[Secure-testing-team] Bug#535188: CVE-2008-6838, CVE-2008-6837: Cross-Site Scripting and SQL Injection Vulnerabilities
Giuseppe Iuculano
giuseppe at iuculano.it
Tue Jun 30 15:18:10 UTC 2009
Package: zoph
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for zoph.
CVE-2008-6837[0]:
| SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to
| execute arbitrary SQL commands via unspecified vectors, a different
| issue than CVE-2008-3258. NOTE: the provenance of this information is
| unknown; the details are obtained solely from third party information.
CVE-2008-6838[1]:
| Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1
| allows remote attackers to inject arbitrary web script or HTML via the
| _off parameter. NOTE: the provenance of this information is unknown;
| the details are obtained solely from third party information.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6837
http://security-tracker.debian.net/tracker/CVE-2008-6837
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6838
http://security-tracker.debian.net/tracker/CVE-2008-6838
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpKLK4ACgkQNxpp46476apmpwCfRKu9hd55LmYzmyXgDqoFRl11
JcMAn3dL33VlWuQU//VUbN0wYPOvMK/+
=avJi
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list