oss-sec mailing list archives
Re: CVE Request - Open Flash Chart v2
From: Josh Bressers <bressers () redhat com>
Date: Mon, 14 Dec 2009 17:37:45 -0500 (EST)
Here's a link to the Secunia advisory as a reference: http://secunia.com/advisories/37078/ Please use CVE-2009-4140 for this. Thanks. -- JB ----- "Anthon Pang" <anthon.pang () gmail com> wrote:
The Piwik project released an advisory re: the inclusion of ofc_upload_image.php -- a potentially exploitable file from the php-ofc-library offered by the Open Flash Chart project. - http://piwik.org/blog/2009/10/piwik-response-to-secunia-advisory-sa37078/ Since Open Flash Chart is used by web sites and open source projects, a common CVE makes sense. Open Flash Chart: Affected v2 Beta 1 through v2 Lug Wyrm Charmer. Fixed: no Piwki: Affected: 0.2.35 through 0.4.3. Fixed in 0.4.4. (Removed file) Open Web Analytics: Affected: 1.2. Fixed in svn. (Removed file) Other web sites/projects: - http://www.google.com/search?q=php-ofc-library+ofc_upload_image.php+-piwik - http://www.google.com/codesearch?q=ofc_upload_image.php
-- JB
Current thread:
- CVE Request - Open Flash Chart v2 Anthon Pang (Dec 14)
- <Possible follow-ups>
- Re: CVE Request - Open Flash Chart v2 Josh Bressers (Dec 14)