Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
security [2010/04/07 16:55] greg |
security [2010/04/07 18:12] (current) |
http://sahana/index.php?mod=admin&act=acl_enable_acl Authenticates correctly. \\ | http://sahana/index.php?mod=admin&act=acl_enable_acl Authenticates correctly. \\ |
http://sahana/stream.php?mod=admin&act=acl_enable_acl Does not. | http://sahana/stream.php?mod=admin&act=acl_enable_acl Does not. |
| |
| The patch for this vulnerability disallow the streaming module from disabling the Sahana ACL. |
| |
Code Commits:\\ | Code Commits:\\ |
trunk >> http://bazaar.launchpad.net/~sahana-php/s3/php-cvs-trunk/revision/4531 \\ | trunk >> http://bazaar.launchpad.net/~sahana-php/s3/php-cvs-trunk/revision/4531 \\ |
rel_0_6 >> http://bazaar.launchpad.net/~sahana-php/s3/php-cvs-stable/revision/3798 \\ | rel_0_6 >> http://bazaar.launchpad.net/~sahana-php/s3/php-cvs-stable/revision/3798 \\ |
| \\ |
| \\ |
| \\ |
| \\ |
| \\ |
==2009:1210 >> mod variable exploits in lib_locale == | ==2009:1210 >> mod variable exploits in lib_locale == |
| |
rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_locale/lib_locale.inc?r1=1.23.2.4&r2=1.23.2.5 \\ | rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_locale/lib_locale.inc?r1=1.23.2.4&r2=1.23.2.5 \\ |
trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_locale/lib_locale.inc?r1=1.29&r2=1.30 \\ | trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_locale/lib_locale.inc?r1=1.29&r2=1.30 \\ |
| \\ |
| \\ |
| \\ |
| \\ |
| \\ |
==2009:1029-2 >> MPR Module Exploits== | ==2009:1029-2 >> MPR Module Exploits== |
| |
rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/mod/mpr/search.inc?revision=1.17.24.8&view=markup \\ | rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/mod/mpr/search.inc?revision=1.17.24.8&view=markup \\ |
trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/mod/mpr/search.inc?revision=1.31&view=markup \\ | trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/mod/mpr/search.inc?revision=1.31&view=markup \\ |
| \\ |
| \\ |
| \\ |
| \\ |
| \\ |
==2009:1029-1 >> Session Fixation Exploit== | ==2009:1029-1 >> Session Fixation Exploit== |
| |
rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_session/handler_session.inc?revision=1.12.4.1&view=markup\\ | rel_0_6 >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_session/handler_session.inc?revision=1.12.4.1&view=markup\\ |
trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_session/handler_session.inc?revision=1.16&view=markup\\ | trunk >> http://sahana.cvs.sourceforge.net/viewvc/sahana/sahana-phase2/inc/lib_session/handler_session.inc?revision=1.16&view=markup\\ |
| \\ |
| \\ |
| \\ |
| \\ |
| \\ |
==2009:1019 >> Null character URL Exploit== | ==2009:1019 >> Null character URL Exploit== |
| |