oss-sec mailing list archives

Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)

From: Henri Salo <henri () nerv fi>
Date: Fri, 27 Apr 2012 13:33:16 +0300

On Fri, Mar 23, 2012 at 09:09:30AM -0600, Kurt Seifried wrote:

On 03/23/2012 04:00 AM, Henri Salo wrote:

Can I get CVE-identifiers for these two security vulnerabilities?

http://osvdb.org/show/osvdb/78105 COMPASS-2012-001
http://osvdb.org/show/osvdb/78106 COMPASS-2012-002

- Henri Salo


I'm going to need some original vendor information (name, site, etc.).

-- 
Kurt Seifried Red Hat Security Response Team (SRT)


Finally I got response from the vendor. I tried via several different ways. Now Paco Avila kindly said he will collect 
the information, but it will take a while.

- Henri Salo

Current thread:

Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (Apr 27)
- <Possible follow-ups>
- Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Henri Salo (May 04)
  - Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) Kurt Seifried (May 04)