Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 27 Jan 2012 11:56:33 +0100
From: Christian Boltz <oss-securrity@...ltz.de>
To: Kurt Seifried <kseifried@...hat.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: CVE request: PostfixAdmin SQL injections and XSS

Hello,

Am Donnerstag, 26. Januar 2012 schrieb Kurt Seifried:
> Please use CVE-2012-0811 for PostfixAdmin 2.3.4 multiple SQL
> vulnerabilities

> Please use CVE-2012-0812 for PostfixAdmin 2.3.4 multiple XSS
> vulnerabilities

Thanks.

I forgot to mention a small, but important detail: The credits ;-)

Credits go to 
    Filippo Cavallarin <filippo.cavallarin [at] codseq [dot] it> 
for finding most of the vulnerabilities and notifying us.

The only exception is 
    - create-domain: fix SQL injection (only exploitable by superadmins) 
which was found by Matthias Bethke <msbethke [at] sourceforge [dot] net>

Please add the credits to the CVEs.


Gruß

Christian Boltz
-- 
Und jetzt sei ein lieber Hase und hoppel irgendwohin, wo man knuddelige,
fluffige kleine Dinger wie Dich in den Arm nimmt und lieb hat.
[Robin S. Socha - d.c.o.u.l.m.]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ