oss-sec mailing list archives
SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 18 Jul 2013 14:25:19 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This was brought to my attention by Jay Turla <shipcodez () gmail com>, after some searching I found: http://bot24.blogspot.ca/2013/04/swfupload-object-injectioncsrf.html and after testing (it works). So please use: CVE-2013-4144 swfupload KedAns-Dz object injection CVE-2013-4145 swfupload KedAns-Dz XSS CVE-2013-4146 swfupload KedAns-Dz CSRF Also alerting WordPress. Remember folks, if you spot a security advisory in the wild without a CVE, tell us so we can tag and release it and track it more easily! And also get it fixed. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR6E8vAAoJEBYNRVNeJnmTcFcP/331rP9zHHtFlZtodHLOnJrt PQHM9Y5Bz3pjyClyR/W8nrCN8yxxbRGjFlTZrFcv2GW4rob1cwaFT6aKD3ZArGMV cVa6h7B1DkApGcCFFrdLWP7bnc96qusylT8t79jLQ0RO0iVLPAz2THXfWpa5qNAt ypk34nka0sXXNNsXpdDoyiNgVxqrHuiDbBMqQ5BDWqmmyTVtDVlICo9ZOnHxXQGx FQFxCPXWgI4KkhzOX2VrwIvdw/k9I3xGsuEAV0+TFM1dKeZdLg5/GMIWr9avxL/d DNyWiYiWYhk5wDupnf9jkAu1LIOEwnr68gn1MiKs28Va4nj7yTcdraacCJrS6JeN O+Vtg/zpnNDmSK8Uoa1PxBXQf3DLQ+Yyg9HG/PNf1htihp9nSAfW09sfNCkODJ05 2IOWOTc0qmjl9DXArPdhxPC4b6/AJYoOvXTHeb/9H1rlVqHV/NcAlf7mQ+MVd/R4 OKoscdmPO/flfxbWeo4XRj9MHAfjC17kRBXe2o3U7vgc2v77Y64puF2JTHMzRvq+ g6LN4t12l6lih5mBo+o1V8DqCM9Bcp810mcCSVqutHyfSn4LsSCNn9YcZRug9stq laRaZ7HVSl3JqT+7mEN7KJObbLe7O6+3s+RRpQo1K+7DZ2WBrEN95JEX3ywIIyNj XPvOw5EpxiBigLoP1US5 =oiie -----END PGP SIGNATURE-----
Current thread:
- SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Reed Loden (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 19)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)