Archive for the ‘Debian Security’ Category

DSA-2047 aria2 – insufficient input sanitising

Friday, May 21st, 2010

A vulnerability was discovered in aria2, a download client. The “name”
attribute of the “file” element of metalink files is not properly
sanitised before using it to download files. If a user is tricked into
downloading from a specially crafted metalink file, this can be
exploited to download files to directories outside of the intended
download directory.

Read the full story: DSA-2047 aria2 – insufficient input sanitising: http://www.debian.org/security/2010/dsa-2047

DSA-2046 phpgroupware – several vulnerabilities

Saturday, May 15th, 2010

Several remote vulnerabilities have been discovered in phpgroupware, a
Web based groupware system written in PHP. The Common Vulnerabilities
and Exposures project identifies the following problems:

Read the full story: DSA-2046 phpgroupware – several vulnerabilities: http://www.debian.org/security/2010/dsa-2046

DSA-2034 phpmyadmin – several vulnerabilities

Saturday, May 15th, 2010

Several vulnerabilities have been discovered in phpMyAdmin, a tool
to administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:

Read the full story: DSA-2034 phpmyadmin – several vulnerabilities: http://www.debian.org/security/2010/dsa-2034