Main Vulnerability Database SB2014102304

SB2014102304 - Input validation error in newtelligence dasBlog

Published: October 23, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014102304

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2014-7292)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx. <a href="http://cwe.mitre.org/data/definitions/601.html" target="_blank">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

Remediation

Install update from vendor's website.

SB2014102304 - Input validation error in newtelligence dasBlog

Breakdown by Severity

Description

Remediation

References

Please verify you're human