Date: Mon, 19 May 2014 03:04:55 -0400 (EDT) From: cve-assign@...re.org To: mattd@...fuzz.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE requests / advisory: TeamPass <= 2.1.19 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > All the issues are found in TeamPass versions <= 2.1.19, and all were > reported by myself. Here are the CVE IDs for your discoveries. The commits mentioned in your original message have many other changes that are unrelated to your discoveries. Those other changes are not within the scope of any of these CVE IDs. If any of those changes should be interpreted as vulnerability fixes, one or more additional CVE IDs may be assigned. > Issue #1: File execution protection bypass via language path injection Use CVE-2014-3771. > Issue #2: File execution protection bypass via incorrect use of > session variables Use CVE-2014-3772. > Issue #3: Multiple SQL injection vectors in sources/main.queries.php > Issue #4: Multiple SQL injection vectors in sources/datatable/*; and > datatable.logs.php (in the root directory, *not* in > sources/datatable directory) Use CVE-2014-3773 for issues 3 and 4. > Issue #5: Multiple XSS vectors in items.php Use CVE-2014-3774. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTeazMAAoJEKllVAevmvms4h0H/RbumrESu6O9eS2pUJIvgkow 1oPUsqVY7WmXa/Uam5Irq27bM3f3Nt1WVgc3Fn5U7v5hXVjI7PPD9guIIN8tFado eTpjbyuVgHXeKfukESvIgbFQHrGvvlcYDGtS3MRBIPpXSEutqtlsFIHZHRzmqhWO roHNH2/u4dmLfPs14VV5/2iLBExBRQ1m3ZptWXGR3CL0RCAimYlYbdTTj6U6c0Ks CGumIGZDUFDSfMkjV+R3AHSP0QdMquq0sMWTVAKOUk5N9l8rAF3SDuHFJtBGJ0jR jz/5JzEsUPb8cAAi36tR6pwE+QtW2+hvrA4I+7W2YKG03HySlwQmWI9qLJ24D78= =jjpO -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ