Launchpad.net

CVE 2007-5694

Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491.

Related bugs and status

CVE-2007-5694 (Candidate) is related to these bugs:

Bug #175319: [sitebar] Several remote vulnerabilities

		In	Importance	Status
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu)	Undecided	Fix Released
175319	[sitebar] Several remote vulnerabilities	sitebar (Debian)	Unknown	Fix Released
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Dapper)	Undecided	Won't Fix
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Edgy)	Undecided	Won't Fix
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Gutsy)	Undecided	Won't Fix
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Hardy)	Undecided	Fix Released
175319	[sitebar] Several remote vulnerabilities	sitebar (Ubuntu Feisty)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://teamforge.net/v...
BID: 26126
GENTOO: GLSA-200711-05
SECUNIA: 27503
SREASON: 3318
DEBIAN: DSA-1423
SECUNIA: 28008
OSVDB: 41110
VUPEN: ADV-2007-3768
BUGTRAQ: 20071018 Serious holes...