-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-2211-1 secur...@debian.org
http://www.debian.org/security/Moritz Muehlenhoff
April 06, 2011
SEC Consult Vulnerability Lab Security Advisory 20110407-0
===
title: Libmodplug ReadS3M Stack Overflow
product: Libmodplug library
vulnerable version: 0.8.8.1
fixed version: 0.8.8.2
Vulnerability ID: HTB22921
Reference: http://www.htbridge.ch/advisory/sql_injection_in_viscacha.html
Product: Viscacha
Vendor: MaMo Net ( http://www.viscacha.org )
Vulnerable Version: 0.8.1
Vendor Notification: 24 March 2011
Vulnerability Type: SQL Injection
Risk level: High
Credit: High-Tech
Vulnerability ID: HTB22920
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_viscacha.html
Product: Viscacha
Vendor: MaMo Net ( http://www.viscacha.org )
Vulnerable Version: 0.8.1
Vendor Notification: 24 March 2011
Vulnerability Type: Path disclosure
Risk level: Low
Credit:
Vulnerability ID: HTB22918
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_phpcollab.html
Product: phpCollab
Vendor: phpCollab Team ( http://www.php-collab.org/ )
Vulnerable Version: 2.5 and probably prior versions
Vendor Notification: 24 March 2011
Vulnerability Type: Path