Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Oct 2012 23:11:36 -0500
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: LetoDMS, more issues

Hi,

Some more issues were fixed in LetoDMS...

* Fixed in 3.3.8
Multiple XSS:
http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/inc/inc.ClassUI.php?r1=930&r2=929&pathrev=930
http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/out/out.DocumentNotify.php?r1=934&r2=933&pathrev=934
(and a few others scattered in multiple other commits)
Missing CSRF protection (all part of the same thing):
http://mydms.svn.sourceforge.net/viewvc/mydms?view=revision&revision=927
http://mydms.svn.sourceforge.net/viewvc/mydms?view=revision&revision=915
http://mydms.svn.sourceforge.net/viewvc/mydms?view=revision&revision=914
http://mydms.svn.sourceforge.net/viewvc/mydms?view=revision&revision=907
(and possibly some others...)

* Fixed in 3.3.9
Multiple XSS in out/out.UsrMgr.php: 
http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/out/out.UsrMgr.php?r1=979&r2=978&pathrev=979
Regression in the above patch (fixed after the release of 3.3.9):
http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/out/out.UsrMgr.php?r1=982&r2=981&pathrev=982

LetoDMS Core:
* Fixed in 3.3.8:
SQL injection:
http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/LetoDMS_Core/Core/inc.ClassDMS.php?r1=929&r2=928&pathrev=929

etc

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.