Cumin Multiple Remote Vulnerabilities

Cumin is prone to the following multiple vulnerabilities because it fails to sufficiently sanitize user-supplied input:

1. Multiple information-disclosure issues (CVE-2012-2680)
2. A security-bypass issue (CVE-2012-2681)
3. Multiple cross-site scripting issues (CVE-2012-2683)
4. An SQL-injection vulnerability (CVE-2012-2684)
5. A denial-of-service issue (CVE-2012-2685)
6. A cross-site request forgery issue (CVE-2012-2734)
7. A session-fixation vulnerability (CVE-2012-2735)

Exploiting these issues may allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, execute HTML and script code in the context of the affected site, steal cookie-based authentication credentials, control how the site is rendered to the user, bypass security restrictions, or perform denial-of-service attacks. Other attacks are also possible.

Note: Issues affecting Condor have been moved to BID 55632 for better documentation. The title and technical details have been changed accordingly.


Privacy Statement
Copyright 2010, SecurityFocus