Date: Wed, 30 Sep 2015 12:50:31 +0200 From: Alessandro Ghedini <alessandro@...dini.me> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE Request: cacti multiple SQL injections On Sat, Jul 18, 2015 at 07:31:21PM +0200, Alessandro Ghedini wrote: > Hi, > > CVE-2015-4634 was assigned for an SQL injection in cacti , but according to > the commit fixing it  several other SQL injections were also found: > > -bug#0002574: SQL Injection Vulnerabilitie in graph items and graph template items > http://bugs.cacti.net/view.php?id=0002574 > > -bug#0002579: SQL Injection Vulnerabilitie in data sources > http://bugs.cacti.net/view.php?id=0002579 > > -bug#0002580: SQL Injection in cdef.php > http://bugs.cacti.net/view.php?id=0002580 > > -bug#0002582: SQL Injection in data_templates.php > http://bugs.cacti.net/view.php?id=0002582 > > -bug#0002583: SQL Injection in graph_templates.php > http://bugs.cacti.net/view.php?id=0002583 > > -bug#0002584: SQL Injection in host_templates.php > http://bugs.cacti.net/view.php?id=0002584 > > Could CVEs be assigned for these issues as well? > > Thanks > >  http://bugs.cacti.net/view.php?id=0002577 >  http://svn.cacti.net/viewvc?view=rev&revision=7731 Re-ping? Cheers Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ