[SECURITY] [DSA 1688-1] New courier-authlib packages fix SQL injection

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1688secur...@debian.org http://www.debian.org/security/ Steffen Joeris December 20, 2008

chicomas <=2.0.4 Multiple Vulnerabilities

## www.BugReport.ir # # # AmnPardaz Security Research Team # # Title: chicomas <=2.0.4 Multiple Vulnerabilities # Vendor: http://www.chicomas.com/ # Demo: http://demo.opensourcecms.com/chicomas # Bug:Database Information Disclosure, Autho

Re: chicomas <=2.0.4 Multiple Vulnerabilities

On Sat, 20 Dec 2008, ad...@bugreport.ir wrote: : +-->Cross Site Scripting (XSS). Reflected XSS attack in "index.php" in "q" : parameter. : : POC: : http://[URL]/chicomas/index.php?q=";alert(/www.BugReport.ir/.source) This was disclosed on May 5th [1] by Hadi Kiamarsi and was assigned BID 2902