Metasploit mailing list archives
Re: OTRS CVE-2011-0456
From: Lukas Kuzmiak <lukash () backstep net>
Date: Thu, 15 Sep 2011 10:27:19 +0200
Hey Mimi, I've been digging a little and found this: http://lists.otrs.org/pipermail/dev/2011-March/002420.html I don't really know OTRS well, so I'm not sure if what Martin Gruner says in the thread is really like that, meaning: However, this issue is related to scripts/webform.pl, an example file which is not used by default in OTRS, and therefore not directly vulnerable from outside. Maybe you can rather focus on this one: http://otrs.org/advisory/OSA-2010-01-en/ Cheers, Lukas On Thu, Sep 15, 2011 at 9:41 AM, <mimi () bankai-sec org> wrote:
Hi, thanks a lot. That's a good starting point. If somebody else is working on this, just let me know :)https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0456 I've seen "Vincent Danen"'s comment, it seems to be relevant._______________________________________________https://mail.metasploit.com/mailman/listinfo/framework_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- OTRS CVE-2011-0456 mimi (Sep 14)
- Re: OTRS CVE-2011-0456 egypt (Sep 14)
- Re: OTRS CVE-2011-0456 sisco 0 (Sep 14)
- Re: OTRS CVE-2011-0456 mimi (Sep 15)
- Re: OTRS CVE-2011-0456 Lukas Kuzmiak (Sep 15)
- Re: OTRS CVE-2011-0456 sisco 0 (Sep 14)
- Re: OTRS CVE-2011-0456 egypt (Sep 14)
- <Possible follow-ups>
- Re: OTRS CVE-2011-0456 MOKEDDEM Hamid (Sep 14)
- Going deeper into the network haZard0us (Sep 14)