oss-sec mailing list archives
Re: CVE request: pixelpost
From: Josh Bressers <bressers () redhat com>
Date: Fri, 17 Sep 2010 14:23:37 -0400 (EDT)
----- "Raphael Geissert" <geissert () debian org> wrote:
Multiple vulnerabilities have been reported against pixelpost: 1) A CSRF vulnerability allows changes to some settings (PoC allows changing the administrator's password.) [1]
Please use CVE-2010-3305
2) SQL injection [2]
CVE-2009-4899
3) XSS [2]
CVE-2009-4900
2) and 3) are from 2009, so I guess we are going to need some help from Steven for those ones. The only information about those is [3] which has some other changes. [1] http://www.exploit-db.com/exploits/15014/ [2] http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/ [3] http://pastie.textmate.org/616485
Thanks. -- JB
Current thread:
- CVE request: pixelpost Raphael Geissert (Sep 16)
- Re: CVE request: pixelpost Josh Bressers (Sep 17)
- Re: CVE request: pixelpost Raphael Geissert (Sep 17)