oss-sec mailing list archives
Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 21 Nov 2011 14:59:47 -0700
On 11/21/2011 02:30 PM, Henri Salo wrote:
On Mon, Nov 21, 2011 at 02:23:49PM -0700, Kurt Seifried wrote:On 11/21/2011 10:53 AM, Henri Salo wrote:Can I get CVE-identifier for this issue: http://archives.neohapsis.com/archives/fulldisclosure/current/0112.html Other references: http://osvdb.org/show/osvdb/76933 http://osvdb.org/show/osvdb/76934 http://osvdb.org/show/osvdb/76932 http://secunia.com/advisories/46762/ Best regards, Henri SaloThere appear to be two separate issues here, can you confirm this? -- -Kurt Seifried / Red Hat Security Response TeamI think this needs three different CVE-identifiers. Here is a description from Secunia and the last item seems critical. 1) Input passed to the "from" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "page_no" parameter in recentchanges.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Ok merging these two issues (as per ADT4 specification) please use CVE-2011-4333 for this issue.
3) Input passed to the "userfile" POST parameter in edit.php is not properly verified before being used to upload files. This can be exploited to e.g. upload arbitrary PHP files with e.g. a ".gif" extension.
Please use CVE-2011-4334 for this issue.
Best regards, Henri Salo
-- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Henri Salo (Nov 21)
- Re: CVE-request: LabWiki <= 1.1 Multiple Vulnerabilities Kurt Seifried (Nov 21)