oss-sec mailing list archives
Re: CVE-request for three 2009 Joomla issues
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 25 Dec 2011 12:15:09 -0700
On 12/24/2011 05:27 PM, Henri Salo wrote:
I didn't find CVE-identifiers for these issues: 1) Joomla! TinyMCE Editor Tiny Browser Plugin File Upload Arbitrary PHP Code Execution http://osvdb.org/show/osvdb/56276 http://developer.joomla.org/security/news/301-20090722-core-file-upload.html
Please use CVE-2011-4906 for this issue.
2) Joomla! Missing JEXEC Check Weakness Path Disclosure http://osvdb.org/show/osvdb/56277 http://developer.joomla.org/security/news/302-20090722-core-missing-jexec-check.html
Please use CVE-2011-4907 for this issue.
3) TinyBrowser Plugin for Joomla! upload.php folder Parameter Arbitrary File Upload http://osvdb.org/show/osvdb/64578
Please ue CVE-2011-4908 for this issue.
Secunia advisory for three issues: http://secunia.com/advisories/35899/ - Henri Salo
-- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE-request for three 2009 Joomla issues Henri Salo (Dec 24)
- Re: CVE-request for three 2009 Joomla issues Kurt Seifried (Dec 25)