SecurityAlert : 4041 CVE : CVE-2008-3315 CWE : Not in CWE SecurityRisk : Low (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Given : Yes Credit : Digital Security Research Group Published : 28.07.2008
Affected Software :
Claroline eLearning and eWorking platform
Advisory Text :
Digital Security Research Group [DSecRG] Advisory #DSECRG-08-032
Application: Claroline eLearning and eWorking platform
Versions Affected: 1.8.10
Vendor URL: http://www.claroline.net/
Bug: Multiple Linked XSS
Exploits: YES
Reported: 18.07.2008
Vendor Response: 22.07.2008
Solution: YES
Date of Public Advisory: 22.07.2008
Author: Digital Security Research Group [DSecRG]
(research [at] dsec [dot] ru)
Description
***********
Claroline system has multiple linked XSS vulnerabilities.
Details
*******
1. Multiple linked XSS vulnerabilities found. Attacker can inject XSS in
URL string
Digital Security is leading IT security company in Russia, providing
information security consulting, audit and penetration testing services,
risk analysis and ISMS-related services and certification for ISO/IEC
27001:2005 and PCI DSS standards. Digital Security Research Group focuses
on web application and database security problems with vulnerability
reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsec [dot] ru
http://www.dsec.ru (in Russian)
If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Maksymilian Arciemowicz discovered a Integer Overflow
vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems.