|
Message-ID: <20130303000220.GA5591@kludge.henri.nerv.fi>
Date: Sun, 3 Mar 2013 02:02:20 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Cc: come2waraxe@...oo.com
Subject: CVE request: PHP-Fusion waraxe-2013-SA#097
Hello list,
Can I get CVEs for vulnerabilities fixed in PHP-Fusion version 7.02.06, thanks.
http://www.waraxe.us/advisory-97.html waraxe-2013-SA#097
OSVDB ID title
90714 PHP-Fusion /downloads.php orderby Parameter SQL Injection
90713 PHP-Fusion /forum/postedit.php delete_attach_* Parameter SQL Injection
90712 PHP-Fusion /forum/postnewthread.php poll_opts Parameter SQL Injection
90711 PHP-Fusion /administration/settings_messages.php Multiple Parameter SQL Injection
90710 PHP-Fusion /administration/settings_photo.php Multiple Parameter SQL Injection
90709 PHP-Fusion /administration/bbcodes.php enable Parameter SQL Injection
90708 PHP-Fusion /forum/viewthread.php highlight Parameter XSS
90707 PHP-Fusion /messages.php Multiple Parameter XSS
90706 PHP-Fusion /infusions/shoutbox_panel/shoutbox_admin.php message Parameter XSS
90705 PHP-Fusion /administration/news.php message Parameter XSS
90704 PHP-Fusion /administration/panel_editor.php panel_list Parameter XSS
90703 PHP-Fusion /administration/phpinfo.php User-Agent HTTP Header XSS
90702 PHP-Fusion /administration/bbcodes.php __BBCODE__ Parameter XSS
90701 PHP-Fusion /administration/article_cats.php Multiple Parameter XSS
90700 PHP-Fusion /administration/download_cats.php Multiple Parameter XSS
90699 PHP-Fusion /administration/news_cats.php Multiple Parameter XSS
90698 PHP-Fusion /administration/weblink_cats.php Multiple Parameter XSS
90697 PHP-Fusion /administration/articles.php Multiple Parameter XSS
90696 PHP-Fusion /administration/db_backup.php file Parameter Traversal Arbitrary File Deletion
90695 PHP-Fusion /administration/news.php Multiple Parameter SQL Injection
90694 PHP-Fusion /maincore.php user_theme Parameter Traversal Local File Inclusion
90693 PHP-Fusion /administration/articles.php article_id Parameter SQL Injection
90692 PHP-Fusion /administration/user_fields.php enable Parameter Traversal Local File Inclusion
90691 PHP-Fusion /administration/db_backup.php Database Backup Direct Request Information Disclosure
90359 PHP-Fusion includes/classes/Authenticate.class.php Multiple Cookie SQL Injection
--
Henri Salo
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.