[oss-security] Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo

From: Raphael Geissert <geissert_at_nospam>
Date: Thu Jan 13 2011 - 03:01:09 GMT
To: "Steven M. Christey" <coley@mitre.org>, oss-security@lists.openwall.com

Josh Bressers wrote:
[...]
> Steve, can MITRE take the one below. It's quite large and I don't have
> time to do it right now. Thanks.
>
>> piwigo:
>> a1) CSRF
>> a2) SQL injection
>> a3) stored XSS
>> http://secunia.com/advisories/41365/
>> http://piwigo.org/releases/2.1.3
>> http://www.exploit-db.com/exploits/14973/
>> (the issues mentioned by the exploit-db entry appear to be the same
>> that
>> were fixed in 2.1.3)
>> b) search.php SQL injection
>> http://secunia.com/advisories/38305/
>> http://piwigo.org/releases/2.0.8
>> c) CSRF in the admin panel:
>> http://secunia.com/advisories/37681/
>> http://www.exploit-db.com/exploits/10417
>> (the exploit-db entry details two other issues, but are "admin-only"
>> -- feel
>> free to assign or ignore those.)
>>

Ping.

Not urgent, but I saw them again on the list of issues without ids on our
tracker.

Regards,
-- Raphael Geissert - Debian Developer www.debian.org - get.debian.net

This message: [ Message body ]
Next message: Raphael Geissert: "[oss-security] CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3"
Previous message: Steven M. Christey: "[oss-security] CVE assignments for Wireshark"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]