oss-sec mailing list archives
Re: CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 09 Mar 2012 23:18:15 -0700
On 03/09/2012 01:47 AM, Henri Salo wrote:
Can I get CVE-identifier for this security vulnerability, thank you. Advisory: http://seclists.org/bugtraq/2012/Jan/127 http://osvdb.org/show/osvdb/78473 http://www.securityfocus.com/bid/51576 Discovered and vendor informed: 2011-12-19 Vendor ack: 2011-12-20 Disclosure and exploit: 2012-01-19 Does this get 2011 or 2012 ID? - Henri Salo
Generally public disclosure otherwise we get to play insane "when did this become a security issue philosophy games", plus pragmatically public issue = known = can assign a CVE =). Please use CVE-2012-1153 for this issue. -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution Henri Salo (Mar 09)
- Re: CVE-request: appRain CMF uploadify.php File Upload Remote PHP Code Execution Kurt Seifried (Mar 09)