diff options
author | miwi <miwi@FreeBSD.org> | 2008-10-26 04:13:07 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2008-10-26 04:13:07 +0800 |
commit | 48f2d2b9042f9b2c13aedce44f658d16199664e0 (patch) | |
tree | b5607e8765ed9793fd325abd451a8923535f31b9 /security/vuxml | |
parent | d293e7bb96f1dda4fb4896d2db248f85ba6c986e (diff) | |
download | freebsd-ports-graphics-48f2d2b9042f9b2c13aedce44f658d16199664e0.tar.gz freebsd-ports-graphics-48f2d2b9042f9b2c13aedce44f658d16199664e0.tar.zst freebsd-ports-graphics-48f2d2b9042f9b2c13aedce44f658d16199664e0.zip |
- Document openx -- sql injection vulnerability
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index aa16b077aab..c34058496a4 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,37 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="55616fda-a2d0-11dd-a9f9-0030843d3802"> + <topic>openx -- sql injection vulnerability</topic> + <affects> + <package> + <name>openx</name> + <range><lt>2.6.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/32114/"> + <p>OpenX can be exploited by malicious people to conduct SQL injection + attacks.</p> + <p>Input passed to the "bannerid" parameter in www/delivery/ac.php is + not properly sanitised before being used in SQL queries. This can be + exploited to manipulate SQL queries by injecting arbitrary SQL + code.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/32114/</url> + <url>http://blog.openx.org/10/openx-security-update/</url> + </references> + <dates> + <discovery>2008-10-03</discovery> + <entry>2008-10-25</entry> + </dates> + </vuln> + <vuln vid="9d3020e4-a2c4-11dd-a9f9-0030843d3802"> <topic>flyspray -- multiple vulnerabilities</topic> <affects> |