oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF

From: cve-assign () mitre org
Date: Sat, 14 Feb 2015 10:29:48 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Use CVE-2015-1603 for both XSS issues.

Use CVE-2015-1604 for the "upload arbitrary files" issue.

The available information doesn't suggest that any of the behavior
would typically be considered a separate CSRF vulnerability. There is
no CVE ID for Landsknecht Adminsystems CSRF.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU32mXAAoJEKllVAevmvmsCW8H/jyeFJ4gGAF99n0lkRoocR4x
VKVXjxIHa30xj/L6385pgon4rh5SYydABYsHQR2dN+090POwo8Pi7ZDvCXVu78gG
zwpPSZJpdKvusRUaRfUh66pCKsYsiw0S7D/rWf/5ICZWPRBlQbuAKyZeR3cBlD7l
NxzwpuWsPo4qPoFc//+r7M7UTjm619UjTvFHdV8cv+VTXwCYwDKRY6ivFU5cemoF
rL41HnMIRRzjEytfWJTRtKdFDLAf5+EtqdNlEPWPrm6kLv6BME4Xq3TGi07zbSkI
Q8Uhm5+bcEYKmb7WjiPfxabMDbd0YIWhuskWIciJNOI5pyJRVAqnKBDjJIANYKE=
=w6LF
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: