movabletype-opensource: multiple vulnerabilities
| Package(s): | movabletype-opensource | CVE #(s): | CVE-2013-2184 CVE-2014-9057 CVE-2015-1592 | ||||
| Created: | March 13, 2015 | Updated: | March 18, 2015 | ||||
| Description: | From the Debian advisory: CVE-2013-2184 - Unsafe use of Storable::thaw in the handling of comments to blog posts could allow remote attackers to include and execute arbitrary local Perl files or possibly remotely execute arbitrary code. CVE-2014-9057 - Netanel Rubin from Check Point Software Technologies discovered a SQL injection vulnerability in the XML-RPC interface allowing remote attackers to execute arbitrary SQL commands. CVE-2015-1592 - The Perl Storable::thaw function is not properly used, allowing remote attackers to include and execute arbitrary local Perl files and possibly remotely execute arbitrary code. | ||||||
| Alerts: |
| ||||||