Debian: 2611-1: movabletype-opensource: Multiple vulnerabilities
(Jan 22) An input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries. [More…]