4

Debian: 2030-1: mahara: sql injection

view full story
linux-howto

http://www.linuxsecurity.com – LinuxSecurity.com: It was discovered that mahara, an electronic portfolio, weblog, and resume builder is not properly escaping input when generating a unique username based on a remote user name from a single sign-on application. An attacker can use this to compromise the mahara database via crafted user names. [More...] (Security)

xskl's picture
Submitted by xskl on 04/06/2010 – Made popular on 04/06/2010

Stories similar to Debian: 2030-1: mahara: sql injection

LinuxSecurity.com: It was discovered that MoinMoin did not properly sanitize its input whenprocessing Despam actions, resulting in cross-site scripting (XSS)vulnerabilities. If a privileged wiki user were tricked into performingthe Despam action on a page with a crafted title, a remote attacker couldexploit this to execute JavaScript code. (CVE-2010-0828) [More...]

LinuxSecurity.com: It was discovered that the JasPer JPEG-2000 runtime library allowed an attacker to create a crafted input file that could lead to denial of service and heap corruption. [More...]

Referenced CVEs: 

CVE-2008-3529, CVE-2009-2414, CVE-2009-2416

Description: 

=========================================================== Ubuntu Security Notice USN-815-1 August 11, 2009 libxml2 vulnerabilities CVE-2008-3529, CVE-2009-2414, CVE-2009-2416 ==================

LinuxSecurity.com: It was discovered that ClamAV did not properly verify its input whenprocessing CAB files. A remote attacker could send a specially craftedCAB file to evade malware detection. (CVE-2010-0098) [More...]

LinuxSecurity.com: It was discovered that libpng did not properly initialize memory whendecoding certain 1-bit interlaced images. If a user or automated systemwere tricked into processing crafted PNG images, an attacker could possiblyuse this flaw to read sensitive information stored in memory. This issueonly affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042) [More...]

LinuxSecurity.com: It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insuficient input sanitising in the TrackBack transmission plugin. [More...]

Referenced CVEs: 

CVE-2008-2955, CVE-2009-1376, CVE-2009-2703, CVE-2009-3026, CVE-2009-3083, CVE-2009-3085, CVE-2009-3615, CVE-2010-0013

Description: 

=========================================================== Ubuntu Security Notice USN-886-1 January 18, 2010 pidgin vuln

Referenced CVEs: 

CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386, CVE-2009-1387

Description: 

=========================================================== Ubuntu Security Notice USN-792-1 June 25, 2009 openssl vulnerabilities CVE-2009-1377, CVE-2009-1378, CV

USN-871-1: KDE vulnerabilities 3 years 23 weeks ago

Referenced CVEs: 

CVE-2009-0689

Description: 

=========================================================== Ubuntu Security Notice USN-871-1 December 11, 2009 kdelibs vulnerabilities CVE-2009-0689 ===========================================================

A security issue