[Secure-testing-team] Bug#530271: CVE-2009-1732, CVE-2009-1733
Giuseppe Iuculano
giuseppe at iuculano.it
Sat May 23 15:31:22 UTC 2009
Package: ipplan
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for ipplan.
CVE-2009-1732[0]:
| Cross-site scripting (XSS) vulnerability in admin/usermanager in IPlan
| 4.91a allows remote attackers to inject arbitrary web script or HTML
| via the grp parameter.
CVE-2009-1733[1]:
| Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows
| remote attackers to hijack the authentication of administrators for
| requests that (1) change the password, (2) add users, or (3) delete
| users via unknown vectors.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1732
http://security-tracker.debian.net/tracker/CVE-2009-1732
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1733
http://security-tracker.debian.net/tracker/CVE-2009-1733
http://holisticinfosec.org/content/view/113/45/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoYFsYACgkQNxpp46476apd+gCgnDQjebQhF8gaVx/CkQG4Uh1j
uN0An1q5D7MPVsn5wkC4pxidK5uVTuG7
=AFso
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list