CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2015-3458
https://notcve.org/view.php?id=CVE-2015-3458
The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files. La función fetchView en la clase Mage_Core_Block_Template_Zend en Magento Community Edition (CE) 1.9.1.0 y Enterprise Edition (EE) 1.14.1.0 no restringe el envoltorio de flujos utilizado en una ruta de plantilla, lo que permite a administradores remotos incluir y ejecutar ficheros PHP arbitrarios a través del envoltorio de flujos phar://, relacionado con la función setScriptPath. NOTA: no está claro si este problema cruza los límites de los privilegios, como los administradores podría ya tener los privilegios para incluir ficheros arbitrarios. • http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability http://magento.com/blog/technical/critical-security-advisory-remote-code-execution-rce-vulnerability http://www.securityfocus.com/bid/74412 http://www.securitytracker.com/id/1032230 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0CVE-2011-5240
https://notcve.org/view.php?id=CVE-2011-5240
Magento 1.5 and 1.6.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. Magento v1.5 y v1.6.2 no comprueba si el nombre del servidor coincide con un nombre de dominio en el Common Name (CN) del asunto o el campo subjectAltName del certificado X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario. • http://www.unrest.ca/peerjacking • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 9%CPEs: 2EXPL: 5CVE-2009-0541 – Magento 1.2 - '/app/code/core/Mage/Admin/Model/Session.php?login['Username']' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-0541
Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en Magento v1.2.0 y v1.2.1.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) el campo "username" en una petición admin/ a index.php, posiblemente relacionado con el parámetro "login[username]" y la función de login app/code/core/Mage/Admin/Model/Session.php; (2) al campo "email address" en una petición admin/index/forgotpassword/ a index.php, posiblemente relacionado con el parámetro "email" y la función app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction; o (3) el parámetro "return" a la URI por defecto bajo downloader/. Magento version 1.2.0 suffers from multiple cross site scripting vulnerabilities. • https://www.exploit-db.com/exploits/32808 https://www.exploit-db.com/exploits/32809 https://www.exploit-db.com/exploits/32810 http://archives.neohapsis.com/archives/fulldisclosure/2009-02/0257.html http://secunia.com/advisories/34000 http://securitytracker.com/id?1021746 http://www.securityfocus.com/bid/33872 https://exchange.xforce.ibmcloud.com/vulnerabilities/48876 https://exchange.xforce.ibmcloud.com/vulnerabilities/48877 https://exchange.xforce.ibmcloud.com/vulnerabilities/48878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •