Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 3 Mar 2013 02:02:20 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: come2waraxe@...oo.com
Subject: CVE request: PHP-Fusion waraxe-2013-SA#097

Hello list,

Can I get CVEs for vulnerabilities fixed in PHP-Fusion version 7.02.06, thanks.

http://www.waraxe.us/advisory-97.html waraxe-2013-SA#097

OSVDB ID    title
90714     PHP-Fusion /downloads.php orderby Parameter SQL Injection
90713     PHP-Fusion /forum/postedit.php delete_attach_* Parameter SQL Injection 
90712     PHP-Fusion /forum/postnewthread.php poll_opts Parameter SQL Injection 
90711     PHP-Fusion /administration/settings_messages.php Multiple Parameter SQL Injection 
90710     PHP-Fusion /administration/settings_photo.php Multiple Parameter SQL Injection 
90709     PHP-Fusion /administration/bbcodes.php enable Parameter SQL Injection 
90708     PHP-Fusion /forum/viewthread.php highlight Parameter XSS 
90707     PHP-Fusion /messages.php Multiple Parameter XSS 
90706     PHP-Fusion /infusions/shoutbox_panel/shoutbox_admin.php message Parameter XSS 
90705     PHP-Fusion /administration/news.php message Parameter XSS 
90704     PHP-Fusion /administration/panel_editor.php panel_list Parameter XSS 
90703     PHP-Fusion /administration/phpinfo.php User-Agent HTTP Header XSS
90702     PHP-Fusion /administration/bbcodes.php __BBCODE__ Parameter XSS 
90701     PHP-Fusion /administration/article_cats.php Multiple Parameter XSS 
90700     PHP-Fusion /administration/download_cats.php Multiple Parameter XSS 
90699     PHP-Fusion /administration/news_cats.php Multiple Parameter XSS 
90698     PHP-Fusion /administration/weblink_cats.php Multiple Parameter XSS 
90697     PHP-Fusion /administration/articles.php Multiple Parameter XSS 
90696     PHP-Fusion /administration/db_backup.php file Parameter Traversal Arbitrary File Deletion 
90695     PHP-Fusion /administration/news.php Multiple Parameter SQL Injection 
90694     PHP-Fusion /maincore.php user_theme Parameter Traversal Local File Inclusion
90693     PHP-Fusion /administration/articles.php article_id Parameter SQL Injection 
90692     PHP-Fusion /administration/user_fields.php enable Parameter Traversal Local File Inclusion
90691     PHP-Fusion /administration/db_backup.php Database Backup Direct Request Information Disclosure
90359     PHP-Fusion includes/classes/Authenticate.class.php Multiple Cookie SQL Injection

--
Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.