Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability alert 11166

SPIP: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of SPIP, in order to elevate his privileges, to obtain information, or to create a Cross Site Scripting.
Severity: 3/4.
Creation date: 17/11/2011.

Impacted products

Description of the vulnerability

Three vulnerabilities were announced in SPIP.

An unprivileged user can become an administrator. [severity:3/4; BID-50727, >]

An attacker can use an invalid query, in order to generate an error which displays the installation path of SPIP (VIGILANCE-VUL-11101). [severity:1/4; >]

An attacker can create a Cross Site Scripting in the exec_aide_index_dist() function. [severity:2/4; BID-50728, >]

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

SPIP: three vulnerabilities

Characteristics

Title: SPIP: three vulnerabilities.
Keywords: Cross SPIP Scripting Site exec_aide_index_dist three vulnerabilities.
Identifiers: BID-50727, BID-50728, DSA 2349-1, VIGILANCE-VUL-11166.

Information sources

Publications and announces

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : administrateur

An unprivileged user can become an administrator.
Severity: 3/4.
Identifiers: BID-50727.

Vulnerability : full path disclosure

An attacker can use an invalid query, in order to generate an error which displays the installation path of SPIP (VIGILANCE-VUL-11101).
Severity: 1/4.

Vulnerability : XSS

An attacker can create a Cross Site Scripting in the exec_aide_index_dist() function.
Severity: 2/4.
Identifiers: BID-50728.

Computer vulnerabilities tracking service

Vigil@nce provides an applications vulnerabilities watch. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française