CVE-2008-1475

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Configurations

Configuration 1

cpe:2.3:a:roundup-tracker:roundup:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.11:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.8:stable:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.0:b1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.7:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.10:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.2:pr1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.0:b1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.0:b2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre3:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.0:b2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.10:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.8:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.7:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.0:b4:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.8:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.9.0:b1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.0:b1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.7:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.0:b1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.0:b2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.11:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.9:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.7:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.12:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.8:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.0:b3:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.0:pr1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.0:b3:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.0:b2:*:*:*:*:*:*

Information

Published : 2008-03-24 10:44

Updated : 2017-08-08 01:30


NVD link : CVE-2008-1475

Mitre link : CVE-2008-1475

Products Affected
No products.
CWE