Vulnerabilities > CVE-2008-1474 - Unspecified vulnerability in Roundup-Tracker Roundup

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
roundup-tracker
nessus
NVD
Published: 2008-03-24
Updated: 2024-11-21

Summary

Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).

Vulnerable Configurations

Part Description Count
Application
Roundup-Tracker
95

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200805-21.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200805-21 (Roundup: Permission bypass) Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions (CVE-2008-1475). Furthermore, Roland Meister discovered multiple vulnerabilities caused by unspecified errors, some of which may be related to cross-site scripting (CVE-2008-1474). Impact : A remote attacker could possibly exploit the first vulnerability to edit or view restricted properties via the list(), display(), and set() methods. The impact and attack vectors of the second vulnerability are unknown. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id32450
    published2008-05-28
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/32450
    titleGLSA-200805-21 : Roundup: Permission bypass
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1554.NASL
    descriptionRoundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id32034
    published2008-04-25
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32034
    titleDebian DSA-1554-2 : roundup - insufficient input sanitising
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-2471.NASL
    description - Fri Mar 7 2008 Paul P. Komkoff Jr <i at stingr.net> - 1.4.4-1 - new upstream version with security fixes (bz#436546) - Wed Feb 20 2008 Paul P. Komkoff Jr <i at stingr.net> - 1.4.1-2 - new upstream version - Wed Jan 23 2008 Paul P. Komkoff Jr <i at stingr.net> - 1.4.1-1 - new upstream version Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31435
    published2008-03-13
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31435
    titleFedora 8 : roundup-1.4.4-1.fc8 (2008-2471)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-2370.NASL
    description - Bug #436546 - Roundup 1.4.4 contains some sekrit security fixes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id31430
    published2008-03-13
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31430
    titleFedora 7 : roundup-1.4.4-1.fc7 (2008-2370)

References