Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 14 Feb 2015 10:29:48 -0500 (EST)
From: cve-assign@...re.org
To: steffen.roesemann1986@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Use CVE-2015-1603 for both XSS issues.

Use CVE-2015-1604 for the "upload arbitrary files" issue.

The available information doesn't suggest that any of the behavior
would typically be considered a separate CSRF vulnerability. There is
no CVE ID for Landsknecht Adminsystems CSRF.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU32mXAAoJEKllVAevmvmsCW8H/jyeFJ4gGAF99n0lkRoocR4x
VKVXjxIHa30xj/L6385pgon4rh5SYydABYsHQR2dN+090POwo8Pi7ZDvCXVu78gG
zwpPSZJpdKvusRUaRfUh66pCKsYsiw0S7D/rWf/5ICZWPRBlQbuAKyZeR3cBlD7l
NxzwpuWsPo4qPoFc//+r7M7UTjm619UjTvFHdV8cv+VTXwCYwDKRY6ivFU5cemoF
rL41HnMIRRzjEytfWJTRtKdFDLAf5+EtqdNlEPWPrm6kLv6BME4Xq3TGi07zbSkI
Q8Uhm5+bcEYKmb7WjiPfxabMDbd0YIWhuskWIciJNOI5pyJRVAqnKBDjJIANYKE=
=w6LF
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ