Giuseppe Iuculano
2009-Jun-30 15:18 UTC
[Secure-testing-team] Bug#535188: CVE-2008-6838, CVE-2008-6837: Cross-Site Scripting and SQL Injection Vulnerabilities
Package: zoph
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for zoph.
CVE-2008-6837[0]:
| SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to
| execute arbitrary SQL commands via unspecified vectors, a different
| issue than CVE-2008-3258. NOTE: the provenance of this information is
| unknown; the details are obtained solely from third party information.
CVE-2008-6838[1]:
| Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1
| allows remote attackers to inject arbitrary web script or HTML via the
| _off parameter. NOTE: the provenance of this information is unknown;
| the details are obtained solely from third party information.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6837
http://security-tracker.debian.net/tracker/CVE-2008-6837
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6838
http://security-tracker.debian.net/tracker/CVE-2008-6838
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpKLK4ACgkQNxpp46476apmpwCfRKu9hd55LmYzmyXgDqoFRl11
JcMAn3dL33VlWuQU//VUbN0wYPOvMK/+
=avJi
-----END PGP SIGNATURE-----