CVE-2013-7106, CVE-2013-7107 https://dev.icinga.org/issues/5250
The icinga web gui is susceptible to several buffer overflow flaws,
which can be triggered as a logged on user. A remote attacker may
utilize a CSRF (cross site request forgery) attack vector against a
logged in user to exploit this flaw remotely.
CVE-2013-7108 https://dev.icinga.org/issues/5251
The icinga web gui are susceptible to an "off-by-one read" error
resulting from an improper assumption in the handling of user submitted
CGI parameters. [..] by sending a specially crafted cgi parameter,
the check routine can be forced to skip the terminating null pointer
and read the heap address right after the end of the parameter list.
Depending on the memory layout, this may result in a memory corruption
condition/crash or reading of sensitive memory locations.
d2b666fc99