[Secure-testing-team] Bug#582587: mydms: Directory transversal and CSRF vulnerabilities discovered in <= 1.7.2
Pedro R
pedrib at gmail.com
Sat May 22 00:18:34 UTC 2010
Package: mydms
Severity: grave
Tags: security
Justification: user security hole
Hi,
some rather serious security vulnerabilities have been discovered in MyDMS <=
1.7.2.
One of them is directory transversal and the other several cross site request
forgeries.
More information is here:
https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt
Regards,
Pedro
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (700, 'testing'), (650, 'unstable'), (600, 'experimental'), (500, 'testing-proposed-updates')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.34-toi-a4dj (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
More information about the Secure-testing-team
mailing list