Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 04 Jan 2012 00:02:48 -0700
From: Kurt Seifried <kseifrie@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>
Subject: Re: CVE-request: Multiple e107 vulnerabilities

On 01/03/2012 03:04 PM, Henri Salo wrote:
> 1) Multiple Script URI XSS
> http://osvdb.org/show/osvdb/78047
>
> 2) e107_admin/users.php resend_name Parameter XSS
> http://osvdb.org/show/osvdb/78048
>
> 3) User Signatures link BBCode XSS
> http://osvdb.org/show/osvdb/78049
These 3 XSS vulns are being merged as per ADT4. Please use CVE-2011-4920
for these issues.
> 4) usersettings.php username Parameter SQL Injection
> http://osvdb.org/show/osvdb/78050

Please use CVE-2011-4921 for this issue.
>
> Secunia advisory: http://secunia.com/advisories/46706/
>
> I do not know where to find SCM links. Secunia can probably help if needed.
>
> - Henri Salo

http://e107.org/news.php?extend.885.2
http://e107.svn.sourceforge.net/viewvc/e107/

-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ