oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE requests: IO::Socket::SSL, cakephp, collectd, gnash, ocrodjvu, hypermail, libcloud, piwigo

From: Raphael Geissert <geissert () debian org>
Date: Wed, 12 Jan 2011 21:01:09 -0600
Josh Bressers wrote:
[...]

Steve, can MITRE take the one below. It's quite large and I don't have
time to do it right now. Thanks.


piwigo:
a1) CSRF
a2) SQL injection
a3) stored XSS
http://secunia.com/advisories/41365/
http://piwigo.org/releases/2.1.3
http://www.exploit-db.com/exploits/14973/
(the issues mentioned by the exploit-db entry appear to be the same
that
were fixed in 2.1.3)
b) search.php SQL injection
http://secunia.com/advisories/38305/
http://piwigo.org/releases/2.0.8
c) CSRF in the admin panel:
http://secunia.com/advisories/37681/
http://www.exploit-db.com/exploits/10417
(the exploit-db entry details two other issues, but are "admin-only"
-- feel
free to assign or ignore those.)



Ping.

Not urgent, but I saw them again on the list of issues without ids on our 
tracker.

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Previous By Date Next
Previous By Thread Next

Current thread: