S-129: Mantis Vulnerability


 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-129: Mantis Vulnerability
# 1  
Old 01-22-2008
S-129: Mantis Vulnerability

Several remote vulnerabilities have been discovered in Mantis, a web based bug tracking system. The risk is LOW. Multiple cross site scripting issues allowed a remote attacker to insert malicious HTML or web script into Mantis web pages.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How do I append a ^M to the end of each 129 character string

Hello all, I have a stumper of a problem. I am trying to append a ^M or "newline" to the end of each 129 character string in a huge file in unix. Each string starts with A00. I am trying to get the file to go from... A00vswjdv1 Test Junk Junk A00vswjdv2 Test Junk Junk ... (6 Replies)
Discussion started by: Captain
6 Replies
Login or Register to Ask a Question
GPESYNCD(1)							   User commands						       GPESYNCD(1)

NAME
gpesyncd - synchronisation agent for GPE PIM data SYNOPSIS
gpesyncd [-r, --remote] [-d, --daemon [PORT]] DESCRIPTION
gpesyncd synchronises PIM data by transforming vCards, vEvents, vTtodo and iCals to the appropriate format in the SQLite database of the respective GPE applications and vice versa. gpesyncd exports and imports PIM data either to stdout or over TCP/IP. It can also be used as a command line tool to access all the PIM data. opensync-plugin-gpe needs gpesyncd to run on the machine where the GPE application data are stored. OPTIONS
-r, --remote Starts gpesyncd in remote mode, which means that all input must be entered as <nn>:<data> where <nn> is the length of the data <data>. Output follows the same convention. -d, --daemon [PORT] Starts in TCP/IP mode. Listens on port 6446 unless PORT is specified. MODES
REMOTE MODE You can run this program in "remote" mode, that means for everything you want to write to it, you have to prepend the number of bytes you're actually writing. For example, you want to write "help", you type in: "4:help". Sounds useless, but when using it for syncing from a remote computer it knows when the input ends and you can even send newlines. To activate the remote mode, just run it with "gpesyncd --remote". DAEMON MODE To activate the daemon mode run it with "gpesyncd -D". You can specify optionally the port by adding a port number after the -D parameter, e.g. "gpesyncd -D 2442" will listen on port 2442. The default port is 6446. Only IPs that are listed in $HOME/.gpe/gpesyncd.allow are allowed to connect to the gpesyncd. You can add IP addresses while running the daemon, whenever someone tries to connect to the daemon, it'll check all the listed IPs whether they are allowed or not. No wildcards or something like gpesyncd.deny are implemented! AUTHOR
This man page was written by gregor herrmann <gregoa@debian.org> for the Debian project based on the --help output, the README, and the web page, and is released under the same terms as the software itself. gpesyncd 2.0 2009-05-11 GPESYNCD(1)