Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-3183-1
HistoryMar 12, 2015 - 12:00 a.m.

movabletype-opensource - security update

2015-03-1200:00:00
Google
osv.dev
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Multiple vulnerabilities have been discovered in Movable Type, a
blogging system. The Common Vulnerabilities and Exposures project
identifies the following problems:

  • CVE-2013-2184
    Unsafe use of Storable::thaw in the handling of comments to blog
    posts could allow remote attackers to include and execute arbitrary
    local Perl files or possibly remotely execute arbitrary code.
  • CVE-2014-9057
    Netanel Rubin from Check Point Software Technologies discovered a
    SQL injection vulnerability in the XML-RPC interface allowing
    remote attackers to execute arbitrary SQL commands.
  • CVE-2015-1592
    The Perl Storable::thaw function is not properly used, allowing
    remote attackers to include and execute arbitrary local Perl files
    and possibly remotely execute arbitrary code.

For the stable distribution (wheezy), these problems have been fixed in
version 5.1.4+dfsg-4+deb7u2.

We recommend that you upgrade your movabletype-opensource packages.

Related

debian 2
nessus 2
openvas 5
securityvulns 2
checkpoint_advisories 2
prion 3
cve 3
ubuntucve 3
packetstorm 1
debian
debian
[SECURITY] [DSA 3183-1] movabletype-opensource security update
2015-03-12 15:22:32
[SECURITY] [DSA 3183-1] movabletype-opensource security update
2015-03-12 15:22:32
nessus
nessus
Debian DSA-3183-1 : movabletype-opensource - security update
2015-03-13 00:00:00
Movable Type 5.2.X < 5.2.6 Unspecified Vulnerability
2013-07-24 00:00:00
openvas
openvas
Debian Security Advisory DSA 3183-1 (movabletype-opensource - security update)
2015-03-12 00:00:00
Debian: Security Advisory (DSA-3183-1)
2015-03-11 00:00:00
Movable Type SQL Injection Vulnerability
2015-05-27 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3183-1] movabletype-opensource security update
2015-03-23 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2015-03-23 00:00:00
checkpoint_advisories
checkpoint_advisories
MovableType Unsanitized Input SQL Injection (CVE-2014-9057)
2014-12-03 00:00:00
SixApart MovableType Storable Perl Code Execution (CVE-2015-1592)
2016-09-26 00:00:00
prion
prion
Sql injection
2014-12-16 18:59:00
Code injection
2015-03-27 14:59:00
Code injection
2015-02-19 15:59:00
cve
cve
CVE-2014-9057
2014-12-16 18:59:00
CVE-2013-2184
2015-03-27 14:59:00
CVE-2015-1592
2015-02-19 15:59:00
ubuntucve
ubuntucve
CVE-2014-9057
2014-12-16 00:00:00
CVE-2015-1592
2015-02-19 00:00:00
CVE-2013-2184
2015-03-27 00:00:00
packetstorm
packetstorm
SixApart MovableType Storable Perl Code Execution
2015-05-11 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-3183-1
debian2nessus2openvas5securityvulns2checkpoint_advisories2prion3cve3ubuntucve3packetstorm1