Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 Jan 2016 10:20:23 +0100
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com, carnil@...ian.org
Cc: cve-assign@...re.org, elbrus@...ian.org
Subject: Re: Re: CVE Request: cacti: SQL injection
 vulnerability in graphs_new.php

Hello,

On 01/05/2016 12:58 AM, cve-assign@...re.org wrote:
> > Another SQL injection vulnerability via graphs_new.php in cacti was
> > found, reported to the bug http://bugs.cacti.net/view.php?id=2652
>
> http://bugs.cacti.net/view.php?id=2652 is CVE-2015-8604.

Check against a possible duplicate assignment with CVE-2015-8377?

http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt

https://bugzilla.redhat.com/show_bug.cgi?id=1291222
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8377


Andreas


-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)




Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ