Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.01.2014
Source:
SecurityVulns ID:13507
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OWNCLOUD : owncloud 5.0
 INSTANTSOFT : InstantCMS 1.10
 MEDIAWIKI : mediawiki 1.20
 LIVEZILLA : LiveZilla 5.1
 HORIZON : QCMS 4.0
 BURDEN : Burden 1.8
 EDUTRAC : eduTrac 1.1
 WORDPRESS : Ad-minister 0.6
 WORDPRESS : AskApache 3.0
 WORDPRESS : WP-Cron Dashboard 1.1
 JOOMLA : MijoSearch 2.0
 1C : Bitrix Site Manager 12.5
 TYPO3 : TYPO3 6.1
 MUNIN : munin 2.0
 REVIVEADSERVER : Revive Adserver 3.0
 UNITEDSECURITYPR : Secure Entry Server 4.7
 JENKINS : Jenkins CI 1.523
 SAMSPADE : SAMSPADE 1.14
 VTIGER : Vtiger 5.4
 FLASHCANVAS : FlashCanvas 1.5
 APACHE : Solr 4.5
 CSP : CSP MySQL User Manager 2.3
 WORDPRESS : WordPress 3.7
 DEWPLAYER : Dewplayer 2.2
CVE:CVE-2013-7149 (SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.)
 CVE-2013-7139 (SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.)
 CVE-2013-7138 (Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.)
 CVE-2013-7137 (The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.)
 CVE-2013-7097 (Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.)
 CVE-2013-7081 (The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.)
 CVE-2013-7080 (The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment.")
 CVE-2013-7079 (Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2013-7078 (Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.)
 CVE-2013-7076 (Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-7075 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature.")
 CVE-2013-7074 (Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.)
 CVE-2013-7073 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.)
 CVE-2013-7034 (The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.)
 CVE-2013-7033 (LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.)
 CVE-2013-7032 (Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003.)
 CVE-2013-7003 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.)
 CVE-2013-6993 (Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php.)
 CVE-2013-6992 (Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php.)
 CVE-2013-6991 (Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php.)
 CVE-2013-6880
 CVE-2013-6879
 CVE-2013-6878
 CVE-2013-6839 (SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].)
 CVE-2013-6788 (The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.)
 CVE-2013-6408 (The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.)
 CVE-2013-6407 (The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
 CVE-2013-6403 (The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.)
 CVE-2013-6397 (Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.)
 CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.)
 CVE-2013-6048 (The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.)
 CVE-2013-5573 (Cross-site scripting (XSS) vulnerability in the default markup formatter in CloudBees Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.)
 CVE-2013-5573 (Cross-site scripting (XSS) vulnerability in the default markup formatter in CloudBees Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.)
 CVE-2013-4572
 CVE-2013-4568 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.)
 CVE-2013-4567 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.)
 CVE-2013-2764
 CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.)
 CVE-2013-2628 (Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.)
 CVE-2013-2627 (SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.)
Original documentdocumentMustLive, BF, LE and IAA vulnerabilities in InstantCMS (09.01.2014)
 documentMustLive, Information Leakage and Backdoor vulnerabilities in WordPress (09.01.2014)
 documentMustLive, CSRF, DoS and IL vulnerabilities in WordPress (09.01.2014)
 documentMustLive, URL Redirector Abuse and XSS vulnerabilities in WordPress (09.01.2014)
 documentMustLive, Vulnerabilities in Dewplayer (09.01.2014)
 documentMustLive, Vulnerabilities in plugins for WordPress, Joomla and Plone with Dewplayer (09.01.2014)
 documentcontact_(at)_hammamet-services.com, CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass (09.01.2014)
 documentNicolas Grégoire, Vulnerabilities in Apache Solr < 4.6.0 (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.1.0 Stored XSS in operator clients (09.01.2014)
 documentcode_(at)_7elements.co.uk, FlashCanvas 1.5 proxy.php XSS Vulnerability (09.01.2014)
 documentadvisories_(at)_enkomio.com, [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting (09.01.2014)
 documentvishal_mishra_(at)_live.com, SAMSPADE 1.14 BUFFER OVERFLOW (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.2.0 Insecure password storage (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.2.0 PHP Object Injection (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client (09.01.2014)
 documentAlexandre Herzog, [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities (09.01.2014)
 documentAlexandre Herzog, [CVE-2013-2764] Secure Entry Server - URL Redirection (09.01.2014)
 documentChristian Catalano, [CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms (09.01.2014)
 documentChristian Catalano, [CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin (09.01.2014)
 documentMANDRIVA, [ MDVSA-2013:289 ] owncloud (09.01.2014)
 documentMANDRIVA, [ MDVSA-2013:290 ] mediawiki (09.01.2014)
 documentMatteo Beccati, [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability (09.01.2014)
 documentMANDRIVA, [ MDVSA-2013:297 ] munin (09.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2834-1] typo3-src security update (09.01.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin (09.01.2014)
 documentHigh-Tech Bridge Security Research, Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin (09.01.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin (09.01.2014)
 documentHigh-Tech Bridge Security Research, XSS and Full Path Disclosure in MijoSearch Joomla Extension (09.01.2014)
 documentHigh-Tech Bridge Security Research, User Identity Spoofing in Bitrix Site Manager (09.01.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in InstantCMS (09.01.2014)
 documentHigh-Tech Bridge Security Research, Path Traversal in eduTrac (09.01.2014)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in Horizon QCMS (09.01.2014)
 documentHigh-Tech Bridge Security Research, Improper Authentication in Burden (09.01.2014)

hplip multiple security vulnerabilities
Published:09.01.2014
Source:
SecurityVulns ID:13508
Type:library
Threat Level:
5/10
Description:Symbolic links vulnerability, code execution, weak permissions.
Affected:HP : hplip 3.13
CVE:CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.)
 CVE-2013-6402 (base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.)
 CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.)
 CVE-2013-0200 (HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2829-1] hplip security update (09.01.2014)

IBM Web Content Manager information leakage
Published:09.01.2014
Source:
SecurityVulns ID:13509
Type:remote
Threat Level:
5/10
Description:It's possible to obtain configuration data.
Affected:IBM : WebSphere Portal 8.0
CVE:CVE-2013-6735 (IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.)
Original documentdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection (09.01.2014)

Hancom Office buffer overflow
Published:09.01.2014
Source:
SecurityVulns ID:13511
Type:local
Threat Level:
4/10
Description:Buffer overflow on HTML parsing.
Affected:HANCOM : Hancom Office 2010 SE
Original documentdocumentdiroverflow_(at)_gmail.com, Hancom Office '.hml' file heap-based buffer overflow (09.01.2014)

Evernote Android security vulnerabilities
Published:09.01.2014
Source:
SecurityVulns ID:13512
Type:local
Threat Level:
5/10
Description:Different protection bypass vulnerabilities.
Affected:EVERNOTE : Evernote for Android 5.5
CVE:CVE-2013-5116
 CVE-2013-5112
Original documentdocumentlists_(at)_c22.cc, [CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup) (09.01.2014)
 documentlists_(at)_c22.cc, [CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection (09.01.2014)

AppStore applications security vulnerabilities
Published:09.01.2014
Source:
SecurityVulns ID:13513
Type:client
Threat Level:
5/10
Description:Different iOS applications security vulnerabilities.
Affected:AIRGALLERY : Air Gallery 1.0
 APACHE : Solr 3.6
Original documentdocumentVulnerability Lab, Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities (09.01.2014)

IcoFX buffer overflow
Published:09.01.2014
Source:
SecurityVulns ID:13514
Type:local
Threat Level:
4/10
Description:Buffer overflow on .ICO files parsing.
Affected:ICOFX : IcoFX 2.5
CVE:CVE-2013-4988 (Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.)
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability (09.01.2014)

Android sandbox bypassing
Published:09.01.2014
Source:
SecurityVulns ID:13515
Type:library
Threat Level:
7/10
Description:It's possible to bypass sandbox restrictions via android.app.Fragment
Affected:ANDROID : Android 4.3
Original documentdocumentRoee Hay, Android Fragment Injection vulnerability (09.01.2014)
Files:Android collapses into Fragments

IBM Lotus Notes Traveler security vulnerabilities
Published:09.01.2014
Source:
SecurityVulns ID:13516
Type:remote
Threat Level:
6/10
Description:Crossite scripting, CSRF.
Affected:IBM : Lotus Notes Traveler 8.5
CVE:CVE-2012-4844 (Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-4842 (Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
Original documentdocumentMustLive, CSRF, XSS and Redirector vulnerabilities in IBM Lotus Notes Traveler (09.01.2014)

ATI video drivers DoS
Published:09.01.2014
Source:
SecurityVulns ID:13517
Type:client
Threat Level:
6/10
Description:Video driver vulnerability leads to system crash. Browser flash plugin may be used as an attack vector.
Original documentdocumentMustLive, DoS vulnerability in Adobe Flash Player (BSOD) (09.01.2014)

Apache Subversion security vulnerabilities
updated since 09.01.2014
Published:02.03.2014
Source:
SecurityVulns ID:13510
Type:remote
Threat Level:
5/10
Description:mod_dontdothat protection bypass, DoS.
Affected:APACHE : Subversion 1.8
CVE:CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.)
 CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.)
 CVE-2013-4558 (The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.)
 CVE-2013-4505 (The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.)
Original documentdocumentSLACKWARE, [slackware-security] subversion (SSA:2014-058-01) (02.03.2014)
 documentMANDRIVA, [ MDVSA-2013:288 ] subversion (09.01.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod