3

Debian: 2009-1: tdiary: insufficient input sanitisi

view story

http://www.linuxsecurity.com LinuxSecurity.com: It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insuficient input sanitising in the TrackBack transmission plugin. [More...] (Security)
Debian: 2009-1: tdiary: insufficient input sanitisi

jiqi2's picture
Submitted by jiqi2 20 weeks 2 days ago – Made popular 20 weeks 2 days ago

Similar stories

Debian: 2020-1: ikiwiki: insufficient input sanitiza 18 weeks 5 days ago

LinuxSecurity.com: Ivan Shmakov discovered that the htmlscrubber component of ikwiki, a wiki compiler, performs insufficient input sanitization on data:image/svg+xml URIs. As these can contain script code this can be used by an attacker to conduct cross-site scripting attacks. [More...]

Debian: 2039-1: cacti: missing input sanitising 13 weeks 6 days ago

LinuxSecurity.com: It was discovered that Cacti, a frontend to rrdtool for monitoring systems and services missed input sanitising, making an SQL injection attack possible. [More...]

USN-885-1: Transmission vulnerabilities 28 weeks 18 hours ago

Referenced CVEs: 

CVE-2009-1757, CVE-2010-0012

Description: 

===========================================================
Ubuntu Security Notice USN-885-1 January 14, 2010
transmission vulnerabilities
CVE-2009-1757, CVE-2010-0012
==========================================

Debian: 2008-1: typo3-src Multiple Vulnerabilities 20 weeks 3 days ago

LinuxSecurity.com: Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked.

Ubuntu: 925-1: MoinMoin vulnerabilities 16 weeks 18 hours ago

LinuxSecurity.com: It was discovered that MoinMoin did not properly sanitize its input whenprocessing Despam actions, resulting in cross-site scripting (XSS)vulnerabilities. If a privileged wiki user were tricked into performingthe Despam action on a page with a crafted title, a remote attacker couldexploit this to execute JavaScript code. (CVE-2010-0828) [More...]

Pardus: 2010-79: Mono: Cross Site Scripting 6 weeks 3 days ago

LinuxSecurity.com: A default configuration of ASP.NET in Mono which allows Cross Site Scripting (XSS) attacks have been fixed.

Debian: 2030-1: mahara: sql injection 16 weeks 2 days ago

LinuxSecurity.com: It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names. [More...]

USN-856-1: CUPS vulnerability 37 weeks 2 days ago

Referenced CVEs: 

CVE-2009-2820

Description: 

===========================================================
Ubuntu Security Notice USN-856-1 November 10, 2009
cups, cupsys vulnerability
CVE-2009-2820
===========================================================

A security iss

Debian: 2062-1: sudo: missing input sanitization 6 weeks 1 day ago

LinuxSecurity.com: Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to [More...]