Date: Wed, 04 Jan 2012 00:02:48 -0700 From: Kurt Seifried <kseifrie@...hat.com> To: oss-security@...ts.openwall.com CC: Henri Salo <henri@...v.fi> Subject: Re: CVE-request: Multiple e107 vulnerabilities On 01/03/2012 03:04 PM, Henri Salo wrote: > 1) Multiple Script URI XSS > http://osvdb.org/show/osvdb/78047 > > 2) e107_admin/users.php resend_name Parameter XSS > http://osvdb.org/show/osvdb/78048 > > 3) User Signatures link BBCode XSS > http://osvdb.org/show/osvdb/78049 These 3 XSS vulns are being merged as per ADT4. Please use CVE-2011-4920 for these issues. > 4) usersettings.php username Parameter SQL Injection > http://osvdb.org/show/osvdb/78050 Please use CVE-2011-4921 for this issue. > > Secunia advisory: http://secunia.com/advisories/46706/ > > I do not know where to find SCM links. Secunia can probably help if needed. > > - Henri Salo http://e107.org/news.php?extend.885.2 http://e107.svn.sourceforge.net/viewvc/e107/ -- -- Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.