Bug#226636: security bugs

To: 226636@bugs.debian.org
Subject: Bug#226636: security bugs
From: Stefan Fritsch <sf@sfritsch.de>
Date: Mon, 22 Aug 2005 00:04:53 +0200
Message-id: <[🔎] 200508220004.53513.sf@sfritsch.de>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 226636@bugs.debian.org

If PHPAdsNew ever gets included into Debian please make sure the 
following security bugs are fixed:

CAN-2005-2635: " Multiple directory traversal vulnerabilities in 
phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include 
arbitrary files via a .. (dot dot) in the (1) layerstyle parameter to 
adlayer.php or (2) language parameter to js-form.php."

CAN-2005-2636: " SQL injection vulnerability in 
lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows 
remote attackers to execute arbitrary SQL commands via the clientid 
parameter."

Reply to:

Prev by Date: Bug#273954: Still interested?
Next by Date: Bug#294352: CAN-2004-2473 symlink vulnerability
Previous by thread: Bug#273954: Still interested?
Next by thread: Bug#285161: marked as done (ITA: bbtime -- Time tool for the blackbox window manager)
Index(es):
- Date
- Thread