Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 18 Jul 2015 19:31:21 +0200
From: Alessandro Ghedini <alessandro@...dini.me>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE Request: cacti multiple SQL injections

Hi,

CVE-2015-4634 was assigned for an SQL injection in cacti [0], but according to
the commit fixing it [1] several other SQL injections were also found:

-bug#0002574: SQL Injection Vulnerabilitie in graph items and graph template items
http://bugs.cacti.net/view.php?id=0002574

-bug#0002579: SQL Injection Vulnerabilitie in data sources
http://bugs.cacti.net/view.php?id=0002579

-bug#0002580: SQL Injection in cdef.php
http://bugs.cacti.net/view.php?id=0002580

-bug#0002582: SQL Injection in data_templates.php
http://bugs.cacti.net/view.php?id=0002582

-bug#0002583: SQL Injection in graph_templates.php
http://bugs.cacti.net/view.php?id=0002583

-bug#0002584: SQL Injection in host_templates.php
http://bugs.cacti.net/view.php?id=0002584

Could CVEs be assigned for these issues as well?

Thanks

[0] http://bugs.cacti.net/view.php?id=0002577
[1] http://svn.cacti.net/viewvc?view=rev&revision=7731

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.