oss-sec mailing list archives
Re: CVE-request: SMF index.php msg parameter SQL-injection (2005)
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 14 Nov 2012 10:31:54 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/08/2012 06:51 AM, Henri Salo wrote:
On Fri, Sep 14, 2012 at 11:29:07AM -0600, Kurt Seifried wrote:On 09/14/2012 06:40 AM, Henri Salo wrote:Hello list, Old SQL-injection security issue in SMF does not have CVE-identifier. Could you please assign one from year 2005, thanks. Affected versions: <= 1.0.4 Fixed in 1.0.5 References: http://osvdb.org/17458 http://secunia.com/advisories/15784/ - Henri Salo ps. never too lateCan you confirm this isn't http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4159To me this looks like a different vulnerability, because of different affected files and parameters. CVE-2005-XXXX: index.php http://osvdb.org/17458 http://www.securiteam.com/exploits/5HP0N0KG0O.html
Please use CVE-2005-4891 for this issue.
CVE-2005-4159: Memberlist.php http://osvdb.org/21722 http://archives.neohapsis.com/archives/bugtraq/2005-12/0090.html - Henri Salo
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQo9WJAAoJEBYNRVNeJnmT2NEQAIu7riVk8t9Jltgi9HUDWgZp 4mgyLGOX5Bh88+w6ZGwfk0c1GoMRycQDI0pm0jPib65buP9wYobNJxmIpfGKi55Y AvvmDCUuHkzslzNGPS0pkId+u8h/bzZ5oNy9vP50D2tpCcg6ByHhXdj6wJPtryel zDWVYfBaxLPZM9gVxZ1T2Fhbvhdow/LbDTgRBA7t7/WtGKMXw5uREtOfzAy3GsCt WzFdUV0q4X9bbDNlB9vQOLpU9jyDPkHDJfezNzzWFo7tE3AL/u9JP19mzwJg7gjy KSuZy1esnpvoa15iTFAvtU2w7dU8QvARqAOw7c1pfQWirPrquFGxOySiT+5hNC36 jkf+6Mpf0fMKTCpeUa2+aenaej+TQ9e+045EHprmpc5PJeuSTsvOUWot61051G3v 8gyJ37QLi86gYlgxjEluj3rNxwK+TzBjItYZEu4EXC5dOGLM7H4vcHjsIh94kkX5 yC3jqLtVBBFJgbVa7NnZQoZIpLoNYqQqdF9/kocVwgStUEJEOl8RubvPqpZmKXeq yP1nZNeYE6mRNXEzUmgXzpuYLa/Yv6yOf9XeKJ2YzRga60K890aYJY5f4nI51EFq uBYnPYVqDHMaaBuHMwy7jHGzd6XERvHXje22xqIcRObse0dTJVvtw4T9x2+Fv9Pd MglXDAKxcLejzFCIi/Nf =sxjC -----END PGP SIGNATURE-----
Current thread:
- Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Henri Salo (Oct 08)
- Re: CVE-request: SMF index.php msg parameter SQL-injection (2005) Kurt Seifried (Nov 14)