oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: CSRF in eXtplorer

From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 24 Jun 2012 23:15:58 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/23/2012 06:03 PM, Luciano Bello wrote:

John Leitch has discovered a CSRF vulnerability in eXtplorer: 
http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross- 
site.Request.Forgery_174.html

Can you please assign a CVE id to it?

Cheers, luciano


Does this affect any versions other than just 2.1 RC3?

# A cross-site request forgery vulnerability in eXtplorer 2.1 RC3 can be
# exploited to create a new admin.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP5/QOAAoJEBYNRVNeJnmT+ckQANr2mpLfaXlH9WAuXceoOzzn
ve2B609LhHyr0p+8KI4adqYxRN/pmxIIYVP9WPVftrBBqYmc4YxeDY3CkFNc7BLe
W0pkCQ39G2EUzTDqWAYp+IWNnFPVdjrmawUccmV2RvBZa5pE2qWclAUlqdkpwSMo
u8rpSSEra2b1C54XLxV18WqbmysceeYDsUBkK7Ma9rztk4RJ559392KFNYycnrWJ
/9yb5hzehnrJp0DnZ5cCyiUD+eMsI48YlWRQti8NS0rgMxOE5JgdwuTEdpCJzF1y
cndzjOkYidKUC9ABnLSbSb0AWxNeEhi4B6gh9J44IyyxqkKpcStoOukBJkguL0JU
+RmEscdPCkn1zAOWaF2zrXEiu7A+asEPzTX7jX3IJmPCO5nfwQYfLRDjXyaTZck6
9PNhfpFe2w8IAMW77NlFIN+CORI2VWz45K3i0zqTYBysqmGWb7jeljsur2vkG09p
1FgkRLH6iCspuiCV1g5BHcUqQW88lK+XgSh4wWT2FDSlPpoRTEX1p6cdKyGop+w5
2iY6nf+pPbSThbVHq4O+WwY+lIF7VIveVGrPx85BIttOBYMi9OV9Gz59UmvKeekS
dwSlho7NU6mkeuj/ta1Y0LL+VCNL4Er8hethsRuF7BKyJUOM6UpFVgwHKLyAnIsj
mDqJyK6wW2PPnQYheH7V
=PaP+
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: