Debian: DSA-1423-1 Critical: Sitebar Remote Threats Overview
debian
December 7, 2007
A directory traversal vulnerability in the translation module allows
remote authenticated users to chmod arbitrary files to 0777 via ".."
sequences in the lang parameter.
Summary
CVE-2007-5492
A static code injection vulnerability in the translation module allows
a remote authenticated user to execute arbitrary PHP code via the value
parameter.
CVE-2007-5693
An eval injection vulnerability in the translation module allows
remote authenticated users to execute arbitrary PHP code via the
edit parameter in an upd cmd action.
CVE-2007-5694
A path traversal vulnerability in the translation module allows
remote authenticated users to read arbitrary files via an absolute
path in the 'dir' parameter.
CVE-2007-5695
An error in command.php allows remote attackers to redirect users
to arbitrary web sites via the forward parameter in a Log In action.
CVE-2007-5692
Multiple cross site scripting flaws allow remote attackers to inject
arbitrary script or HTML fragments into several scripts.
For the stable distribution (etch), these problem have been fixed in version
3.3.8-7etch1.
For the old stable distribution (sarge), these ...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!