Executive Summary
| Summary | |
|---|---|
| Title | New phpgroupware packages fix execution of arbitrary web script code |
| Informations | |||
|---|---|---|---|
| Name | DSA-1063 | First vendor Publication | 2006-05-08 |
| Vendor | Debian | Last vendor Modification | 2006-05-08 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code. For the old stable distribution (woody) this problem has been fixed in version 0.9.14-0.RC3.2.woody6. For the stable distribution (sarge) this problem has been fixed in version 0.9.16.005-3.sarge5. For the unstable distribution (sid) this problem has been fixed in version 0.9.16.009-1. We recommend that you upgrade your XXXXXXXXXXXXXX package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1063 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-05-05 | Name : HP-UX Update for Mozilla remote HPSBUX01133 File : nvt/gb_hp_ux_HPSBUX01133.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1063-1 (phpgroupware) File : nvt/deb_1063_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 18953 | FUDforum Avatar Upload Extension Validation Weakness Arbitrary Code Execution |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1063.nasl - Type : ACT_GATHER_INFO |
| 2005-08-29 | Name : The remote web server contains a PHP application that allows for arbitrary co... File : fudforum_avatar_upload.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:47 |
|
