oss-sec mailing list archives
Re: CVE request: CSRF in eXtplorer
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 24 Jun 2012 23:15:58 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/23/2012 06:03 PM, Luciano Bello wrote:
John Leitch has discovered a CSRF vulnerability in eXtplorer: http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross- site.Request.Forgery_174.html Can you please assign a CVE id to it? Cheers, luciano
Does this affect any versions other than just 2.1 RC3? # A cross-site request forgery vulnerability in eXtplorer 2.1 RC3 can be # exploited to create a new admin. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP5/QOAAoJEBYNRVNeJnmT+ckQANr2mpLfaXlH9WAuXceoOzzn ve2B609LhHyr0p+8KI4adqYxRN/pmxIIYVP9WPVftrBBqYmc4YxeDY3CkFNc7BLe W0pkCQ39G2EUzTDqWAYp+IWNnFPVdjrmawUccmV2RvBZa5pE2qWclAUlqdkpwSMo u8rpSSEra2b1C54XLxV18WqbmysceeYDsUBkK7Ma9rztk4RJ559392KFNYycnrWJ /9yb5hzehnrJp0DnZ5cCyiUD+eMsI48YlWRQti8NS0rgMxOE5JgdwuTEdpCJzF1y cndzjOkYidKUC9ABnLSbSb0AWxNeEhi4B6gh9J44IyyxqkKpcStoOukBJkguL0JU +RmEscdPCkn1zAOWaF2zrXEiu7A+asEPzTX7jX3IJmPCO5nfwQYfLRDjXyaTZck6 9PNhfpFe2w8IAMW77NlFIN+CORI2VWz45K3i0zqTYBysqmGWb7jeljsur2vkG09p 1FgkRLH6iCspuiCV1g5BHcUqQW88lK+XgSh4wWT2FDSlPpoRTEX1p6cdKyGop+w5 2iY6nf+pPbSThbVHq4O+WwY+lIF7VIveVGrPx85BIttOBYMi9OV9Gz59UmvKeekS dwSlho7NU6mkeuj/ta1Y0LL+VCNL4Er8hethsRuF7BKyJUOM6UpFVgwHKLyAnIsj mDqJyK6wW2PPnQYheH7V =PaP+ -----END PGP SIGNATURE-----
Current thread:
- CVE request: CSRF in eXtplorer Luciano Bello (Jun 23)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 24)
- Re: CVE request: CSRF in eXtplorer Moritz Muehlenhoff (Jun 25)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 27)
- Re: CVE request: CSRF in eXtplorer Luciano Bello (Jun 26)
- Re: CVE request: CSRF in eXtplorer Moritz Muehlenhoff (Jun 25)
- Re: CVE request: CSRF in eXtplorer Kurt Seifried (Jun 24)