oss-sec mailing list archives
Re: CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability
From: Anthon Pang <anthon.pang () gmail com>
Date: Fri, 31 Dec 2010 15:13:44 -0500
Request withdrawn. @OSVDB pointed me to CVE 2010-2677. On Fri, Dec 31, 2010 at 12:28 AM, Anthon Pang <anthon.pang () gmail com> wrote:
I was searching OSVDB, and I see this one wasn't reported (and presumably, not assigned a CVE). Versions of OpenWebAnalytics prior to 1.2.4 are vulnerable to a remote/local file inclusion attack. OWA 1.2.4 was released March, 28, 2010 Vendor release announcement: http://www.openwebanalytics.com/?p=87 Commits: - http://trac.openwebanalytics.com/changeset/847/trunk/owa_coreAPI.php - http://trac.openwebanalytics.com/changeset/847/trunk/owa_lib.php - http://trac.openwebanalytics.com/changeset/847/trunk/owa_requestContainer.php
Current thread:
- CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability Anthon Pang (Dec 30)
- Re: CVE Request: OpenWebAnalytics < 1.2.4 - remote/local file inclusion vulnerability Anthon Pang (Dec 31)