Web application abuses : Gogs >= 0.3.1, < 0.5.8 Multiple Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.105952

Categoría: Web application abuses

Título: Gogs >= 0.3.1, < 0.5.8 Multiple Vulnerabilities

Resumen: Gogs is prone to multiple vulnerabilities.

Descripción: Summary:
Gogs is prone to multiple vulnerabilities.

Vulnerability Insight:
The following flaws exist:

- CVE-2014-8681: SQL injection vulnerability in the GetIssues function in models/issue.go.

- CVE-2014-8682: Multiple SQL injection vulnerabilities in the q parameter of api/v1/repos/search,
which is not properly handled in models/repo.go and in api/v1/users/search, which is not properly
handled in models/user.go.

- CVE-2014-8683: Cross-site scripting (XSS) vulnerability in models/issue.go.

Vulnerability Impact:
Unauthenticated attackers can exploit these vulnerabilities to
perform an XSS attack or execute arbitrary SQL commands which may lead to a complete compromise of
the database.

Affected Software/OS:
Gogs versions starting with 0.3.1 and prior to 0.5.8.

Solution:
Update to version 0.5.8 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8681
http://www.exploit-db.com/exploits/35237
http://seclists.org/fulldisclosure/2014/Nov/31
http://packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.html
XForce ISS Database: gogs-cve20148681-sql-injection(98695)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98695
Common Vulnerability Exposure (CVE) ID: CVE-2014-8682
BugTraq ID: 71187
http://www.securityfocus.com/bid/71187
Bugtraq: 20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs (Google Search)
http://www.securityfocus.com/archive/1/533995/100/0/threaded
http://www.exploit-db.com/exploits/35238
http://seclists.org/fulldisclosure/2014/Nov/33
http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html
XForce ISS Database: gogs-cve20148682-sql-injection(98694)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98694
Common Vulnerability Exposure (CVE) ID: CVE-2014-8683
Bugtraq: 20141114 CVE-2014-8683 XSS in Gogs Markdown Renderer (Google Search)
http://www.securityfocus.com/archive/1/533996/100/0/threaded
http://seclists.org/fulldisclosure/2014/Nov/34
http://packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html
XForce ISS Database: gogs-cve20148683-xss(98693)
https://exchange.xforce.ibmcloud.com/vulnerabilities/98693

Copyright Copyright (C) 2015 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.105952
Categoría:	Web application abuses
Título:	Gogs >= 0.3.1, < 0.5.8 Multiple Vulnerabilities
Resumen:	Gogs is prone to multiple vulnerabilities.
Descripción:	Summary: Gogs is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2014-8681: SQL injection vulnerability in the GetIssues function in models/issue.go. - CVE-2014-8682: Multiple SQL injection vulnerabilities in the q parameter of api/v1/repos/search, which is not properly handled in models/repo.go and in api/v1/users/search, which is not properly handled in models/user.go. - CVE-2014-8683: Cross-site scripting (XSS) vulnerability in models/issue.go. Vulnerability Impact: Unauthenticated attackers can exploit these vulnerabilities to perform an XSS attack or execute arbitrary SQL commands which may lead to a complete compromise of the database. Affected Software/OS: Gogs versions starting with 0.3.1 and prior to 0.5.8. Solution: Update to version 0.5.8 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8681 http://www.exploit-db.com/exploits/35237 http://seclists.org/fulldisclosure/2014/Nov/31 http://packetstormsecurity.com/files/129116/Gogs-Label-Search-Blind-SQL-Injection.html XForce ISS Database: gogs-cve20148681-sql-injection(98695) https://exchange.xforce.ibmcloud.com/vulnerabilities/98695 Common Vulnerability Exposure (CVE) ID: CVE-2014-8682 BugTraq ID: 71187 http://www.securityfocus.com/bid/71187 Bugtraq: 20141114 CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs (Google Search) http://www.securityfocus.com/archive/1/533995/100/0/threaded http://www.exploit-db.com/exploits/35238 http://seclists.org/fulldisclosure/2014/Nov/33 http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html XForce ISS Database: gogs-cve20148682-sql-injection(98694) https://exchange.xforce.ibmcloud.com/vulnerabilities/98694 Common Vulnerability Exposure (CVE) ID: CVE-2014-8683 Bugtraq: 20141114 CVE-2014-8683 XSS in Gogs Markdown Renderer (Google Search) http://www.securityfocus.com/archive/1/533996/100/0/threaded http://seclists.org/fulldisclosure/2014/Nov/34 http://packetstormsecurity.com/files/129118/Gogs-Markdown-Renderer-Cross-Site-Scripting.html XForce ISS Database: gogs-cve20148683-xss(98693) https://exchange.xforce.ibmcloud.com/vulnerabilities/98693
Copyright	Copyright (C) 2015 Greenbone Networks GmbH