Tagged: bugtracker Toggle Comment Threads | Keyboard Shortcuts

  • vulnerability management 12:28 pm on December 4, 2010 Permalink | Reply
    Tags: , bugtracker, BugTracker.Net, , , , ,   

    BugTracker.Net: Multiple Vulnerabilities 

    Users of BugTracker.Net please be advised of Multiple vulnerabilities that has been identified.
    To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

    CORE-2010-1109: [CORE-2010-1109] Multiple vulnerabilities in BugTracker.Net
    *Vulnerability Description*

    BugTracker.NET [1][2] is an open-source web-based bug tracker written
    using ASP.NET, C#, and Microsoft SQL Server. Several cross-site
    scripting and SQL-injection vulnerabilities were found in the following
    files of the BugTracker.NET:

    . *bugs.aspx*. SQL injection in line 141.
    . *delete_query.aspx*. No sanitization for ‘row_id.Value’ in line 30.
    . *edit_bug.aspx*. Variables without sanitization in lines 1846 and 1857.
    . *edit_bug.aspx*. No sanitization for variable ‘new_project’, line 2214.
    . *edit_bug.aspx*. XSS in line 2918.
    . *edit_comment.aspx*. XSS in line 233.
    . *edit_customfield.aspx*. Lines 165 and 172, no sanitization.
    . *edit_user_permissions2.aspx*. XSS in line 40.
    . *massedit.aspx*. SQL Injection in line 162.

    Read more at http://www.criticalwatch.com

     

    Advertisements
     
  • vulnerability management 12:21 pm on December 4, 2010 Permalink | Reply
    Tags: , bugtracker, BugTraker.Net, , , , ,   

    BugTracker.Net: Several Cross-Site Scripting and SQL-Injection Vulnerabilities 

    Users of BugTracker.Net please be advised of Several cross-site scripting and SQL-injection vulnerabilities that has been identified.
    To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

    CORE-2010-1109: [CORE-2010-1109] Multiple vulnerabilities in BugTracker.Net
    *Vulnerability Description*

    BugTracker.NET [1][2] is an open-source web-based bug tracker written
    using ASP.NET, C#, and Microsoft SQL Server. Several cross-site
    scripting and SQL-injection vulnerabilities were found in the following
    files of the BugTracker.NET:

    . *bugs.aspx*. SQL injection in line 141.
    . *delete_query.aspx*. No sanitization for ‘row_id.Value’ in line 30.
    . *edit_bug.aspx*. Variables without sanitization in lines 1846 and 1857.
    . *edit_bug.aspx*. No sanitization for variable ‘new_project’, line 2214.
    . *edit_bug.aspx*. XSS in line 2918.
    . *edit_comment.aspx*. XSS in line 233.
    . *edit_customfield.aspx*. Lines 165 and 172, no sanitization.
    . *edit_user_permissions2.aspx*. XSS in line 40.
    . *massedit.aspx*. SQL Injection in line 162.

    Read more at http://www.criticalwatch.com

     

     
  • vulnerability management 9:33 am on September 2, 2010 Permalink | Reply
    Tags: bugtracker, , name bugtracker, , , ,   

    BugTracker.net 3.4.3: SQL Injection 

    Users of BugTracker.NET 3.4.3 please be advised of a SQL Injection vulnerability that has been identified.
    To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

    BugTracker.NET-SA-08/26/2010: BugTracker.net 3.4.3 SQL Injection
    Name BugTracker.NET
    SQL Injection

    _______________________________

    The application allows the use of Custom Fields, searching

    of these custom fields is possible on the search page.

    The value used for searching the custom field is not

    properly cleaned before being used in the SQL query.

    Please note this vulnerability is in the code lot for a long time

    if using BugTracker.NET publicly you could be vulnerable.
    Read more at http://www.criticalwatch.com

     

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel