漏洞信息详情
FUDForum 树状视图验证漏洞
- CNNVD编号:CNNVD-200508-165
- 危害等级: 低危
- CVE编号: CVE-2005-2600
- 漏洞类型: 输入验证
- 发布时间: 2005-08-17
- 威胁类型: 远程
- 更新时间: 2006-09-05
- 厂 商: ilia_alshanetsky
- 漏洞来源: Alexander Heidenre...
漏洞简介
启用\"树状视图\"功能的FUDForum 2.6.15,正如在其它产品如phpgroupware和egroupware中使用的一样,允许远程攻击者借助于修改的mid参数读取私人帖子。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
PHPGroupWare PHPGroupWare 0.9.12
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.13
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.14 .004
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.14 .006
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.14 .005
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.14
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.14 .003
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.14 .001
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.14 .002
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.14 .007
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.16 .006
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
PHPGroupWare PHPGroupWare 0.9.16 RC1
PhPGroupWare phpgroupware-0.9.16.007.tar.gz
http://prdownloads.sourceforge.net/phpgroupware/phpgroupware-0.9.16.00 7.tar.gz
参考网址
来源: SECUNIA
名称: 16414
链接:http://secunia.com/advisories/16414
来源: FULLDISC
名称: 20050811 Fudforum: incompletely check of user rights in tree view gaining access to all messages
链接:http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0383.HTML
来源: BID
名称: 14556
链接:http://www.securityfocus.com/bid/14556
来源: DEBIAN
名称: DSA-899
链接:http://www.debian.org/security/2005/dsa-899
来源: DEBIAN
名称: DSA-798
链接:http://www.debian.org/security/2005/dsa-798
来源: SECUNIA
名称: 17643
链接:http://secunia.com/advisories/17643
受影响实体
- Ilia_alshanetsky Fudforum:2.6.15
补丁
暂无
评论