Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -6 articles for you...
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydebiandirectory traversal

Debian: DSA-1423-1 Critical: Sitebar Remote Threats Overview

A directory traversal vulnerability in the translation module allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.. - ------------------------------------------------------------------------Debian Security Advisory DSA-1423-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Steve Kemp December 07, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : sitebar Vulnerability : various Problem type : remote Debian-specific: no CVE Id(s) : CVE-2007-5491, CVE-2007-5492, CVE-2007-5693, CVE-2007-5694, CVE-2007-5695, CVE-2007-5692 Debian Bug : 447135, 448690, 448689 Several remote vulnerabilities have been discovered in sitebar, a web based bookmark manager written in PHP. The Common Vulnerabilities Exposures project identifies the following problems: CVE-2007-5491 A directory traversal vulnerability in the translation module allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter. CVE-2007-5492 A static code injection vulnerability in the translation module allows a remote authenticated user to execute arbitrary PHP code via the value parameter. CVE-2007-5693 An eval injection vulnerability in the translation module allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action. CVE-2007-5694 A path traversal vulnerability in the translation module allows remote authenticated users to read arbitrary files via an absolute path in the 'dir' parameter. CVE-2007-5695 An error in command.php allows remote attackers to redirect users to arbitrary web sites via the forward parameter in a Log In action. CVE-2007-5692 Multiple cross site scripting flaws allow remote attackers to inject arbitrary script or HTMLfragments into several scripts. For the stable distribution (etch), these problem have been fixed in version 3.3.8-7etch1. For the old stable distribution (sarge), these problems have been fixed in version 3.2.6-7.1sarge1 For the unstable distribution (sid), these problems have been fixed in version 3.3.8-12.1. We recommend that you upgrade your sitebar package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - --------------------------------Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: Size/MD5 checksum: 12821 c38ed9e586c8b07b23349588f2be23b2 Size/MD5 checksum: 333352 a86243f7a70a1a9ac80342fbcca14297 Size/MD5 checksum: 580 7654849ce1ea822b9b70c52a98def837 Architecture independent packages: Size/MD5 checksum: 341570 6e106cf5dddb0ee63f29efdcf93d8d74 Debian GNU/Linux 4.0 alias etch - -------------------------------Source archives: Size/MD5 checksum: 583 8af7750ff9a808798bf1b898c69b84d6 Size/MD5 checksum: 22552 cdc186193c2ad2d4e69f220dd8372ccd Size/MD5 checksum: 686944 fa7b5367808966c8db6241f475f3ef2f Architecture independent packages: Size/MD5 checksum: 709524 16eb8791acea7cf1c99ac61b7b47e4b1 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main Fordpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . A range of security flaws addressed in sitebar for Debian, featuring directory access and remote command execution vulnerabilities.. Debian Sitebar Vulnerabilities, Remote Code Flaws, PHP Code Exploits. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Dec 07, 2007 Critical Debian
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryhigh severitygentoo

Gentoo: GLSA-200711-05 Critical: SiteBar Code Execution Risk

Multiple issues have been identified in SiteBar that might allow execution of arbitrary code and arbitrary file disclosure.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: SiteBar: Multiple issues Date: November 06, 2007 Bugs: #195810 ID: 200711-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple issues have been identified in SiteBar that might allow execution of arbitrary code and arbitrary file disclosure. Background ========= SiteBar is a PHP application that allows users to store their bookmarks on a web server. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/sitebar < 3.3.9 > = 3.3.9 Description ========== Tim Brown discovered these multiple issues: the translation module does not properly sanitize the value to the "dir" parameter (CVE-2007-5491, CVE-2007-5694); the translation module also does not sanitize the values of the "edit" and "value" parameters which it passes to eval() and include() (CVE-2007-5492, CVE-2007-5693); the log-in command does not validate the URL to redirect users to after logging in (CVE-2007-5695); SiteBar also contains several cross-site scripting vulnerabilities (CVE-2007-5692). Impact ===== An authenticated attacker in the "Translators" or "Admins" group could execute arbitrary code, read arbitrary files and possibly change their permissions with the privileges of theuser running the web server by passing a specially crafted parameter string to the "translator.php" file. An unauthenticated attacker could entice a user to browse a specially crafted URL, allowing for the execution of script code in the context of the user's browser, for the theft of browser credentials or for a redirection to an arbitrary web site after login. Workaround ========= There is no known workaround at this time. Resolution ========= All SiteBar users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/sitebar-3.3.9" References ========= [ 1 ] CVE-2007-5491 https://www.cve.org/CVERecord?id=CVE-2007-5491 [ 2 ] CVE-2007-5492 https://www.cve.org/CVERecord?id=CVE-2007-5492 [ 3 ] CVE-2007-5692 https://www.cve.org/CVERecord?id=CVE-2007-5692 [ 4 ] CVE-2007-5693 https://www.cve.org/CVERecord?id=CVE-2007-5693 [ 5 ] CVE-2007-5694 https://www.cve.org/CVERecord?id=CVE-2007-5694 [ 6 ] CVE-2007-5695 https://www.cve.org/CVERecord?id=CVE-2007-5695 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200711-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFHMPAkuhJ+ozIKI5gRAvKjAKCiMhRJqgEJquBfFZPwj4DoroF3awCfW9cO 2q2WsvEZzXcBRSQbH05oKbA=OTlc -----END PGP SIGNATURE----- . Several vulnerabilities inSiteBar may permit unauthorized code execution and exposure of files. Prompt updates are advised.. sitebar issues, gentoo vulnerability, sitebar security. . LinuxSecurity.com Team

Calendar 2 Nov 06, 2007 Gentoo
Banner 4 1028x280 1708121825 1771600306
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorycriticalremote attack

Debian 3.1: DSA 1130-1 Severe Vulnerability: Sitebar Remote Exploit

Updated package.. - --------------------------------------------------------------------------Debian Security Advisory DSA 1130-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Martin Schulze July 30th, 2006 http://www.debian.org/security/faq - --------------------------------------------------------------------------Package : sitebar Vulnerability : missing input validation Problem type : remote Debian-specific: no CVE ID : CVE-2006-3320 BugTraq ID : 18680 Debian Bug : 377299 A a cross-site scripting vulnerability has been discovered in sitebar, a web based bookmark manager written in PHP, which allows remote attackers to inject arbitrary web script or HTML. For the stable distribution (sarge) this problem has been fixed in version 3.2.6-7.1. For the unstable distribution (sid) this problem has been fixed in version 3.3.8-1.1. We recommend that you upgrade your sitebar package. Upgrade Instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: Size/MD5 checksum: 567 af6299567258255742c9289ead8618e4 Size/MD5 checksum: 9214 2309667ac14ea821c7a1ba14b8a59916 Size/MD5 checksum: 333352 a86243f7a70a1a9ac80342fbcca14297 Architecture independent components: Size/MD5 checksum: 339760 98d388ce2b2c8d746d333f6286e22c0b These files will probably be moved into the stable distribution on its next update. ----------------------------------------------------------------------------------For apt-get: deb https://www.debian.org/security/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Immediate notice regarding the Debian sitebar application that resolves a significant cross-site scripting vulnerability, potentially allowing external exploitation.. Debian Security Advisory, Sitebar Update, Remote Attack Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Aug 01, 2006 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here