Online-Bookmarks: Multiple vulnerabilities

Online-Bookmarks: Multiple vulnerabilities Multiple vulnerabilities have been reported in Online-Bookmarks. online-bookmarks 2009-01-12 2009-01-12 235053 remote 0.6.28 0.6.28

Online-Bookmarks is a web-based bookmark management system to store your bookmarks, favorites and links.

The following vulnerabilities were reported:

Authentication bypass when directly requesting certain pages (CVE-2004-2155).
Insufficient input validation in the login function in auth.inc (CVE-2006-6358).
Unspecified cross-site scripting vulnerability (CVE-2006-6359).

A remote attacker could exploit these vulnerabilities to bypass authentication mechanisms, execute arbitrary SQL statements or inject arbitrary web scripts.

There is no known workaround at this time.

All Online-Bookmarks users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/online-bookmarks-0.6.28"

CVE-2004-2155 CVE-2006-6358 CVE-2006-6359 keytoaster p-y p-y