lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <45B79F69.4030708@beccati.com>
Date: Wed, 24 Jan 2007 19:03:21 +0100
From: Matteo Beccati <php@...cati.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability
 fixed

========================================================================
Openads security advisory                            OPENADS-SA-2007-001
------------------------------------------------------------------------
Advisory ID:           OPENADS-SA-2007-001
Date:                  2007-Jan-24
Security risk:         low risk
Applications affetced: phpAdsNew, phpPgAds
Versions affected:     <= phpAdsNew 2.0.9-pr1, phpPgAds 2.0.9-pr1
Versions not affected: >= Openads 2.0.10, Openads for PostgreSQL 2.0.10
========================================================================


========================================================================
Vulnerability:  Cross-site scripting
========================================================================

Description
-----------
This is the description of the vulnerability recieved by JPCERT:

"We have confirmed that in admin-search.php, scripts included in
'keyword' parameter is shown without proper sanitization thus the
script could be executed.

However a user needs to login the system as administrator, which makes
the exploit technically difficult.

If this vulnerability is exploited, by script execution, a user's
session ID included in HTTP Cookie might be stolen. Also there's a risk
that the contents of phpAdsNew are falsified temporarily."

References
----------
- JVN#07274813: http://jvn.jp/jp/JVN%2307274813/index.html

Solution
--------
- The vulnerability was fixed in Openads and Openads for PostgreSQL
  2.0.10 (released on Jan 18th), but we suggest you to upgrade to
  Openads or Openads for PostgreSQL 2.0.11 released today.


Contact informations
====================

The security contact for Openads can be reached at:
<security AT openads DOT org>


Best regards
--
Matteo Beccati
http://www.openads.org
http://phpadsnew.com
http://phppgads.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ