lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jan 2007 09:17:25 +0100 From: Matteo Beccati <php@...cati.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk, phpsec@...arch.com Cc: Jennifer Langdon <jennifer.langdon@...net>, Oliver George <oliver.george@...nads.org> Subject: [OPENADS-SA-2007-002] Max Media Manager v0.1.29 and v0.3.30 vulnerability fixed ======================================================================== Openads security advisory OPENADS-SA-2007-002 ------------------------------------------------------------------------ Advisory ID: OPENADS-SA-2007-002 Date: 2007-Jan-25 Security risk: low risk Applications affetced: Max Media Manager Versions affected: <= Max Media Manager v0.1.29-rc and v0.3.30-alpha Versions not affected: >= Max Media Manager v0.3.31-alpha-pr2 ======================================================================== ======================================================================== Vulnerability: Cross-site scripting ======================================================================== Description ----------- This is the description of the vulnerability recieved by JPCERT: "We have confirmed that in admin-search.php, scripts included in 'keyword' parameter is shown without proper sanitization thus the script could be executed. However a user needs to login the system as administrator, which makes the exploit technically difficult. If this vulnerability is exploited, by script execution, a user's session ID included in HTTP Cookie might be stolen. Also there's a risk that the contents of phpAdsNew are falsified temporarily." Note: Max Media Manager is derived from phpAdsNew and was affected by the same vulnerability. MMM v0.3.30-alpha also has affiliate-search.php which was vulnerable as well. References ---------- - JVN#07274813: http://jvn.jp/jp/JVN%2307274813/index.html Solution -------- - If you are running v0.3.x, upgrade to v0.3.30-alpha-pr2 - If you are running v0.1.x, a patch is available here: https://developer.openads.org/changeset/3919?format=zip&new=3919 Contact informations ==================== The security contact for Openads can be reached at: <security AT openads DOT org> Best regards -- Matteo Beccati http://www.openads.org http://phpadsnew.com http://phppgads.com
Powered by blists - more mailing lists