[Frugalware-git] homepage-ng: FSA385-cacti

Sat, 08 Mar 2008 15:48:33 -0800 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=cded294c7f9f4fafe14244b1ebc79fafd02e1773

commit cded294c7f9f4fafe14244b1ebc79fafd02e1773
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date:   Sun Mar 9 00:48:24 2008 +0100

FSA385-cacti

diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml
index 94fe94f..d650713 100644
--- a/frugalware/xml/security.xml
+++ b/frugalware/xml/security.xml
@@ -27,6 +27,23 @@

<fsas>
<fsa>
+               <id>385</id>
+               <date>2008-03-09</date>
+               <author>vmiklos</author>
+               <package>cacti</package>
+               <vulnerable>0.8.6j-3terminus1</vulnerable>
+               <unaffected>0.8.6j-4sayshell1</unaffected>
+               <bts>http://bugs.frugalware.org/task/2772</bts>
+               <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0783
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0784
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0785
+                       
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0786</cve>
+               <desc>Some vulnerabilities have been reported in Cacti, which 
can be exploited by malicious people to conduct HTTP response splitting, 
cross-site scripting, and SQL injection attacks.
+                       1) Input passed to unspecified parameters is not 
properly sanitised before being used in SQL queries. This can be exploited to 
manipulate SQL queries by injecting arbitrary SQL code.
+                       2) Input passed to unspecified parameters is not 
properly sanitised before being returned to the user. This can be exploited to 
execute arbitrary HTML and script code in a user's browser session in context 
of an affected site.
+                       3) Input passed to unspecified parameters is not 
properly sanitised before being returned to the user. This can be exploited to 
insert arbitrary HTTP headers, which will be included in a response sent to the 
user, allowing for execution of arbitrary HTML and script code in a user's 
browser session in context of an affected site.</desc>
+       </fsa>
+       <fsa>
<id>384</id>
<date>2008-03-09</date>
<author>vmiklos</author>
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to