Bug#226636: security bugs
If PHPAdsNew ever gets included into Debian please make sure the
following security bugs are fixed:
CAN-2005-2635: " Multiple directory traversal vulnerabilities in
phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include
arbitrary files via a .. (dot dot) in the (1) layerstyle parameter to
adlayer.php or (2) language parameter to js-form.php."
CAN-2005-2636: " SQL injection vulnerability in
lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows
remote attackers to execute arbitrary SQL commands via the clientid
parameter."
Reply to: