CVE-2013-4557
https://notcve.org/view.php?id=CVE-2013-4557
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter. Security Screen (_core_/securite/ecran_securite.php) anterior a la versión 1.1.8 para SPIP, tal y como se usa en SPIP 3.0.x anterior a 3.0.12, permite a atacantes remotos ejecutar PHP arbitrario a través del parámetro connect. • http://secunia.com/advisories/55551 http://www.openwall.com/lists/oss-security/2013/11/10/4 http://www.securitytracker.com/id/1029317 http://www.spip.net/fr_article5646.html http://www.spip.net/fr_article5648.html http://zone.spip.org/trac/spip-zone/changeset/75105/_core_/securite/ecran_securite.php https://www.debian.org/security/2013/dsa-2794 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-4556
https://notcve.org/view.php?id=CVE-2013-4556
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter. Vulnerabilidad de XSS en la página de autor (prive/formulaires/editer_auteur.php) de SPIP anterior a la versión 2.1.24 y 3.0.x anterior a 3.0.12 permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro url_site. • http://core.spip.org/projects/spip/repository/revisions/20879 http://core.spip.org/projects/spip/repository/revisions/20880 http://secunia.com/advisories/55551 http://www.openwall.com/lists/oss-security/2013/11/10/4 http://www.securitytracker.com/id/1029317 http://www.spip.net/fr_article5646.html http://www.spip.net/fr_article5648.html https://www.debian.org/security/2013/dsa-2794 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2118 – SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2013-2118
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php. SPIP v3.0.x anteriores a v3.0.9, v2.1.x anteriores a v2.1.22, y v2.0.x anteriores a v2.0.23 permiten a atacantes remotos obtener privilegios y tomar control editorial" a través de vectores relacionados con ecrire/inc/filtres.php. • https://www.exploit-db.com/exploits/33425 http://contrib.spip.net/SPIP-3-0-9-2-1-22-2-0-23-corrections-de-bug-et-faille?lang=fr http://core.spip.org/projects/spip/repository/revisions/20541 http://www.debian.org/security/2013/dsa-2694 http://www.openwall.com/lists/oss-security/2013/05/27/2 •
CVE-2012-2151
https://notcve.org/view.php?id=CVE-2012-2151
Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en SPIP v1.9.x antes de v1.9.2.o, v2.0.x antes de v2.0.18, y v2.1.x antes de v2.1.13 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7 http://secunia.com/advisories/48939 http://www.debian.org/security/2012/dsa-2461 http://www.openwall.com/lists/oss-security/2012/04/30/4 http://www.openwall.com/lists/oss-security/2012/05/01/4 http://www.osvdb.org/81473 http://www.securityfocus.com/bid/53216 http://www.securitytracker.com/id?1026970 https://exchange.xforce.ibmcloud.com/vulnerabilities/75104 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4331
https://notcve.org/view.php?id=CVE-2012-4331
Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151. Múltiples vulnerabilidades no especificadas en SPIP antes de v1.9.2.o, v2.0.x antes de v2.0.18 y v2.1.x antes de v2.1.13 tienen un impacto desconocido y vectores de ataque que no están relacionados con secuencias de comandos entre sitios (XSS). Se trata de vulnerabilidades diferentes a las de CVE-2012-2151. • http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7 http://www.securitytracker.com/id?1026970 •