oss-sec mailing list archives

Re: CVE request: pixelpost

From: Josh Bressers <bressers () redhat com>
Date: Fri, 17 Sep 2010 14:23:37 -0400 (EDT)

----- "Raphael Geissert" <geissert () debian org> wrote:


Multiple vulnerabilities have been reported against pixelpost:

1) A CSRF vulnerability allows changes to some settings (PoC allows
changing the administrator's password.) [1]


Please use CVE-2010-3305

2) SQL injection [2]


CVE-2009-4899

3) XSS [2]


CVE-2009-4900


2) and 3) are from 2009, so I guess we are going to need some help from
Steven for those ones. The only information about those is [3] which has
some other changes.

[1] http://www.exploit-db.com/exploits/15014/
[2]
http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
[3] http://pastie.textmate.org/616485


Thanks.

-- 
    JB

Current thread:

CVE request: pixelpost Raphael Geissert (Sep 16)
- Re: CVE request: pixelpost Josh Bressers (Sep 17)
- Re: CVE request: pixelpost Raphael Geissert (Sep 17)