GLSA-200901-08 : Online-Bookmarks: Multiple vulnerabilities
High Nessus Plugin ID 35356
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200901-08 (Online-Bookmarks: Multiple vulnerabilities)
The following vulnerabilities were reported:
Authentication bypass when directly requesting certain pages (CVE-2004-2155).
Insufficient input validation in the login function in auth.inc (CVE-2006-6358).
Unspecified cross-site scripting vulnerability (CVE-2006-6359).
A remote attacker could exploit these vulnerabilities to bypass authentication mechanisms, execute arbitrary SQL statements or inject arbitrary web scripts.
There is no known workaround at this time.
SolutionAll Online-Bookmarks users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/online-bookmarks-0.6.28'