oss-sec mailing list archives
Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws
From: Reed Loden <reed () reedloden com>
Date: Thu, 18 Jul 2013 23:35:53 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 19 Jul 2013 00:27:37 -0600 Kurt Seifried <kseifried () redhat com> wrote:
So to confirm: CVE-2013-4144 swfupload KedAns-Dz object injection CVE-2013-4145 duplicate of CVE-2012-3414 CVE-2013-4146 swfupload KedAns-Dz CSRF and we're good?
Where's the CSRF vuln? I see XSS but not a separate CSRF issue... ~reed -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlHo3kkACgkQa6IiJvPDPVrqKwCguY8KtcZGDqCuHeUkukowdPRL VPkAoIXHGK0UoRgJStAMsDbbMT8CHA9q =bV1g -----END PGP SIGNATURE-----
Current thread:
- SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Kurt Seifried (Jul 18)
- Re: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Reed Loden (Jul 18)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 19)
- RE: Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Christey, Steven M. (Jul 18)
- Re: SWFUpload <= (Object Injection/CSRF) Vulnerabilities Multiple flaws Andrew Nacin (Jul 18)