Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200706-07 (phprojekt)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58318

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200706-07 (phprojekt)

Resumen: The remote host is missing updates announced in;advisory GLSA 200706-07.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200706-07.

Vulnerability Insight:
Multiple vulnerabilities have been discovered in PHProjekt, allowing for
the execution of arbitrary PHP and SQL code, and cross-site scripting
attacks.

Solution:
All PHProjekt users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/phprojekt-5.2.1'

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-1575
BugTraq ID: 22955
http://www.securityfocus.com/bid/22955
Bugtraq: 20070314 n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection (Google Search)
http://www.securityfocus.com/archive/1/462789/100/0/threaded
http://security.gentoo.org/glsa/glsa-200706-07.xml
http://www.nruns.com/security_advisory_phprojekt_sql_injection.php
http://secunia.com/advisories/24509
http://secunia.com/advisories/25748
http://securityreason.com/securityalert/2466
Common Vulnerability Exposure (CVE) ID: CVE-2007-1576
BugTraq ID: 22957
http://www.securityfocus.com/bid/22957
Bugtraq: 20070314 n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion (Google Search)
http://www.securityfocus.com/archive/1/462788/100/0/threaded
http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php
http://osvdb.org/34064
http://osvdb.org/34065
http://osvdb.org/34066
http://osvdb.org/34067
http://osvdb.org/34068
http://osvdb.org/34069
http://securityreason.com/securityalert/2459
Common Vulnerability Exposure (CVE) ID: CVE-2007-1638
Bugtraq: 20070314 n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery (Google Search)
http://www.securityfocus.com/archive/1/462786/100/100/threaded
http://www.nruns.de/security_advisory_phprojekt_csrf.php
http://osvdb.org/35162
http://securityreason.com/securityalert/2477
XForce ISS Database: phprojekt-multiple-modules-csrf(32989)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32989
Common Vulnerability Exposure (CVE) ID: CVE-2007-1639
BugTraq ID: 22956
http://www.securityfocus.com/bid/22956
Bugtraq: 20070314 n.runs-SA-2007.006 - PHProjekt 5.2.0 - Privilege escalation (Google Search)
http://www.securityfocus.com/archive/1/462785/100/100/threaded
http://www.nruns.de/security_advisory_phprojekt_privilege_escalation.php
http://osvdb.org/35163
http://securityreason.com/securityalert/2476
XForce ISS Database: phprojekt-calendarfile-file-upload(32995)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32995

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58318
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200706-07 (phprojekt)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200706-07.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200706-07. Vulnerability Insight: Multiple vulnerabilities have been discovered in PHProjekt, allowing for the execution of arbitrary PHP and SQL code, and cross-site scripting attacks. Solution: All PHProjekt users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/phprojekt-5.2.1' CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-1575 BugTraq ID: 22955 http://www.securityfocus.com/bid/22955 Bugtraq: 20070314 n.runs-SA-2007.003 - PHProjekt 5.2.0 - SQL Injection (Google Search) http://www.securityfocus.com/archive/1/462789/100/0/threaded http://security.gentoo.org/glsa/glsa-200706-07.xml http://www.nruns.com/security_advisory_phprojekt_sql_injection.php http://secunia.com/advisories/24509 http://secunia.com/advisories/25748 http://securityreason.com/securityalert/2466 Common Vulnerability Exposure (CVE) ID: CVE-2007-1576 BugTraq ID: 22957 http://www.securityfocus.com/bid/22957 Bugtraq: 20070314 n.runs-SA-2007.004 - PHProjekt 5.2.0 - Cross Site Scripting and Filter Evasion (Google Search) http://www.securityfocus.com/archive/1/462788/100/0/threaded http://www.nruns.de/security_advisory_phprojekt_xss_and_filter_evasion.php http://osvdb.org/34064 http://osvdb.org/34065 http://osvdb.org/34066 http://osvdb.org/34067 http://osvdb.org/34068 http://osvdb.org/34069 http://securityreason.com/securityalert/2459 Common Vulnerability Exposure (CVE) ID: CVE-2007-1638 Bugtraq: 20070314 n.runs-SA-2007.005 - PHProjekt 5.2.0 - Cross Site Request Forgery (Google Search) http://www.securityfocus.com/archive/1/462786/100/100/threaded http://www.nruns.de/security_advisory_phprojekt_csrf.php http://osvdb.org/35162 http://securityreason.com/securityalert/2477 XForce ISS Database: phprojekt-multiple-modules-csrf(32989) https://exchange.xforce.ibmcloud.com/vulnerabilities/32989 Common Vulnerability Exposure (CVE) ID: CVE-2007-1639 BugTraq ID: 22956 http://www.securityfocus.com/bid/22956 Bugtraq: 20070314 n.runs-SA-2007.006 - PHProjekt 5.2.0 - Privilege escalation (Google Search) http://www.securityfocus.com/archive/1/462785/100/100/threaded http://www.nruns.de/security_advisory_phprojekt_privilege_escalation.php http://osvdb.org/35163 http://securityreason.com/securityalert/2476 XForce ISS Database: phprojekt-calendarfile-file-upload(32995) https://exchange.xforce.ibmcloud.com/vulnerabilities/32995
Copyright	Copyright (C) 2008 E-Soft Inc.