Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: bt1408.txt

phpwebsite (200309-03)






----- Original Message -----
From: "Daniel Ahlberg" <aliz@gentoo.org>
To: <gentoo-announce@gentoo.org>; <bugtraq@securityfocus.com>;
<full-disclosure@lists.netsys.com>
Sent: Tuesday, September 02, 2003 12:54 AM
Subject: GLSA: phpwebsite (200309-03)


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - - - --------------------------------------------------------------------
-
> GENTOO LINUX SECURITY ANNOUNCEMENT 200309-03
> - - - --------------------------------------------------------------------
-
>
> PACKAGE : phpwebsite
> SUMMARY : SQL Injection, DoS and XSS Vulnerabilities
> DATE : 2003-09-02 08:54 UTC
> EXPLOIT : remote
> VERSIONS AFFECTED : <phpwebsite-0.9.3_p1
> FIXED VERSION : >=phpwebsite-0.9.3_p1
> CVE :
>
> - - - --------------------------------------------------------------------
-
>
> phpwebsite contains an sql injection vulnerability in the calendar
> module which allows the attacker to execute sql queries.
>
> In addition phpwebsite is also vulnerable to XSS, more information
> can be found in the full advisory.
>
> Read the full advisory at:
> http://marc.theaimsgroup.com/?l=bugtraq&m=106062021711496&w=2
>
> SOLUTION
>
> It is recommended that all Gentoo Linux users who are running
> net-www/phpwebsite upgrade to phpwebsite-0.9.3_p1 as follows:
>
> emerge sync
> emerge phpwebsite
> emerge clean
>
> - - - --------------------------------------------------------------------
-
> aliz@gentoo.org - GnuPG key is available at http://dev.gentoo.org/~aliz
> - - - --------------------------------------------------------------------
-
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.3 (GNU/Linux)
>
> iD8DBQE/VFrGfT7nyhUpoZMRAoFSAKChf1ZjKu8R0JwnRbE3DEkFP4SJ5ACfQCnY
> XXjTcnVEuUXTG4YTF8EGpJ4=
> =JhXo
> -----END PGP SIGNATURE-----


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH