Magento Multiple Vulnerabilities Fixed by CE 1.9.3 and EE 1.14.3
Description
(#Several vulnerabilities were reported in Magento:#- APPSEC-1484: remote code execution. Through some payment methods, it might be possible to execute arbitrary PHP code during the checkout##- APPSEC-1480: SQL injection. A remote attacker could exploit it by sending crafted requests that include SQL statements in order to modify or delete entries in some database tables. This vulnerability is due to improper user-supplied input validation##- APPSEC-1488: stored cross-site scripting. A remote attacker could exploit it by enticing their victim into following a specially formed link in order to execute arbitrary JavaScript or HTML code##- APPSEC-1247: information disclosure. An attacker, with admin privileges, could exploit it by using blocks in order to extract sensitive information from the cache and also execute arbitrary code##- APPSEC-1517: security bypass on certain configurations. A remote attacker could logged in only by knowing their victim addresses##- APPSEC-1375: remote code execution. An attacker, with admin access or having access to the import/export feature, could exploit it in order to execute arbitrary code. This vulnerability is due to improper validation of unserialized data supplied from the Admin dashboard##- APPSEC-1338: cache poisoning##- APPSEC-1436: cross-site scripting in URL processing. A remote attacker could exploit it by enticing their victim into following a specially formed link in order to execute arbitrary JavaScript or HTML code. This vulnerability is due to improper user-supplied input validation##- APPSEC-1211: cross-site scripting in categories management. An attacker with admin access to the catalog management could exploit it via a specially crafted category name in order to execute arbitrary HTML or JavaScript code in other parts of the Admin panel##- APPSEC-1058: denial of service. A remote attacker could exploit it by uploading a specially crafted GIF image in order to cause web site to be unavailable##- APPSEC-666: cross-site scripting in FLASH file uploader##- APPSEC-1282: security bypass. An attacker could exploit it via specially crafted strings in order to bypass anti cross-site scripting filters in some Admin features##- APPSEC-327: cross-site request forgery in several forms. A remote attacker could exploit it by enticing his victim into opening a specially crafted link in order to execute arbitrary command, with victim's privileges, on the web site. This vulnerability is due to improper validation of key/tokens forms##- APPSEC-1189: cross-site request forgery. A remote attacker could exploit it by enticing his victim to open a specially crafted link in order to execute arbitrary command, with victim's privileges, on the web site##- APPSEC-1478: session does not expire on logout. An attacker with physical access to their victim machine could exploit it by getting their cookies sessions in order log in the web site##- APPSEC-1106: information disclosure. An attacker, in man in the middle position, could exploit it in order to obtain sensitive information. This vulnerability is due to improper validation of certain certificates##- APPSEC-995: timing attack on hash checking. An attacker could exploit it in order to guess the hash type using by the password checking functionality.)
