thr3ads.net - Secure testing team - [Secure-testing-team] Bug#530271: CVE-2009-1732, CVE-2009-1733 [May 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-May-23 15:31 UTC

[Secure-testing-team] Bug#530271: CVE-2009-1732, CVE-2009-1733

Package: ipplan
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for ipplan.

CVE-2009-1732[0]:
| Cross-site scripting (XSS) vulnerability in admin/usermanager in IPlan
| 4.91a allows remote attackers to inject arbitrary web script or HTML
| via the grp parameter.

CVE-2009-1733[1]:
| Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows
| remote attackers to hijack the authentication of administrators for
| requests that (1) change the password, (2) add users, or (3) delete
| users via unknown vectors.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1732
    http://security-tracker.debian.net/tracker/CVE-2009-1732
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1733
    http://security-tracker.debian.net/tracker/CVE-2009-1733

    http://holisticinfosec.org/content/view/113/45/
    

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoYFsYACgkQNxpp46476apd+gCgnDQjebQhF8gaVx/CkQG4Uh1j
uN0An1q5D7MPVsn5wkC4pxidK5uVTuG7
=AFso
-----END PGP SIGNATURE-----

Secure testing team - May 2009 - Bug#530271: CVE-2009-1732, CVE-2009-1733

[Secure-testing-team] Bug#530271: CVE-2009-1732, CVE-2009-1733