7 matches found
SixApart MovableType Storable Perl Code Execution (CVE-2015-1592)
A vulnerability was discovered in SixApart MovableType. This is due to a vulnerability of storable perl module. A remote attacker can exploit this weakness by execute arbitrary code via a crafted request...
SixApart MovableType Storable Perl Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SixApart MovableType Storable Perl Code Execution', 'Description' = %q This module exploits a serialization flaw in MovableType befo...
[SECURITY] [DSA 3183-1] movabletype-opensource security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3183-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 12, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3183-1] movabletype-opensource security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3183-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 12, 2015 http://www.debian.org/security/faq -...
[SECURITY] [DSA 3183-1] movabletype-opensource security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3183-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso March 12, 2015 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 3183-1 (movabletype-opensource - security update)
Multiple vulnerabilities have been discovered in Movable Type, a blogging system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2184 Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and...
CVE-2015-1592
CVE-2015-1592 affects Movable Type Pro/Open Source/Advanced before 5.2.12 and 6.0.x before 6.0.7. Root cause: improper use of Storable::thaw enabling remote inclusion and execution of arbitrary local Perl files via crafted input. Public references (Metasploit module, OpenVAS/Nessus entries, Debia...