Summary
The remote host is missing an update to phpgroupware announced via advisory DSA 1063-1.
It was discovered that the Avatar upload feature of FUD Forum, a component of the web based groupware system phpgroupware, does not sufficiently validate uploaded files, which might lead to the execution of injected web script code.
For the old stable distribution (woody) this problem has been fixed in version 0.9.14-0.RC3.2.woody6.
Solution
For the stable distribution (sarge) this problem has been fixed in version 0.9.16.005-3.sarge5.
For the unstable distribution (sid) this problem has been fixed in version 0.9.16.009-1.
We recommend that you upgrade your XXXXXXXXXXXXXX package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201063-1
Severity
Classification
-
CVE CVE-2005-2781 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities