oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [oCERT-2011-001] Chyrp input sanitization errors

From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Wed, 13 Jul 2011 17:02:29 -0400 (EDT)

On Wed, 13 Jul 2011, Andrea Barisani wrote:


http://www.justanotherhacker.com/advisories/JAHx113.txt
This advisory covers 3 CVEs (but the oCERT advisory only seems to cover the first two): 

XSS: CVE-2011-2743

LFI/directory traversal: CVE-2011-2744

file upload: CVE-2011-2745


- Steve





Permalink:
http://www.ocert.org/advisories/ocert-2011-001.html

--
Andrea Barisani |                Founder & Project Coordinator
         oCERT | OSS Computer Security Incident Response Team

<lcars () ocert org>                         http://www.ocert.org
0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
       "Pluralitas non est ponenda sine necessitate"
Previous By Date Next
Previous By Thread Next

Current thread: