oss-sec mailing list archives
Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Wed, 2 Mar 2011 18:05:45 -0500 (EST)
On Mon, 21 Feb 2011, Moritz Muehlenhoff wrote:
1. FreeBSD kernel: local DoS http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613312 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611476 http://www.exploit-db.com/exploits/16064/ http://svn.debian.org/wsvn/glibc-bsd/branches/squeeze/kfreebsd-8/debian/patches/000_tcp_usrreq.diff
Use CVE-2011-1132
2. Xinha: Multiple vulnerabilities (The code is included in a few web apps, e.g. serendipity, openacs or dotlrn) http://secunia.com/advisories/40669/
CVE-2011-1133 - XSS in mode param to plugins/ExtendedFileManager/backend.php (David Vieira-Kurz)
CVE-2011-1134 - file uploadCVE-2011-1135 - XSS at end of URL to plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php (Riss McRee)
3. tesseract: Insecure temp file handling http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612032
CVE-2011-1136
4. proftpd mod_sftp integer overflow http://bugs.proftpd.org/show_bug.cgi?id=3586 http://www.exploit-db.com/exploits/16129/
CVE-2011-1137 - Steve
Current thread:
- CVE requests: freebsd kernel/tesseract/xinha/proftpd Moritz Muehlenhoff (Feb 21)
- Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd Josh Bressers (Feb 23)
- Re: CVE requests: freebsd kernel/tesseract/xinha/proftpd Steven M. Christey (Mar 02)