2
 BMC : BMC Remedy AR 9.0
 MANAGEENGINE : ServiceDesk Plus 9
 OPENTEXT : Secure MFT 2015
 SUPPORTTICKET : Support Ticket System 1.2
 APACHE : James Server 2.3
 WORDPRESS : DWBooster Appointment Booking Calendar 1.1
 MOZILLA : Bugzilla 5.0
 DATATABLES : DataTables 1.10
 ATLASSIAN : JIRA 6.4
 JENKINS : Jenkins 1.626
 WORDPRESS : YouTube Embed 3.3
 TWIG : twig 1.20
 LIMESURVEY : Lime Survey 2.06
 K2 : K2 Platforms 4.6
 REVIVEADSERVER : Revive Adserver 3.2
 X2ENGINE : X2Engine 4.2
 COMBODO : iTop 2.1
 MAGENTO : Magento 1.9
 QLIKVIEW : Qlikview 11.20
 JSPMYSQL : JSPMySQL 1.0
 TESTLINK : TestLink 1.9
CVE:CVE-2015-7683 (Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxProxy.php.)
 CVE-2015-7682 (Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php.)
 CVE-2015-7670
 CVE-2015-7669
 CVE-2015-7668
 CVE-2015-7667
 CVE-2015-7666
 CVE-2015-7391
 CVE-2015-7390
 CVE-2015-7377 (Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URI.)
 CVE-2015-7373 (Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not properly handled in a banner.)
 CVE-2015-7372 (Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle parameter.)
 CVE-2015-7371 (Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request.)
 CVE-2015-7370 (Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) data-file parameter.)
 CVE-2015-7369 (The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via unspecified vectors.)
 CVE-2015-7368 (Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cache.)
 CVE-2015-7367 (Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked.)
 CVE-2015-7366 (Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow remote attackers to hijack the authentication of users for requests that (1) perform certain plugin actions and possibly cause a denial of service (disabled core plugins) via unknown vectors or (2) change the contact name and language or possibly have unspecified other impact via a crafted POST request to an account-user-*.php script.)
 CVE-2015-7365 (Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file containing errors.)
 CVE-2015-7364 (The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypass the CSRF protection mechanism via an empty token.)
 CVE-2015-7320 (Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2015-7319 (SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.)
 CVE-2015-7299 (SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.)
 CVE-2015-6665 (Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag.)
 CVE-2015-6661 (Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu.)
 CVE-2015-6660 (The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's account via vectors related to "file upload value callbacks.")
 CVE-2015-6659 (SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.)
 CVE-2015-6658 (Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files.)
 CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.)
 CVE-2015-6576
 CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.)
 CVE-2015-6544
 CVE-2015-6497
 CVE-2015-6000
 CVE-2015-5956 (The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.)
 CVE-2015-5723
 CVE-2015-5715
 CVE-2015-5714
 CVE-2015-5603 (The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability.")
 CVE-2015-5076 (Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/rollbackImport.php; the (3) bc, (4) fg, (5) bgc, or (6) font parameter in protected/views/site/listener.php; the (7) Services[*] parameter in protected/components/views/webForm.php; the (8) file parameter in protected/components/TranslationManager.php; the (9) x2_key parameter in protected/tests/webscripts/x2WebTrackingTestPages/customWebLeadCaptureScriptTest.php; the (10) id parameter in protected/modules/contacts/controllers/ContactsController.php; or the (11) lastEventId parameter to index.php/profile/getEvents.)
 CVE-2015-5075 (Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account via a crafted request to index.php/users/create.)
 CVE-2015-5074 (Incomplete blacklist vulnerability in the FileUploadsFilter class in protected/components/filters/FileUploadsFilter.php in X2Engine X2CRM before 5.0.9 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a .pht extension.)
 CVE-2015-5072
 CVE-2015-5071
 CVE-2015-4499 (Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to obtain the default privileges for an arbitrary domain name by placing that name in a substring of an address, as demonstrated by truncation of an @mozilla.com.example.com address to an @mozilla.com address.)
 CVE-2015-3623 (XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.)
 CVE-2014-8778 (Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3343-1] twig security update (26.10.2015)
 documentgrajalerts.noreply_(at)_gmail.com, CVE-2015-6535: Stored XSS in YouTube Embed (WordPress plugin) allows admins to compromise super admins (26.10.2015)
 documentsmash_(at)_devilteam.pl, Jenkins 1.626 - Cross Site Request Forgery / Code Execution (26.10.2015)
 documentVulnerability Lab, Dogma India dogmaindia CMS - Auth Bypass Vulnerability (26.10.2015)
 documentVulnerability Lab, LinuxOptic CMS 2009 - Auth Bypass Session Vulnerability (26.10.2015)
 documentDEBIAN, [SECURITY] [DSA 3346-1] drupal7 security update (26.10.2015)
 documentDavid Black, CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection (26.10.2015)
 documentHigh-Tech Bridge Security Research, Cross-Site Request Forgery in Cerb (26.10.2015)
 documenthdau_(at)_deloitte.fr, Checkmarx CxQL Sandbox bypass (CVE-2014-8778) (26.10.2015)
 documentapparitionsec_(at)_gmail.com, JSPMySQL Administrador CSRF & XSS Vulnerabilities (26.10.2015)
 documentalex_haynes_(at)_outlook.com, [CVE-2015-3623] Qlikview blind XXE Security Vulnerability (26.10.2015)
 documentOnur Yilmaz, DataTables Security Advisory - XSS Vulnerability - CVE-2015-6584 (26.10.2015)
 documentMOZILLA, Security Advisory for Bugzilla 5.0.1, 4.4.10 and 4.2.15 (26.10.2015)
 documentMOZILLA, Security advisory for Bugzilla 5.0, 4.4.9, and 4.2.14 (26.10.2015)
 documentEgidio Romano, [KIS-2015-04] Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability (26.10.2015)
 documentAhrens, Julien, [CVE-2015-5956] Typo3 Core sanitizeLocalUrl() Non-Persistent Cross-Site Scripting (26.10.2015)
 documentapparitionsec_(at)_gmail.com, Openfire 3.10.2 CSRF Vulnerabilities (26.10.2015)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in iTop (26.10.2015)
 documentadvisories_(at)_portcullis-security.com, CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine (26.10.2015)
 documentadvisories_(at)_portcullis-security.com, CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine (26.10.2015)
 documentadvisories_(at)_portcullis-security.com, CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine (26.10.2015)
 documentibemed_(at)_gmail.com, CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin (26.10.2015)
 documentibemed_(at)_gmail.com, CVE-2015-7320 - Multiple Reflective XSS in Appointment Booking Calendar 1.1.7 WordPress plugin (26.10.2015)
 documentVulnerability Lab, NodeBB v0.8.2 - Client Side Cross Site Web Vulnerability (26.10.2015)
 documentBenjamin Daniel Mussler, Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000) (26.10.2015)
 documentAPACHE, Apache James Server 2.3.2 security vulnerability fixed (26.10.2015)
 documentadrian.vollmer_(at)_syss.de, [SYSS-2015-039] CSRF in OpenText Secure MFT (26.10.2015)
 documentPedro Ribeiro, [ZDI-15-396] ManageEngine ServiceDesk Plus remote code execution (26.10.2015)
 documentappsec_(at)_bmc.com, Correction: BMC-2015-0005: File inclusion vulnerability caused by misconfiguration of "BIRT Viewer" servlet as used in BMC Remedy AR Reporting (26.10.2015)
 documentappsec_(at)_bmc.com, Correction: BMC-2015-0006: File inclusion vulnerability caused by misconfiguration of "BIRT Engine" servlet as used in BMC Remedy AR Reporting (26.10.2015)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in SourceBans (26.10.2015)
 documentibemed_(at)_gmail.com, Multiple Reflected XSS in Payment Form for PayPal Pro version 1.0.1 WordPress plugin (26.10.2015)
 documentibemed_(at)_gmail.com, Multiple Reflected XSS in ResAds version 1.0.1 WordPress plugin (26.10.2015)
 documentibemed_(at)_gmail.com, A Reflected XSS in Easy2Map version 1.2.9 WordPress plugin (26.10.2015)
 documentibemed_(at)_gmail.com, Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin (26.10.2015)
 documentDEBIAN, [SECURITY] [DSA 3369-1] zendframework security update (26.10.2015)
 documentibeptaz_(at)_gmail.com, [CVE-2015-7670] Multiple SQL Injection in Support Ticket System 1.2 WordPress plugin (26.10.2015)
 documentapparitionsec_(at)_gmail.com, Zope Management Interface CSRF vulnerabilities (26.10.2015)
 documentOnur Yilmaz, TestLink Security Advisory - SQL Injection Vulnerability - CVE-2015-7390 (26.10.2015)
 documentOnur Yilmaz, TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391 (26.10.2015)
 documentMatteo Beccati, [REVIVE-SA-2015-001] Revive Adserver - Multiple vulnerabilities (26.10.2015)
 documentVulnerability Lab, WebComIndia CMS 2015Q4 - Auth Bypass Vulnerability (26.10.2015)
 documentgrajalerts_(at)_gmail.com, CVE-2015-7377: Unauthenticated Reflected XSS in Pie Register WordPress Plugin (26.10.2015)
 documentgrajalerts_(at)_gmail.com, CVE-2015-7682: Multiple Blind SQL Injections in Pie Register WordPress Plugin (26.10.2015)
 documentgrajalerts_(at)_gmail.com, CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin (26.10.2015)
 documentwissam.bashour_(at)_helpag.com, Boolean-based SQL injection Vulnerability in K2 Platforms (26.10.2015)
 documentDEBIAN, [SECURITY] [DSA 3375-1] wordpress security update (26.10.2015)
 documentZoRLu Bugrahan, SiteWIX - (edit_photo2.php id) SQL Injection Exploit (26.10.2015)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities (26.10.2015)
 documentDavid Black, CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution (26.10.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod