Pedro R
2010-May-22 00:18 UTC
[Secure-testing-team] Bug#582587: mydms: Directory transversal and CSRF vulnerabilities discovered in <= 1.7.2
Package: mydms Severity: grave Tags: security Justification: user security hole Hi, some rather serious security vulnerabilities have been discovered in MyDMS <1.7.2. One of them is directory transversal and the other several cross site request forgeries. More information is here: https://www.sec-consult.com/files/20100115-0_mydms_file_inclusion.txt Regards, Pedro -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (700, ''testing''), (650, ''unstable''), (600, ''experimental''), (500, ''testing-proposed-updates'') Architecture: amd64 (x86_64) Kernel: Linux 2.6.34-toi-a4dj (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash