Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Feb 2012 13:48:25 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Mateusz Goik <mateusz.goik@...antsoft.pl>,
        RafaƂ Malinowski <rafal.przemyslaw.malinowski@...il.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Mariusz Fik <fisiu@...nsuse.org>,
        Radoslaw Lisowski <radoslaw.lisowski@...il.com>, kontakt@...antsoft.pl
Subject: Re: Re: CVE Status Clarification / Request -- kadu:
 Stored XSS by parsing contact's status and sms messages in history

On 02/27/2012 09:13 AM, Mateusz Goik wrote:
> Sorry. Tested on kadu 0.11.0..
> 
> Mateusz Goik.
> 
> On 02/27/2012 05:11 PM, Mateusz Goik wrote:
>> Hi,
>>
>> I would add it is possible - read / create files on users hdd. (using
>> the method - GET / PUT)
>> Tested on Backtrack 5 r1 (kadu 0.10.0 - compiled from source).
>>
>> Mateusz Goik

Can you post a summary of the vulnerabilities and the affected
version(s)? I'm sort of confused on this.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.