| From the Gentoo advisory:
Two vulnerabilities have been reported by Federico Muttis, from CORE
IMPACT's Exploit Writing Team:
* Multiple missing or incomplete input validations in several .jsps
(CVE-2009-0496).
* Incorrect input validation of the "log" parameter in log.jsp
(CVE-2009-0497).
Multiple vulnerabilities have been reported by Andreas Kurtz:
* Erroneous built-in exceptions to input validation in login.jsp
(CVE-2008-6508).
* Unsanitized user input to the "type" parameter in
sipark-log-summary.jsp used in SQL statement. (CVE-2008-6509)
* A Cross-Site-Scripting vulnerability due to unsanitized input to
the "url" parameter. (CVE-2008-6510, CVE-2008-6511)
| 