Date: Fri, 4 May 2012 10:32:41 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based) On Fri, Mar 23, 2012 at 09:09:30AM -0600, Kurt Seifried wrote: > On 03/23/2012 04:00 AM, Henri Salo wrote: > > Can I get CVE-identifiers for these two security vulnerabilities? > > > > http://osvdb.org/show/osvdb/78105 COMPASS-2012-001 > > http://osvdb.org/show/osvdb/78106 COMPASS-2012-002 > > > > - Henri Salo > > I'm going to need some original vendor information (name, site, etc.). > > -- > Kurt Seifried Red Hat Security Response Team (SRT) Hello Kurt and list, I received following information from Paco Avila from OpenKM. I hope this clarifies things. "OpenKM Permission Weakness Admin Privilege Escalation" COMPASS-2012-001 / OSVDB:78105 / SA47424: Diff: AuthServlet.diff Issue tracker: http://issues.openkm.com/view.php?id=1973 "OpenKM Arbitrary Admin User Creation CSRF" COMPASS-2012-002 / OSVDB:78106 / SA47420: Diff: scripting.diff Issue tracker: http://issues.openkm.com/view.php?id=1750 - Henri Salo View attachment "AuthServlet.diff" of type "text/x-diff" (8743 bytes) View attachment "scripting.diff" of type "text/x-diff" (3551 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ