Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 02 Mar 2013 19:31:35 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>, come2waraxe@...oo.com
Subject: Re: CVE request: PHP-Fusion waraxe-2013-SA#097

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/02/2013 05:02 PM, Henri Salo wrote:
> Hello list,
> 
> Can I get CVEs for vulnerabilities fixed in PHP-Fusion version
> 7.02.06, thanks.
> 
> http://www.waraxe.us/advisory-97.html waraxe-2013-SA#097

Ok grouped these into the 5 sets of vulns:

> 
> OSVDB ID    title 90714     PHP-Fusion /downloads.php orderby
> Parameter SQL Injection 90713     PHP-Fusion /forum/postedit.php
> delete_attach_* Parameter SQL Injection 90712     PHP-Fusion
> /forum/postnewthread.php poll_opts Parameter SQL Injection 90711
> PHP-Fusion /administration/settings_messages.php Multiple Parameter
> SQL Injection 90710     PHP-Fusion
> /administration/settings_photo.php Multiple Parameter SQL Injection
>  90709     PHP-Fusion /administration/bbcodes.php enable Parameter
> SQL Injection 90695     PHP-Fusion /administration/news.php
> Multiple Parameter SQL
Injection
> 90693     PHP-Fusion /administration/articles.php article_id
Parameter SQL Injection
> 90359     PHP-Fusion includes/classes/Authenticate.class.php
Multiple Cookie SQL Injection

Please use CVE-2013-1803 for these issues.

> 90708     PHP-Fusion /forum/viewthread.php highlight Parameter XSS
>  90707     PHP-Fusion /messages.php Multiple Parameter XSS 90706
> PHP-Fusion /infusions/shoutbox_panel/shoutbox_admin.php message
> Parameter XSS 90705     PHP-Fusion /administration/news.php message
> Parameter XSS 90704     PHP-Fusion /administration/panel_editor.php
> panel_list Parameter XSS 90703     PHP-Fusion
> /administration/phpinfo.php User-Agent HTTP Header XSS 90702
> PHP-Fusion /administration/bbcodes.php __BBCODE__ Parameter XSS 
> 90701     PHP-Fusion /administration/article_cats.php Multiple
> Parameter XSS 90700     PHP-Fusion
> /administration/download_cats.php Multiple Parameter XSS 90699
> PHP-Fusion /administration/news_cats.php Multiple Parameter XSS 
> 90698     PHP-Fusion /administration/weblink_cats.php Multiple
> Parameter XSS 90697     PHP-Fusion /administration/articles.php
> Multiple Parameter XSS

Please use CVE-2013-1804 for these issues.

> 90696     PHP-Fusion /administration/db_backup.php file Parameter
> Traversal Arbitrary File Deletion

Please use CVE-2013-1805 for these issues.

> 90694     PHP-Fusion /maincore.php user_theme Parameter Traversal
> Local File Inclusion 90692     PHP-Fusion
> /administration/user_fields.php enable Parameter Traversal Local
> File Inclusion

Please use CVE-2013-1806 for these issues.

> 90691     PHP-Fusion /administration/db_backup.php Database Backup
> Direct Request Information Disclosure

Please use CVE-2013-1807 for these issues.

> -- Henri Salo
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRMrYHAAoJEBYNRVNeJnmTCiwP/AnADFWBxSi7WZgdordsi2et
QxJEWJ6b20KCgDTTCNwrIkHgVuEptiLZBAdyb8vHGJH34s/2WOPBrb6cTybXhQMf
hgnjhRGOuk8i29Z8bG1eQxilfiyckmklLNITnfmWdSTI+o0ZwGNpxvfuE5lCCPMM
+T1gVp1GEx9+pbFTj9W3Ud/Rfozq4ESBqhG3gk1D5iG57yPKstpeS6m9HDMzD1ou
YVEH9QeqwUgxQHJ5EVV3ovs2zrHbNpoTOdS2Bqdm2P2xuQCXxwJQFquii9DC0FMb
HFdysguYxTBXBkFrV4YpPXGdpSGYkazsCb6WMjC7886FDOKH+LMZoDK5mY++sLr0
6AUtoc1L+X5KvpIrod2BUS4QMt4P6yJIndxkG+dvWUZWbjHReQjBwHNOtttnXRAd
vOpwxzu8rzxZVErentXXu+04nffcjaxPmnngoQCH6nwf+wwjyOdCqW0hnSopa6zm
RHp7X6kGuuXDUVELRI7seuUcCOnY2eCwlSe+rzMZZjtqlwovCW9Gpi0MhwK9YF1c
VXCVIi6jtJbFwPS9s5JKCaqV0hFyfvUi2gmuMehmAREtBGyMINX93i4lY2Kz8SId
bBQJH/hdpZsiAUZ295fbDuIEO9CvNKWOPm+cI7bujGh14deuBH48rlU62MhHlbbs
US+dX4d0lZe0DkK81o65
=KrvT
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.