{"cve": [{"lastseen": "2016-09-03T17:17:53", "bulletinFamily": "NVD", "description": "The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.", "modified": "2013-05-03T00:00:00", "published": "2013-05-02T10:55:05", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5657", "id": "CVE-2012-5657", "title": "CVE-2012-5657", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-04-18T15:53:35", "bulletinFamily": "NVD", "description": "SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.", "modified": "2016-12-07T22:02:49", "published": "2013-01-03T23:46:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6496", "id": "CVE-2012-6496", "title": "CVE-2012-6496", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T17:16:31", "bulletinFamily": "NVD", "description": "The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to \"shell expansion.\"", "modified": "2014-02-06T23:43:30", "published": "2012-12-03T16:55:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5534", "id": "CVE-2012-5534", "type": "cve", "title": "CVE-2012-5534", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-08-29T12:17:54", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.", "modified": "2017-08-28T21:32:56", "published": "2014-03-24T12:43:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6430", "id": "CVE-2012-6430", "title": "CVE-2012-6430", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-04-18T15:53:35", "bulletinFamily": "NVD", "description": "The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.", "modified": "2016-12-07T22:02:50", "published": "2013-01-03T23:46:02", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6497", "id": "CVE-2012-6497", "title": "CVE-2012-6497", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-03T17:18:01", "bulletinFamily": "NVD", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6496, CVE-2012-6497. Reason: this candidate was intended for one issue, but the candidate was publicly used to label concerns about multiple products. Notes: All CVE users should consult CVE-2012-6496 and CVE-2012-6497 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "modified": "2013-01-08T00:08:45", "published": "2012-12-26T15:55:01", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5664", "id": "CVE-2012-5664", "title": "CVE-2012-5664", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-09-03T15:12:52", "bulletinFamily": "NVD", "description": "Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.", "modified": "2011-03-22T00:00:00", "published": "2011-03-16T18:55:04", "id": "CVE-2011-1428", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1428", "title": "CVE-2011-1428", "type": "cve", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-09-01T23:57:05", "bulletinFamily": "scanner", "description": "Two security issues have been discovered in WeeChat, a fast, light and\nextensible chat client:\n\nCVE-2011-1428 \nX.509 certificates were incorrectly validated.\n\nCVE-2012-5534 \nThe hook_process function in the plugin API allowed the execution\nof arbitrary shell commands.", "modified": "2018-04-06T00:00:00", "published": "2013-01-05T00:00:00", "id": "OPENVAS:1361412562310892598", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892598", "title": "Debian Security Advisory DSA 2598-1 (weechat - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2598.nasl 9353 2018-04-06 07:14:20Z cfischer $\n# Auto-generated from advisory DSA 2598-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"weechat on Debian Linux\";\ntag_insight = \"WeeChat (Wee Enhanced Environment for Chat) is a fast and light chat client\nfor many operating systems. Everything can be done with a keyboard.\nIt is customizable and extensible with plugins/scripts, and includes:\n\n- nicklist\n- smart hotlist\n- infobar with highlight notification\n- horizontal and vertical split\n- double charset support (decode/encode)\n- FIFO pipe for remote control\n- and much more!\";\ntag_solution = \"For the stable distribution (squeeze), these problems have been fixed in\nversion 0.3.2-1+squeeze1.\n\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 0.3.8-1+deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.3.9.2-1.\n\nWe recommend that you upgrade your weechat packages.\";\ntag_summary = \"Two security issues have been discovered in WeeChat, a fast, light and\nextensible chat client:\n\nCVE-2011-1428 \nX.509 certificates were incorrectly validated.\n\nCVE-2012-5534 \nThe hook_process function in the plugin API allowed the execution\nof arbitrary shell commands.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892598\");\n script_version(\"$Revision: 9353 $\");\n script_cve_id(\"CVE-2011-1428\", \"CVE-2012-5534\");\n script_name(\"Debian Security Advisory DSA 2598-1 (weechat - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2013-01-05 00:00:00 +0100 (Sat, 05 Jan 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2598.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"weechat\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-core\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-curses\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-dbg\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-dev\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-doc\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-plugins\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-core\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-curses\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-dbg\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-dev\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-doc\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-plugins\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:32", "bulletinFamily": "scanner", "description": "Two security issues have been discovered in WeeChat, a fast, light and\nextensible chat client:\n\nCVE-2011-1428 \nX.509 certificates were incorrectly validated.\n\nCVE-2012-5534 \nThe hook_process function in the plugin API allowed the execution\nof arbitrary shell commands.", "modified": "2017-07-07T00:00:00", "published": "2013-01-05T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892598", "id": "OPENVAS:892598", "title": "Debian Security Advisory DSA 2598-1 (weechat - several vulnerabilities)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2598.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2598-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"weechat on Debian Linux\";\ntag_insight = \"WeeChat (Wee Enhanced Environment for Chat) is a fast and light chat client\nfor many operating systems. Everything can be done with a keyboard.\nIt is customizable and extensible with plugins/scripts, and includes:\n\n- nicklist\n- smart hotlist\n- infobar with highlight notification\n- horizontal and vertical split\n- double charset support (decode/encode)\n- FIFO pipe for remote control\n- and much more!\";\ntag_solution = \"For the stable distribution (squeeze), these problems have been fixed in\nversion 0.3.2-1+squeeze1.\n\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 0.3.8-1+deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.3.9.2-1.\n\nWe recommend that you upgrade your weechat packages.\";\ntag_summary = \"Two security issues have been discovered in WeeChat, a fast, light and\nextensible chat client:\n\nCVE-2011-1428 \nX.509 certificates were incorrectly validated.\n\nCVE-2012-5534 \nThe hook_process function in the plugin API allowed the execution\nof arbitrary shell commands.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892598);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2011-1428\", \"CVE-2012-5534\");\n script_name(\"Debian Security Advisory DSA 2598-1 (weechat - several vulnerabilities)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-01-05 00:00:00 +0100 (Sat, 05 Jan 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2598.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"weechat\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-core\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-curses\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-dbg\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-dev\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-doc\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-plugins\", ver:\"0.3.2-1+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-core\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-curses\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-dbg\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-dev\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-doc\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"weechat-plugins\", ver:\"0.3.8-1+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:56:25", "bulletinFamily": "scanner", "description": "joernchen of Phenoelit discovered that rails, an MVC ruby based framework\ngeared for web application development, is not properly treating\nuser-supplied input to find_by_* \nmethods. Depending on how the\nruby on rails application is using these methods, this allows an attacker\nto perform SQL injection attacks, e.g., to bypass authentication if\nAuthlogic is used and the session secret token is known.", "modified": "2018-04-06T00:00:00", "published": "2013-01-04T00:00:00", "id": "OPENVAS:1361412562310892597", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892597", "title": "Debian Security Advisory DSA 2597-1 (rails - input validation error)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2597.nasl 9353 2018-04-06 07:14:20Z cfischer $\n# Auto-generated from advisory DSA 2597-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rails on Debian Linux\";\ntag_insight = \"Rails is a full-stack, open-source web framework in Ruby for writing\nreal-world applications.\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze4.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nruby-activerecord-2.3 version 2.3.14-3.\n\nWe recommend that you upgrade your rails/ruby-activerecord-2.3 packages.\";\ntag_summary = \"joernchen of Phenoelit discovered that rails, an MVC ruby based framework\ngeared for web application development, is not properly treating\nuser-supplied input to find_by_* \nmethods. Depending on how the\nruby on rails application is using these methods, this allows an attacker\nto perform SQL injection attacks, e.g., to bypass authentication if\nAuthlogic is used and the session secret token is known.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892597\");\n script_version(\"$Revision: 9353 $\");\n script_cve_id(\"CVE-2012-6497\", \"CVE-2012-6496\");\n script_name(\"Debian Security Advisory DSA 2597-1 (rails - input validation error)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name: \"creation_date\", value:\"2013-01-04 00:00:00 +0100 (Fri, 04 Jan 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2597.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:51:45", "bulletinFamily": "scanner", "description": "joernchen of Phenoelit discovered that rails, an MVC ruby based framework\ngeared for web application development, is not properly treating\nuser-supplied input to find_by_* \nmethods. Depending on how the\nruby on rails application is using these methods, this allows an attacker\nto perform SQL injection attacks, e.g., to bypass authentication if\nAuthlogic is used and the session secret token is known.", "modified": "2017-07-07T00:00:00", "published": "2013-01-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=892597", "id": "OPENVAS:892597", "title": "Debian Security Advisory DSA 2597-1 (rails - input validation error)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2597.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2597-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"rails on Debian Linux\";\ntag_insight = \"Rails is a full-stack, open-source web framework in Ruby for writing\nreal-world applications.\";\ntag_solution = \"For the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze4.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nruby-activerecord-2.3 version 2.3.14-3.\n\nWe recommend that you upgrade your rails/ruby-activerecord-2.3 packages.\";\ntag_summary = \"joernchen of Phenoelit discovered that rails, an MVC ruby based framework\ngeared for web application development, is not properly treating\nuser-supplied input to find_by_* \nmethods. Depending on how the\nruby on rails application is using these methods, this allows an attacker\nto perform SQL injection attacks, e.g., to bypass authentication if\nAuthlogic is used and the session secret token is known.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892597);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2012-6497\", \"CVE-2012-6496\");\n script_name(\"Debian Security Advisory DSA 2597-1 (rails - input validation error)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-01-04 00:00:00 +0100 (Fri, 04 Jan 2013)\");\n script_tag(name: \"cvss_base\", value:\"7.5\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2597.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libactionmailer-ruby\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionmailer-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionpack-ruby\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactionpack-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiverecord-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiveresource-ruby\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactiveresource-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libactivesupport-ruby1.9.1\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails-doc\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"rails-ruby1.8\", ver:\"2.3.5-1.2+squeeze4\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-02T14:33:30", "bulletinFamily": "scanner", "description": "Amazon Linux Local Security Checks", "modified": "2018-10-01T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120231", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120231", "title": "Amazon Linux Local Check: ALAS-2013-153", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: alas-2013-153.nasl 6577 2017-07-06 13:43:46Z cfischer$\n#\n# Amazon Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@iki.fi>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://ping-viini.org\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120231\");\n script_version(\"$Revision: 11703 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:20:58 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-01 10:05:31 +0200 (Mon, 01 Oct 2018) $\");\n script_name(\"Amazon Linux Local Check: ALAS-2013-153\");\n script_tag(name:\"insight\", value:\"The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.\");\n script_tag(name:\"solution\", value:\"Run yum update php-ZendFramework to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-153.html\");\n script_cve_id(\"CVE-2012-5657\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Amazon Linux Local Security Checks\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"AMAZON\")\n{\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Serializer-Adapter-Igbinary\", rpm:\"php-ZendFramework-Serializer-Adapter-Igbinary~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Db-Adapter-Pdo-Mysql\", rpm:\"php-ZendFramework-Db-Adapter-Pdo-Mysql~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-demos\", rpm:\"php-ZendFramework-demos~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Cache-Backend-Memcached\", rpm:\"php-ZendFramework-Cache-Backend-Memcached~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Search-Lucene\", rpm:\"php-ZendFramework-Search-Lucene~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Pdf\", rpm:\"php-ZendFramework-Pdf~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Captcha\", rpm:\"php-ZendFramework-Captcha~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Services\", rpm:\"php-ZendFramework-Services~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Ldap\", rpm:\"php-ZendFramework-Ldap~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Cache-Backend-Apc\", rpm:\"php-ZendFramework-Cache-Backend-Apc~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Auth-Adapter-Ldap\", rpm:\"php-ZendFramework-Auth-Adapter-Ldap~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-extras\", rpm:\"php-ZendFramework-extras~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Feed\", rpm:\"php-ZendFramework-Feed~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Db-Adapter-Pdo-Pgsql\", rpm:\"php-ZendFramework-Db-Adapter-Pdo-Pgsql~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Soap\", rpm:\"php-ZendFramework-Soap~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-full\", rpm:\"php-ZendFramework-full~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Dojo\", rpm:\"php-ZendFramework-Dojo~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Db-Adapter-Mysqli\", rpm:\"php-ZendFramework-Db-Adapter-Mysqli~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Cache-Backend-Libmemcached\", rpm:\"php-ZendFramework-Cache-Backend-Libmemcached~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework\", rpm:\"php-ZendFramework~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Db-Adapter-Pdo-Mssql\", rpm:\"php-ZendFramework-Db-Adapter-Pdo-Mssql~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework-Db-Adapter-Pdo\", rpm:\"php-ZendFramework-Db-Adapter-Pdo~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif ((res = isrpmvuln(pkg:\"php-ZendFramework\", rpm:\"php-ZendFramework~1.12.1~1.6.amzn1\", rls:\"AMAZON\")) != NULL) {\n security_message(data:res);\n exit(0);\n}\nif (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-23T13:09:55", "bulletinFamily": "scanner", "description": "Check for the Version of php-ZendFramework", "modified": "2018-01-23T00:00:00", "published": "2013-01-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865017", "id": "OPENVAS:865017", "title": "Fedora Update for php-ZendFramework FEDORA-2013-0061", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-ZendFramework FEDORA-2013-0061\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"php-ZendFramework on Fedora 16\";\ntag_insight = \"Extending the art & spirit of PHP, Zend Framework is based on simplicity,\n object-oriented best practices, corporate friendly licensing, and a rigorously\n tested agile code base. Zend Framework is focused on building more secure,\n reliable, and modern Web 2.0 applications & web services, and consuming widely\n available APIs from leading vendors like Google, Amazon, Yahoo!, Flickr, as\n well as API providers and catalogers like StrikeIron and ProgrammableWeb.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097131.html\");\n script_id(865017);\n script_version(\"$Revision: 8494 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 07:57:55 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:25:52 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-5657\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-0061\");\n script_name(\"Fedora Update for php-ZendFramework FEDORA-2013-0061\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-ZendFramework\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-ZendFramework\", rpm:\"php-ZendFramework~1.12.1~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-25T10:52:13", "bulletinFamily": "scanner", "description": "Check for the Version of php-ZendFramework", "modified": "2017-07-10T00:00:00", "published": "2013-01-21T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=865036", "id": "OPENVAS:865036", "title": "Fedora Update for php-ZendFramework FEDORA-2013-0063", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-ZendFramework FEDORA-2013-0063\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"php-ZendFramework on Fedora 18\";\ntag_insight = \"Extending the art & spirit of PHP, Zend Framework is based on simplicity,\n object-oriented best practices, corporate friendly licensing, and a rigorously\n tested agile code base. Zend Framework is focused on building more secure,\n reliable, and modern Web 2.0 applications & web services, and consuming widely\n available APIs from leading vendors like Google, Amazon, Yahoo!, Flickr, as\n well as API providers and catalogers like StrikeIron and ProgrammableWeb.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097117.html\");\n script_id(865036);\n script_version(\"$Revision: 6628 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:32:47 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:26:26 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-5657\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-0063\");\n script_name(\"Fedora Update for php-ZendFramework FEDORA-2013-0063\");\n\n script_summary(\"Check for the Version of php-ZendFramework\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-ZendFramework\", rpm:\"php-ZendFramework~1.12.1~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:56:02", "bulletinFamily": "scanner", "description": "Check for the Version of php-ZendFramework", "modified": "2018-04-06T00:00:00", "published": "2013-01-21T00:00:00", "id": "OPENVAS:1361412562310865036", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865036", "title": "Fedora Update for php-ZendFramework FEDORA-2013-0063", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-ZendFramework FEDORA-2013-0063\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"php-ZendFramework on Fedora 18\";\ntag_insight = \"Extending the art & spirit of PHP, Zend Framework is based on simplicity,\n object-oriented best practices, corporate friendly licensing, and a rigorously\n tested agile code base. Zend Framework is focused on building more secure,\n reliable, and modern Web 2.0 applications & web services, and consuming widely\n available APIs from leading vendors like Google, Amazon, Yahoo!, Flickr, as\n well as API providers and catalogers like StrikeIron and ProgrammableWeb.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097117.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865036\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:26:26 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-5657\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-0063\");\n script_name(\"Fedora Update for php-ZendFramework FEDORA-2013-0063\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of php-ZendFramework\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-ZendFramework\", rpm:\"php-ZendFramework~1.12.1~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-09-01T23:56:14", "bulletinFamily": "scanner", "description": "Check for the Version of php-ZendFramework", "modified": "2018-04-06T00:00:00", "published": "2013-01-21T00:00:00", "id": "OPENVAS:1361412562310865042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865042", "title": "Fedora Update for php-ZendFramework FEDORA-2013-0057", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-ZendFramework FEDORA-2013-0057\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"php-ZendFramework on Fedora 17\";\ntag_insight = \"Extending the art & spirit of PHP, Zend Framework is based on simplicity,\n object-oriented best practices, corporate friendly licensing, and a rigorously\n tested agile code base. Zend Framework is focused on building more secure,\n reliable, and modern Web 2.0 applications & web services, and consuming widely\n available APIs from leading vendors like Google, Amazon, Yahoo!, Flickr, as\n well as API providers and catalogers like StrikeIron and ProgrammableWeb.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097136.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.865042\");\n script_version(\"$Revision: 9372 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:56:37 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-01-21 09:26:36 +0530 (Mon, 21 Jan 2013)\");\n script_cve_id(\"CVE-2012-5657\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2013-0057\");\n script_name(\"Fedora Update for php-ZendFramework FEDORA-2013-0057\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of php-ZendFramework\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-ZendFramework\", rpm:\"php-ZendFramework~1.12.1~1.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-12-04T13:39:32", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-12-04T00:00:00", "published": "2012-11-26T00:00:00", "id": "OPENVAS:136141256231072600", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231072600", "title": "FreeBSD Ports: weechat", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_weechat.nasl 12634 2018-12-04 07:26:26Z cfischer $\n#\n# Auto generated from VID 81826d12-317a-11e2-9186-406186f3d89d\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.72600\");\n script_version(\"$Revision: 12634 $\");\n script_cve_id(\"CVE-2012-5534\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-04 08:26:26 +0100 (Tue, 04 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-11-26 12:47:32 -0500 (Mon, 26 Nov 2012)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: weechat\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following packages are affected:\n\n weechat, weechat-devel\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://weechat.org/security/\");\n script_xref(name:\"URL\", value:\"https://savannah.nongnu.org/bugs/?37764\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/81826d12-317a-11e2-9186-406186f3d89d.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"weechat\");\nif(!isnull(bver) && revcomp(a:bver, b:\"0.3.0\")>=0 && revcomp(a:bver, b:\"0.3.9.2\")<0) {\n txt += \"Package weechat version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\nbver = portver(pkg:\"weechat-devel\");\nif(!isnull(bver) && revcomp(a:bver, b:\"20121118\")<0) {\n txt += \"Package weechat-devel version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2018-10-16T22:12:56", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2598-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 05, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : weechat\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2011-1428 CVE-2012-5534\n\nTwo security issues have been discovered in Weechat a, fast, light and \nextensible chat client:\n\nCVE-2011-1428\n\n X.509 certificates were incorrectly validated.\n\nCVE-2012-5534\n\n The hook_process function in the plugin API allowed the execution\n of arbitrary shell commands.\n\nFor the stable distribution (squeeze), these problems have been fixed in\nversion 0.3.2-1+squeeze1.\n\nFor the testing distribution (wheezy), these problems have been fixed in\nversion 0.3.8-1+deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 0.3.9.2-1.\n\nWe recommend that you upgrade your weechat packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-01-05T12:40:34", "published": "2013-01-05T12:40:34", "id": "DEBIAN:DSA-2598-1:5B348", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00001.html", "title": "[SECURITY] [DSA 2598-1] weechat security update", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-16T22:13:12", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2602-1 security@debian.org\nhttp://www.debian.org/security/ Florian Weimer\nJanuary 08, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : zendframework\nVulnerability : XML external entity inclusion\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-5657\nDebian Bug : 696483\n\nYury Dyachenko discovered that Zend Framework uses the PHP XML parser\nin an insecure way, allowing attackers to open files and trigger HTTP\nrequests, potentially accessing restricted information.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.10.6-1squeeze2.\n\nFor the testing distribution (wheezy), this problem has been fixed in\nversion 1.11.13-1.1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 1.11.13-1.1.\n\nWe recommend that you upgrade your zendframework packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2013-01-08T18:23:26", "published": "2013-01-08T18:23:26", "id": "DEBIAN:DSA-2602-1:CCA6F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00005.html", "title": "[SECURITY] [DSA 2602-1] zendframework security update", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-10-16T22:13:26", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2597-1 security@debian.org\nhttp://www.debian.org/security/ Nico Golde\nJanuary 04, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nVulnerability : input validation error\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-5664\n\njoernchen of Phenoelit discovered that rails, an MVC ruby based framework\ngeared for web application development, is not properly treating\nuser-supplied input to "find_by_*" methods. Depending on how the ruby\non rails application is using these methods, this allows an attacker\nto perform SQL injection attacks, e.g., to bypass authentication if\nAuthlogic is used and the session secret token is known.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze4.\n\nFor the testing distribution (wheezy), this problem will be fixed soon.\n\nFor the unstable distribution (sid), this problem has been fixed in\nruby-activerecord-2.3 version 2.3.14-3.\n\n\nWe recommend that you upgrade your rails/ruby-activerecord-2.3 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n\n", "modified": "2013-01-04T22:17:32", "published": "2013-01-04T22:17:32", "id": "DEBIAN:DSA-2597-1:BA1DE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00000.html", "title": "[SECURITY] [DSA 2597-1] rails security update", "type": "debian", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2019-02-21T01:18:04", "bulletinFamily": "scanner", "description": "Two security issues have been discovered in WeeChat, a fast, light and extensible chat client :\n\n - CVE-2011-1428 X.509 certificates were incorrectly validated.\n\n - CVE-2012-5534 The hook_process function in the plugin API allowed the execution of arbitrary shell commands.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2598.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63383", "published": "2013-01-07T00:00:00", "title": "Debian DSA-2598-1 : weechat - several vulnerabilities", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2598. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63383);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2011-1428\", \"CVE-2012-5534\");\n script_bugtraq_id(46612, 56584);\n script_xref(name:\"DSA\", value:\"2598\");\n\n script_name(english:\"Debian DSA-2598-1 : weechat - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Two security issues have been discovered in WeeChat, a fast, light and\nextensible chat client :\n\n - CVE-2011-1428\n X.509 certificates were incorrectly validated.\n\n - CVE-2012-5534\n The hook_process function in the plugin API allowed the\n execution of arbitrary shell commands.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2011-1428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2012-5534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/weechat\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2598\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the weechat packages.\n\nFor the stable distribution (squeeze), these problems have been fixed\nin version 0.3.2-1+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:weechat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"weechat\", reference:\"0.3.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"weechat-core\", reference:\"0.3.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"weechat-curses\", reference:\"0.3.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"weechat-dbg\", reference:\"0.3.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"weechat-dev\", reference:\"0.3.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"weechat-doc\", reference:\"0.3.2-1+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"weechat-plugins\", reference:\"0.3.2-1+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:18:04", "bulletinFamily": "scanner", "description": "joernchen of Phenoelit discovered that rails, an MVC ruby based framework geared for web application development, is not properly treating user-supplied input to 'find_by_*' methods. Depending on how the ruby on rails application is using these methods, this allows an attacker to perform SQL injection attacks, e.g., to bypass authentication if Authlogic is used and the session secret token is known.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2597.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63382", "published": "2013-01-07T00:00:00", "title": "Debian DSA-2597-1 : rails - input validation error", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2597. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63382);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-6496\", \"CVE-2012-6497\");\n script_bugtraq_id(57084);\n script_xref(name:\"DSA\", value:\"2597\");\n\n script_name(english:\"Debian DSA-2597-1 : rails - input validation error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"joernchen of Phenoelit discovered that rails, an MVC ruby based\nframework geared for web application development, is not properly\ntreating user-supplied input to 'find_by_*' methods. Depending on how\nthe ruby on rails application is using these methods, this allows an\nattacker to perform SQL injection attacks, e.g., to bypass\nauthentication if Authlogic is used and the session secret token is\nknown.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2597\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the rails/ruby-activerecord-2.3 packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.3.5-1.2+squeeze4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libactionmailer-ruby\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionmailer-ruby1.8\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionpack-ruby\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactionpack-ruby1.8\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby1.8\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiverecord-ruby1.9.1\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiveresource-ruby\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactiveresource-ruby1.8\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby1.8\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libactivesupport-ruby1.9.1\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails-doc\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"rails-ruby1.8\", reference:\"2.3.5-1.2+squeeze4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:18:00", "bulletinFamily": "scanner", "description": "Fix arbitrary code execution due to call of shell when executing command within hook_process\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2012-18526.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63086", "published": "2012-11-29T00:00:00", "title": "Fedora 17 : weechat-0.3.8-4.fc17 (2012-18526)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-18526.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63086);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-5534\");\n script_bugtraq_id(56584);\n script_xref(name:\"FEDORA\", value:\"2012-18526\");\n\n script_name(english:\"Fedora 17 : weechat-0.3.8-4.fc17 (2012-18526)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix arbitrary code execution due to call of shell when executing\ncommand within hook_process\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=878025\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/093495.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?47b96b2d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected weechat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:weechat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"weechat-0.3.8-4.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"weechat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:18:00", "bulletinFamily": "scanner", "description": "Fix arbitrary code execution due to call of shell when executing command within hook_process\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-11-28T00:00:00", "id": "FEDORA_2012-18494.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63052", "published": "2012-11-27T00:00:00", "title": "Fedora 18 : weechat-0.3.8-4.fc18 (2012-18494)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-18494.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63052);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2018/11/28 22:47:44\");\n\n script_cve_id(\"CVE-2012-5534\");\n script_bugtraq_id(56584);\n script_xref(name:\"FEDORA\", value:\"2012-18494\");\n\n script_name(english:\"Fedora 18 : weechat-0.3.8-4.fc18 (2012-18494)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix arbitrary code execution due to call of shell when executing\ncommand within hook_process\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=878025\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-November/093260.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa45376d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected weechat package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:weechat\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/11/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"weechat-0.3.8-4.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"weechat\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:19:58", "bulletinFamily": "scanner", "description": "The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.", "modified": "2018-04-18T00:00:00", "id": "ALA_ALAS-2013-153.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=69712", "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : php-ZendFramework (ALAS-2013-153)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-153.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69712);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-5657\");\n script_xref(name:\"ALAS\", value:\"2013-153\");\n\n script_name(english:\"Amazon Linux AMI : php-ZendFramework (ALAS-2013-153)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in\nZend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow\nremote attackers to read arbitrary files, send HTTP requests to\nintranet servers, and possibly cause a denial of service (CPU and\nmemory consumption) via an XML External Entity (XXE) attack.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-153.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update php-ZendFramework' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Auth-Adapter-Ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Cache-Backend-Apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Cache-Backend-Libmemcached\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Cache-Backend-Memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Captcha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Db-Adapter-Mysqli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Db-Adapter-Pdo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Db-Adapter-Pdo-Mssql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Db-Adapter-Pdo-Mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Db-Adapter-Pdo-Pgsql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Dojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Feed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Search-Lucene\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Serializer-Adapter-Igbinary\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Services\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-Soap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:php-ZendFramework-full\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Auth-Adapter-Ldap-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Cache-Backend-Apc-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Cache-Backend-Libmemcached-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Cache-Backend-Memcached-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Captcha-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Db-Adapter-Mysqli-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Db-Adapter-Pdo-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Db-Adapter-Pdo-Mssql-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Db-Adapter-Pdo-Mysql-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Db-Adapter-Pdo-Pgsql-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Dojo-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Feed-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Ldap-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Pdf-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Search-Lucene-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Serializer-Adapter-Igbinary-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Services-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-Soap-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-demos-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-extras-1.12.1-1.6.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"php-ZendFramework-full-1.12.1-1.6.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-ZendFramework / php-ZendFramework-Auth-Adapter-Ldap / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:18:12", "bulletinFamily": "scanner", "description": "Fixes for security relevant issue CVE-2012-5657\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-0057.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63627", "published": "2013-01-21T00:00:00", "title": "Fedora 17 : php-ZendFramework-1.12.1-1.fc17 (2013-0057)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0057.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63627);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:55 $\");\n\n script_cve_id(\"CVE-2012-5657\");\n script_xref(name:\"FEDORA\", value:\"2013-0057\");\n\n script_name(english:\"Fedora 17 : php-ZendFramework-1.12.1-1.fc17 (2013-0057)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes for security relevant issue CVE-2012-5657\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=889037\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097136.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d8b54d4d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-ZendFramework package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ZendFramework\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"php-ZendFramework-1.12.1-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-ZendFramework\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:18:12", "bulletinFamily": "scanner", "description": "Fixes for security relevant issue CVE-2012-5657\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-0063.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63629", "published": "2013-01-21T00:00:00", "title": "Fedora 18 : php-ZendFramework-1.12.1-1.fc18 (2013-0063)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0063.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63629);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:55 $\");\n\n script_cve_id(\"CVE-2012-5657\");\n script_xref(name:\"FEDORA\", value:\"2013-0063\");\n\n script_name(english:\"Fedora 18 : php-ZendFramework-1.12.1-1.fc18 (2013-0063)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes for security relevant issue CVE-2012-5657\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=889037\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097117.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2b8eb4d2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-ZendFramework package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ZendFramework\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"php-ZendFramework-1.12.1-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-ZendFramework\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:18:07", "bulletinFamily": "scanner", "description": "Yury Dyachenko discovered that Zend Framework uses the PHP XML parser in an insecure way, allowing attackers to open files and trigger HTTP requests, potentially accessing restricted information.", "modified": "2018-11-10T00:00:00", "id": "DEBIAN_DSA-2602.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63433", "published": "2013-01-09T00:00:00", "title": "Debian DSA-2602-1 : zendframework - XML external entity inclusion", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2602. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63433);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/10 11:49:35\");\n\n script_cve_id(\"CVE-2012-5657\");\n script_bugtraq_id(56982);\n script_xref(name:\"DSA\", value:\"2602\");\n\n script_name(english:\"Debian DSA-2602-1 : zendframework - XML external entity inclusion\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Yury Dyachenko discovered that Zend Framework uses the PHP XML parser\nin an insecure way, allowing attackers to open files and trigger HTTP\nrequests, potentially accessing restricted information.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696483\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/zendframework\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2602\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the zendframework packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.10.6-1squeeze2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:zendframework\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"zendframework\", reference:\"1.10.6-1squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"zendframework-bin\", reference:\"1.10.6-1squeeze2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:18:12", "bulletinFamily": "scanner", "description": "Fixes for security relevant issue CVE-2012-5657\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2015-10-19T00:00:00", "id": "FEDORA_2013-0061.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=63628", "published": "2013-01-21T00:00:00", "title": "Fedora 16 : php-ZendFramework-1.12.1-1.fc16 (2013-0061)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-0061.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63628);\n script_version(\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2015/10/19 21:02:55 $\");\n\n script_cve_id(\"CVE-2012-5657\");\n script_xref(name:\"FEDORA\", value:\"2013-0061\");\n\n script_name(english:\"Fedora 16 : php-ZendFramework-1.12.1-1.fc16 (2013-0061)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes for security relevant issue CVE-2012-5657\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=889037\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097131.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a74a61b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-ZendFramework package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-ZendFramework\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/01/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"php-ZendFramework-1.12.1-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-ZendFramework\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-02-21T01:18:50", "bulletinFamily": "scanner", "description": "Updated php-ZendFramework packages fix security vulnerabilities :\n\nZend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc in Zend Framework before 1.11.13 and 1.12.0 are vulnerable to XML Entity Expansion (XEE) vectors, leading to Denial of Service vectors. XEE attacks occur when the XML DOCTYPE declaration includes XML entity definitions that contain either recursive or circular references; this leads to CPU and memory consumption, making Denial of Service exploits trivial to implement (ZF2012-02).\n\nA vulnerability was reported in Zend Framework versions prior to 1.11.15 and 1.12.1, which can be exploited to disclose certain sensitive information. This flaw is caused due to an error in the Zend_Feed_Rss and Zend_Feed_Atom classes of the Zend_Feed component, when processing XML data. It can be used to disclose the contents of certain local files by sending specially crafted XML data including external entity references (CVE-2012-5657, ZF2012-05).", "modified": "2019-01-02T00:00:00", "id": "MANDRIVA_MDVSA-2013-115.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=66127", "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : php-ZendFramework (MDVSA-2013:115)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:115. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(66127);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/01/02 16:37:54\");\n\n script_cve_id(\"CVE-2012-5657\");\n script_bugtraq_id(56982);\n script_xref(name:\"MDVSA\", value:\"2013:115\");\n script_xref(name:\"MGASA\", value:\"2012-0367\");\n\n script_name(english:\"Mandriva Linux Security Advisory : php-ZendFramework (MDVSA-2013:115)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated php-ZendFramework packages fix security vulnerabilities :\n\nZend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc in Zend Framework\nbefore 1.11.13 and 1.12.0 are vulnerable to XML Entity Expansion (XEE)\nvectors, leading to Denial of Service vectors. XEE attacks occur when\nthe XML DOCTYPE declaration includes XML entity definitions that\ncontain either recursive or circular references; this leads to CPU and\nmemory consumption, making Denial of Service exploits trivial to\nimplement (ZF2012-02).\n\nA vulnerability was reported in Zend Framework versions prior to\n1.11.15 and 1.12.1, which can be exploited to disclose certain\nsensitive information. This flaw is caused due to an error in the\nZend_Feed_Rss and Zend_Feed_Atom classes of the Zend_Feed component,\nwhen processing XML data. It can be used to disclose the contents of\ncertain local files by sending specially crafted XML data including\nexternal entity references (CVE-2012-5657, ZF2012-05).\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-Cache-Backend-Apc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-Cache-Backend-Memcached\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-Captcha\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-Dojo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-Feed\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-Gdata\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-Pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-Search-Lucene\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-Services\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-demos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-extras\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-ZendFramework-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-Cache-Backend-Apc-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-Cache-Backend-Memcached-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-Captcha-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-Dojo-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-Feed-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-Gdata-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-Pdf-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-Search-Lucene-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-Services-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-demos-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-extras-1.12.1-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"php-ZendFramework-tests-1.12.1-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "seebug": [{"lastseen": "2017-11-19T17:47:12", "bulletinFamily": "exploit", "description": "CVE ID:CVE-2012-6496\r\n\r\nRuby on Rails\u662f\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\uff0c\u6784\u5efa\u5728Ruby\u8bed\u8a00\u4e4b\u4e0a\u3002\r\nRuby on Rails Active Record\u7ec4\u4ef6\u5b58\u5728\u4e00\u4e2aSQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528"find_by_*"\u65b9\u6cd5\u8fdb\u884cSQL\u6ce8\u5165\u653b\u51fb\uff0c\u53ef\u83b7\u5f97\u654f\u611f\u4fe1\u606f\u6216\u63a7\u5236\u5e94\u7528\u7cfb\u7edf\u3002\r\n0\r\nRuby on Rails 3.0.x\r\nRuby on Rails 3.1.x\r\nRuby on Rails 3.2.x\r\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\nRuby on Rails 3.0.18\uff0c3.1.9\u548c3.2.10\u5df2\u7ecf\u4fee\u590d\u6b64\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u4f7f\u7528\uff1a\r\nhttp://www.ruby-lang.org", "modified": "2013-01-05T00:00:00", "published": "2013-01-05T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60557", "id": "SSV:60557", "title": "Ruby on Rails Active Record\u7ec4\u4ef6SQL\u6ce8\u5165\u6f0f\u6d1e(CVE-2012-6496)", "type": "seebug", "sourceData": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T17:47:22", "bulletinFamily": "exploit", "description": "CVE ID: CVE-2012-5664\r\n\r\nRuby on Rails\u662f\u4e00\u6b3eWeb\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\uff0c\u6784\u5efa\u5728Ruby\u8bed\u8a00\u4e4b\u4e0a\r\n\r\nAuthLogic gem\u5b9e\u73b0\u5b58\u5728\u4e00\u4e2aSQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u5982\u679cRuby on Rails\u5e94\u7528\u4f7f\u7528AuthLogic gem\u8fdb\u884c\u9a8c\u8bc1\uff0c\u5e76\u4e14\u653b\u51fb\u8005\u5728\u80fd\u8bbf\u95eeRails\u5e94\u7528\u7684\u79c1\u94a5\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u7ed5\u8fc7\u5b89\u5168\u9650\u5236\u8fdb\u884c\u672a\u6388\u6743\u8bbf\u95ee\r\n0\r\nRuby on Rails\r\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nRuby on Rails\r\n----------\r\n\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttp://rubygems.org/gems/authlogic", "modified": "2012-12-28T00:00:00", "published": "2012-12-28T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60546", "id": "SSV:60546", "title": "Ruby on Rails Authlogic gem SQL\u6ce8\u5165\u6f0f\u6d1e", "type": "seebug", "sourceData": "", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": ""}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2602-1 security@debian.org\r\nhttp://www.debian.org/security/ Florian Weimer\r\nJanuary 08, 2013 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : zendframework\r\nVulnerability : XML external entity inclusion\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-5657\r\nDebian Bug : 696483\r\n\r\nYury Dyachenko discovered that Zend Framework uses the PHP XML parser\r\nin an insecure way, allowing attackers to open files and trigger HTTP\r\nrequests, potentially accessing restricted information.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.10.6-1squeeze2.\r\n\r\nFor the testing distribution (wheezy), this problem has been fixed in\r\nversion 1.11.13-1.1.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 1.11.13-1.1.\r\n\r\nWe recommend that you upgrade your zendframework packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.10 (GNU/Linux)\r\n\r\niQEcBAEBAgAGBQJQ7Gb6AAoJEL97/wQC1SS+4U0H/2jTQI7RX2qiMTouR63726zq\r\napXl7/MH+DkXGxTzm+0gHAE5oPGv9xoSNw+TN9QS9ltGOnSJywEphDc5B3IthbSd\r\naD4lHXlFdu4EZqKTUrCKcWcxFQxoPbHdCkt/yCujkUF+KljHVLdx5mm7/+416NBV\r\nKrZHr7ni9Cekp6wWMj3zYE+mSGeBhgElvBBWAdDudMbtS7RlpqMqO3UhSdbM1mXz\r\n6sOzXCBWDEtCwrJM7LgCNZyJT8ZZPv/8A3l23r0uhA5Nw2sUs3k9GSUMd6aylJTe\r\nBgBKYYUiZRGoMxgBWyCgogTMh27G37A535haUUZGv93M0GyivlBVTkezZKwvzQs=\r\n=I6pV\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2013-01-10T00:00:00", "published": "2013-01-10T00:00:00", "id": "SECURITYVULNS:DOC:28944", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28944", "title": "[SECURITY] [DSA 2602-1] zendframework security update", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "description": "\r\n\r\nAdvisory ID: HTB23135\r\nProduct: Quick.Cms, Quick.Cart\r\nVendor: OpenSolution team\r\nVulnerable Version(s): Quick.Cms 5.0, Quick.Cart 6.0 and probably prior\r\nTested Version: Quick.Cms 5.0, Quick.Cart 6.0\r\nVendor Notification: December 19, 2012 \r\nVendor Patch: December 20, 2012 \r\nPublic Disclosure: January 9, 2013 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2012-6430\r\nCVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nRisk Level: Medium \r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks.\r\n\r\n\r\n1. Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430\r\n\r\nThe vulnerability exists due to insufficient filtration of user-supplied data in URI in the "admin.php" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the "alert()" JavaScript function to display administrator's cookies: \r\n\r\n\r\nhttp://[host]/admin.php/')"></select><script>alert(document.cookie);</script>/\r\n\r\n\r\nNevertheless, a remote attacker can create an exploit for this vulnerability to bypass application's CSRF protection mechanism based on the HTTP Referer header and get access to privileged functions of the application. To do so he have to trick a logged-in administrator to click on a malicious link with XSS exploit.\r\n\r\nPoC (Prof-of-Concept) code below will change administrator's password to "password":\r\n\r\nhttp://[host]/admin.php/')"></select><form action="http://[host]/admin.php%3fp=tools-config" method="post"><input type="hidden" name="login" value="login"><input type="hidden" name="pass" value="password"><input type="submit" id="btn" name="sOption"></form><script>document.getElementById('btn').click();</script>/\r\n\r\nSuccessful exploitation of the vulnerability requires that Apache directive "AcceptPathInfo" is set to "on" or "default" (default value is "default").\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nVendor fixed the vulnerabilities without adding information to Changelog. \r\nUpgrade to Quick.Cms 5.0 and Quick.Cart 6.0 released after December 19, 2012\r\n\r\nMore Information:\r\nhttp://opensolution.org/download,en,18.html?sDir=Quick.Cart\r\nhttp://opensolution.org/download,en,18.html?sDir=Quick.Cms\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nReferences:\r\n\r\n[1] High-Tech Bridge Advisory HTB23135 - https://www.htbridge.com/advisory/HTB23135 - Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart.\r\n[2] Quick.Cms and Quick.Cart - http://opensolution.org/ - Simple and easy to use or modify content management system (CMS) and shopping cart.\r\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\r\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nDisclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.\r\n", "modified": "2013-01-10T00:00:00", "published": "2013-01-10T00:00:00", "id": "SECURITYVULNS:DOC:28937", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28937", "title": "Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "exploitdb": [{"lastseen": "2016-02-04T07:33:47", "bulletinFamily": "exploit", "description": "Quick.Cms/Quick.Cart Cross Site Scripting Vulnerability. CVE-2012-6430. Webapps exploit for php platform", "modified": "2013-01-09T00:00:00", "published": "2013-01-09T00:00:00", "id": "EDB-ID:38207", "href": "https://www.exploit-db.com/exploits/38207/", "type": "exploitdb", "title": "Quick.Cms/Quick.Cart Cross Site Scripting Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/57254/info\r\n\r\nQuick.Cms and Quick.Cart are prone to a cross-site scripting vulnerability because they fail to sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.\r\n\r\nThe following products are vulnerable:\r\n\r\nQuick.Cms 5.0\r\nQuick.Cart 6.0 \r\n\r\nhttp://www.example.com/admin.php/')\"></select><script>alert(document.cookie);</script>/ ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/38207/"}], "amazon": [{"lastseen": "2018-10-02T16:55:09", "bulletinFamily": "unix", "description": "**Issue Overview:**\n\nThe (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service (CPU and memory consumption) via an XML External Entity (XXE) attack.\n\n \n**Affected Packages:** \n\n\nphp-ZendFramework\n\n \n**Issue Correction:** \nRun _yum update php-ZendFramework_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n noarch: \n php-ZendFramework-Serializer-Adapter-Igbinary-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Db-Adapter-Pdo-Mysql-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-demos-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Cache-Backend-Memcached-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Search-Lucene-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Pdf-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Captcha-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Services-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Ldap-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Cache-Backend-Apc-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Auth-Adapter-Ldap-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-extras-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Feed-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Db-Adapter-Pdo-Pgsql-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Soap-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-full-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Dojo-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Db-Adapter-Mysqli-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Cache-Backend-Libmemcached-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Db-Adapter-Pdo-Mssql-1.12.1-1.6.amzn1.noarch \n php-ZendFramework-Db-Adapter-Pdo-1.12.1-1.6.amzn1.noarch \n \n src: \n php-ZendFramework-1.12.1-1.6.amzn1.src \n \n \n", "modified": "2014-09-15T22:24:00", "published": "2014-09-15T22:24:00", "id": "ALAS-2013-153", "href": "https://alas.aws.amazon.com/ALAS-2013-153.html", "title": "Medium: php-ZendFramework", "type": "amazon", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "zdt": [{"lastseen": "2018-01-10T11:18:55", "bulletinFamily": "exploit", "description": "Quick.Cms version 5.0 and Quick.Cart version 6.0 suffer from a cross site scripting vulnerability.", "modified": "2013-01-10T00:00:00", "published": "2013-01-10T00:00:00", "id": "1337DAY-ID-20141", "href": "https://0day.today/exploit/description/20141", "type": "zdt", "title": "Quick.Cms 5.0 / Quick.Cart 6.0 Cross Site Scripting Vulnerability", "sourceData": "Product: Quick.Cms, Quick.Cart\r\nVendor: OpenSolution team\r\nVulnerable Version(s): Quick.Cms 5.0, Quick.Cart 6.0 and probably prior\r\nTested Version: Quick.Cms 5.0, Quick.Cart 6.0\r\nVendor Notification: December 19, 2012 \r\nVendor Patch: December 20, 2012 \r\nPublic Disclosure: January 9, 2013 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2012-6430\r\nCVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nRisk Level: Medium \r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks.\r\n\r\n\r\n1. Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430\r\n\r\nThe vulnerability exists due to insufficient filtration of user-supplied data in URI in the \"admin.php\" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the \"alert()\" JavaScript function to display administrator's cookies: \r\n\r\n\r\nhttp://[host]/admin.php/')\"></select><script>alert(document.cookie);</script>/\r\n\r\n\r\nNevertheless, a remote attacker can create an exploit for this vulnerability to bypass application's CSRF protection mechanism based on the HTTP Referer header and get access to privileged functions of the application. To do so he have to trick a logged-in administrator to click on a malicious link with XSS exploit.\r\n\r\nPoC (Prof-of-Concept) code below will change administrator's password to \"password\":\r\n\r\nhttp://[host]/admin.php/')\"></select><form action=\"http://[host]/admin.php%3fp=tools-config\" method=\"post\"><input type=\"hidden\" name=\"login\" value=\"login\"><input type=\"hidden\" name=\"pass\" value=\"password\"><input type=\"submit\" id=\"btn\" name=\"sOption\"></form><script>document.getElementById('btn').click();</script>/\r\n\r\nSuccessful exploitation of the vulnerability requires that Apache directive \"AcceptPathInfo\" is set to \"on\" or \"default\" (default value is \"default\").\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nVendor fixed the vulnerabilities without adding information to Changelog. \r\nUpgrade to Quick.Cms 5.0 and Quick.Cart 6.0 released after December 19, 2012\r\n\r\nMore Information:\r\nhttp://opensolution.org/download,en,18.html?sDir=Quick.Cart\r\nhttp://opensolution.org/download,en,18.html?sDir=Quick.Cms\r\n\r\n-----------------------------------------------------------------------------------------------\n\n# 0day.today [2018-01-10] #", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://0day.today/exploit/20141"}], "gentoo": [{"lastseen": "2016-09-06T19:46:00", "bulletinFamily": "unix", "description": "### Background\n\nActive Record is a Ruby gem that allows database entries to be manipulated as objects. \n\n### Description\n\nAn Active Record method parameter can mistakenly be used as a scope.\n\n### Impact\n\nA remote attacker could use specially crafted input to execute arbitrary SQL statements. \n\n### Workaround\n\nThe vulnerability may be mitigated by converting the input to an expected value. This is accomplished by changing instances of \u2018Post.find_by_id(params[:id])\u2019 in code using Active Record to \u2018Post.find_by_id(params[:id].to_s)\u2019 \n\n### Resolution\n\nAll Active Record users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-ruby/activerecord-2.3.14-r1\"", "modified": "2014-01-21T00:00:00", "published": "2014-01-21T00:00:00", "id": "GLSA-201401-22", "href": "https://security.gentoo.org/glsa/201401-22", "type": "gentoo", "title": "Active Record: SQL injection", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:58", "bulletinFamily": "unix", "description": "### Background\n\nWee Enhanced Environment for Chat (WeeChat) is a light and extensible console IRC client. \n\n### Description\n\nTwo vulnerabilities have been discovered in WeeChat:\n\n * The hook_process() function does not properly handle shell expansions (CVE-2012-5534). \n * WeeChat does not properly decode colors which could cause a heap-based buffer overflow (CVE-2012-5854). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted script or send messages with specially crafted colors, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll WeeChat users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-irc/weechat-0.3.9.2\"", "modified": "2014-05-03T00:00:00", "published": "2014-05-03T00:00:00", "id": "GLSA-201405-03", "href": "https://security.gentoo.org/glsa/201405-03", "type": "gentoo", "title": "WeeChat: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:24:56", "bulletinFamily": "exploit", "description": "", "modified": "2013-01-10T00:00:00", "published": "2013-01-10T00:00:00", "href": "https://packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-Site-Scripting.html", "id": "PACKETSTORM:119422", "type": "packetstorm", "title": "Quick.Cms 5.0 / Quick.Cart 6.0 Cross Site Scripting", "sourceData": "`Advisory ID: HTB23135 \nProduct: Quick.Cms, Quick.Cart \nVendor: OpenSolution team \nVulnerable Version(s): Quick.Cms 5.0, Quick.Cart 6.0 and probably prior \nTested Version: Quick.Cms 5.0, Quick.Cart 6.0 \nVendor Notification: December 19, 2012 \nVendor Patch: December 20, 2012 \nPublic Disclosure: January 9, 2013 \nVulnerability Type: Cross-Site Scripting [CWE-79] \nCVE Reference: CVE-2012-6430 \nCVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) \nSolution Status: Fixed by Vendor \nRisk Level: Medium \nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n \n----------------------------------------------------------------------------------------------- \n \nAdvisory Details: \n \nHigh-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks. \n \n \n1. Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430 \n \nThe vulnerability exists due to insufficient filtration of user-supplied data in URI in the \"admin.php\" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display administrator's cookies: \n \n \nhttp://[host]/admin.php/')\"></select><script>alert(document.cookie);</script>/ \n \n \nNevertheless, a remote attacker can create an exploit for this vulnerability to bypass application's CSRF protection mechanism based on the HTTP Referer header and get access to privileged functions of the application. To do so he have to trick a logged-in administrator to click on a malicious link with XSS exploit. \n \nPoC (Prof-of-Concept) code below will change administrator's password to \"password\": \n \nhttp://[host]/admin.php/')\"></select><form action=\"http://[host]/admin.php%3fp=tools-config\" method=\"post\"><input type=\"hidden\" name=\"login\" value=\"login\"><input type=\"hidden\" name=\"pass\" value=\"password\"><input type=\"submit\" id=\"btn\" name=\"sOption\"></form><script>document.getElementById('btn').click();</script>/ \n \nSuccessful exploitation of the vulnerability requires that Apache directive \"AcceptPathInfo\" is set to \"on\" or \"default\" (default value is \"default\"). \n \n----------------------------------------------------------------------------------------------- \n \nSolution: \n \nVendor fixed the vulnerabilities without adding information to Changelog. \nUpgrade to Quick.Cms 5.0 and Quick.Cart 6.0 released after December 19, 2012 \n \nMore Information: \nhttp://opensolution.org/download,en,18.html?sDir=Quick.Cart \nhttp://opensolution.org/download,en,18.html?sDir=Quick.Cms \n \n----------------------------------------------------------------------------------------------- \n \nReferences: \n \n[1] High-Tech Bridge Advisory HTB23135 - https://www.htbridge.com/advisory/HTB23135 - Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart. \n[2] Quick.Cms and Quick.Cart - http://opensolution.org/ - Simple and easy to use or modify content management system (CMS) and shopping cart. \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n \n----------------------------------------------------------------------------------------------- \n \nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/119422/quickcmscart-xss.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "htbridge": [{"lastseen": "2017-06-23T23:08:16", "bulletinFamily": "software", "description": "High-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks. \n \n1\\. Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430 \nThe vulnerability exists due to insufficient filtration of user-supplied data in URI in the \"admin.php\" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \nThe exploitation example below uses the \"alert()\" JavaScript function to display administrator's cookies: \nhttp://[host]/admin.php/')\"></select><script>alert(document.cookie);</script >/ \nNevertheless, a remote attacker can create an exploit for this vulnerability to bypass application's CSRF protection mechanism based on the HTTP Referer header and get access to privileged functions of the application. To do so he have to trick a logged-in administrator to click on a malicious link with XSS exploit. \nPoC (Prof-of-Concept) code below will change administrator's password to \"password\": \nhttp://[host]/admin.php/')\"></select><form action=\"http://[host]/admin.php%3fp=tools-config\" method=\"post\"><input type=\"hidden\" name=\"login\" value=\"login\"><input type=\"hidden\" name=\"pass\" value=\"password\"><input type=\"submit\" id=\"btn\" name=\"sOption\"></form><script>document.getElementById('btn').click();</scrip t>/ \nSuccessful exploitation of the vulnerability requires that Apache directive \"AcceptPathInfo\" is set to \"on\" or \"default\" (default value is \"default\").\n", "modified": "2012-12-20T00:00:00", "published": "2012-12-19T00:00:00", "id": "HTB23135", "href": "https://www.htbridge.com/advisory/HTB23135", "type": "htbridge", "title": "Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N/"}}], "suse": [{"lastseen": "2016-09-04T11:28:41", "bulletinFamily": "unix", "description": "- added weechat-fix-hook_process-shell-injection.patch\n which fixes a shell injection vulnerability in the\n hook_process function (bnc#790217, CVE-2012-5534)\n - added\n weechat-fix-buffer-overflow-in-irc-color-decoding.patch\n which fixes a heap-based overflow when decoding IRC\n colors in strings (bnc#789146, CVE-2012-5854)\n\n", "modified": "2013-01-23T14:05:56", "published": "2013-01-23T14:05:56", "id": "OPENSUSE-SU-2013:0150-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00018.html", "type": "suse", "title": "weechat (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T12:47:49", "bulletinFamily": "unix", "description": "This update updates the RubyOnRails 2.3 stack to 2.3.16.\n\n Security and bugfixes were done, foremost: CVE-2013-0333: A\n JSON sql/code injection problem was fixed. CVE-2012-5664: A\n SQL Injection Vulnerability in Active Record was fixed.\n CVE-2012-2695: A SQL injection via nested hashes in\n conditions was fixed. CVE-2013-0155: Unsafe Query\n Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:\n Multiple vulnerabilities in parameter parsing in Action\n Pack were fixed. CVE-2012-5664: options hashes should only\n be extracted if there are extra parameters CVE-2012-2695:\n Fix SQL injection via nested hashes in conditions\n CVE-2013-0156: Hash.from_xml raises when it encounters\n type="symbol" or type="yaml". Use Hash.from_trusted_xml to\n parse this XM\n\n", "modified": "2013-02-12T11:04:29", "published": "2013-02-12T11:04:29", "id": "OPENSUSE-SU-2013:0280-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00005.html", "type": "suse", "title": "ruby on rails to 2.3.16 (important)", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-04T11:59:55", "bulletinFamily": "unix", "description": "This update updates the RubyOnRails 2.3 stack to 2.3.16,\n also this update updates the RubyOnRails 3.2 stack to\n 3.2.11.\n\n Security and bugfixes were done, foremost: CVE-2013-0333: A\n JSON sql/code injection problem was fixed. CVE-2012-5664: A\n SQL Injection Vulnerability in Active Record was fixed.\n CVE-2012-2695: A SQL injection via nested hashes in\n conditions was fixed. CVE-2013-0155: Unsafe Query\n Generation Risk in Ruby on Rails was fixed. CVE-2013-0156:\n Multiple vulnerabilities in parameter parsing in Action\n Pack were fixed.\n\n", "modified": "2013-02-12T10:10:39", "published": "2013-02-12T10:10:39", "id": "OPENSUSE-SU-2013:0278-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00003.html", "title": "ruby on rails to 2.3.16 (important)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2016-09-26T17:24:33", "bulletinFamily": "unix", "description": "\nRuby on Rails team reports:\n\nThere is a SQL injection vulnerability in Active Record in ALL\n\t versions. Due to the way dynamic finders in Active Record extract\n\t options from method parameters, a method parameter can mistakenly\n\t be used as a scope. Carefully crafted requests can use the scope\n\t to inject arbitrary SQL.\n\n", "modified": "2013-01-02T00:00:00", "published": "2013-01-02T00:00:00", "href": "https://vuxml.freebsd.org/freebsd/b4051b52-58fa-11e2-853b-00262d5ed8ee.html", "id": "B4051B52-58FA-11E2-853B-00262D5ED8EE", "title": "rubygem-rails -- SQL injection vulnerability", "type": "freebsd", "cvss": {"score": 0.0, "vector": "NONE"}}]}