Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 30 Sep 2015 12:50:31 +0200
From: Alessandro Ghedini <alessandro@...dini.me>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE Request: cacti multiple SQL injections

On Sat, Jul 18, 2015 at 07:31:21PM +0200, Alessandro Ghedini wrote:
> Hi,
> 
> CVE-2015-4634 was assigned for an SQL injection in cacti [0], but according to
> the commit fixing it [1] several other SQL injections were also found:
> 
> -bug#0002574: SQL Injection Vulnerabilitie in graph items and graph template items
> http://bugs.cacti.net/view.php?id=0002574
> 
> -bug#0002579: SQL Injection Vulnerabilitie in data sources
> http://bugs.cacti.net/view.php?id=0002579
> 
> -bug#0002580: SQL Injection in cdef.php
> http://bugs.cacti.net/view.php?id=0002580
> 
> -bug#0002582: SQL Injection in data_templates.php
> http://bugs.cacti.net/view.php?id=0002582
> 
> -bug#0002583: SQL Injection in graph_templates.php
> http://bugs.cacti.net/view.php?id=0002583
> 
> -bug#0002584: SQL Injection in host_templates.php
> http://bugs.cacti.net/view.php?id=0002584
> 
> Could CVEs be assigned for these issues as well?
> 
> Thanks
> 
> [0] http://bugs.cacti.net/view.php?id=0002577
> [1] http://svn.cacti.net/viewvc?view=rev&revision=7731

Re-ping?

Cheers

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ