CVE-2009-1669 – Bitweaver 2.6 - 'saveFeed()' Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-1669
The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information. La función smarty_function_math en libs/plugins/function.math.php en Smarty v2.6.22 permite que atacantes, dependiendo del contexto, ejecutar comandos de su elección a través de metacaracteres en el atributo equation de la función math. NOTE: algunos de esos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/8659 http://osvdb.org/54380 http://secunia.com/advisories/35072 http://secunia.com/advisories/35219 http://www.securityfocus.com/bid/34918 http://www.ubuntu.com/usn/usn-791-3 https://exchange.xforce.ibmcloud.com/vulnerabilities/50457 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01274.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01283.html https://www.redhat.com/archives/fedora-package-announce • CWE-20: Improper Input Validation •
CVE-2008-4810
https://notcve.org/view.php?id=CVE-2008-4810
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;" and (2) a double quoted literal string, aka a "function injection security hole." NOTE: each vector affects slightly different SVN revisions. La función _expand_quoted_text en libs/Smarty_Compiler.class.php en Smarty 2.6.20 antes de r2797 permite a atacantes remotos ejecutar código PHP de su elección mediante vectores relacionados con plantillas y (1) un carácter del signo del dólar, también conocido como "php ejecutado en plantillas"; y (2) una cadena de un literal con dobles comillas, también conocido como "agujero de seguridad en inyección de función". NOTA: cada vector afecta de un modo ligeramente diferente a las revisiones SVN. • http://code.google.com/p/smarty-php/source/detail?r=2784&path=/trunk/libs/Smarty_Compiler.class.php http://code.google.com/p/smarty-php/source/detail?r=2797&path=/trunk/libs/Smarty_Compiler.class.php http://secunia.com/advisories/32329 http://securityvulns.ru/Udocument746.html http://smarty-php.googlecode.com/svn/trunk/NEWS http://www.debian.org/security/2008/dsa-1691 http://www.openwall.com/lists/oss-security/2008/10/25/2 http://www.securityfocus.com/bid/31862 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2008-4811
https://notcve.org/view.php?id=CVE-2008-4811
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character. La función _expand_quoted_text en libs/Smarty_Compiler.class.php en Smarty 2.6.20 r2797 y anteriores permite a atacantes remotos ejecutar código PHP de su elección mediante vectores relacionados con plantillas y una \ (barra invertida) antes de un carácter del signo del dólar. • http://secunia.com/advisories/32329 http://securityvulns.ru/Udocument746.html http://www.debian.org/security/2008/dsa-1691 http://www.openwall.com/lists/oss-security/2008/10/25/2 http://www.securityfocus.com/bid/31862 https://exchange.xforce.ibmcloud.com/vulnerabilities/46406 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-1066
https://notcve.org/view.php?id=CVE-2008-1066
The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string. La extensión modifier.regex_replace.php de Smarty before 2.6.19,utilizado como Serendipity (S9Y) y otros productos, permite a atacantes llamar a funciones PHP de su elección a través de plantillas, relacionado con un carácter '\0' en una cadena de búsqueda. • http://blog.s9y.org/archives/191-Serendipity-1.3-beta1-released.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html http://secunia.com/advisories/29241 http://secunia.com/advisories/29392 http://secunia.com/advisories/29398 http://secunia.com/advisories/29405 http://secunia.com/advisories/29562 http://secunia.com/advisories/29839 http://security.gentoo.org/glsa/glsa-201111-04.xml http://www.debian.org/security/2008/dsa-1520 http://www.phpinsider • CWE-20: Improper Input Validation •
CVE-2006-7193
https://notcve.org/view.php?id=CVE-2006-7193
PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant ** IMPUGNADO ** Vulnerabilidad de inclusión remota de archivo en PHP en unit_test/test_cases.php en Smarty 2.6.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro SMARTY_DIR. NOTA: esta vulnerabilidad se impugna por CVE y una tercera parte porque SMARTY_DIR es una constante. • http://marc.info/?l=bugtraq&m=116163668213491&w=2 http://marc.info/?l=bugtraq&m=116170769322920&w=2 http://osvdb.org/31096 https://exchange.xforce.ibmcloud.com/vulnerabilities/29739 •