Frech.CH Online-BookMarks Multiple Input Validation Vulnerabilities

Bugtraq ID:	21422
Class:	Input Validation Error
CVE:	CVE-2006-6358 CVE-2006-6359
Remote:	Yes
Local:	No
Published:	Dec 04 2006 12:00AM
Updated:	Jan 15 2009 05:02PM
Credit:	Vigilon is credited with the discovery of these vulnerabilities.
Vulnerable:	Gentoo Linux frech.ch online-bookmarks 0.6.12
Not Vulnerable:

Frech.CH Online-BookMarks Multiple Input Validation Vulnerabilities

The online-bookmarks application is prone to multiple input-validation vulnerabilities, including cross-site scriping and SQL-injection issues, because it fails to properly sanitize user-supplied input.

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or even exploit vulnerabilities in the underlying database. Other attacks are also possible.

This issue affects online-bookmarks 0.6.12; other versions may also be affected.

Frech.CH Online-BookMarks Multiple Input Validation Vulnerabilities

Attackers may exploit SQL- and HTML-injection vulnerabilities via a browser.

Frech.CH Online-BookMarks Multiple Input Validation Vulnerabilities

Solution:
Updates are available. Please see the references for more information.