Date: Sat, 11 May 2013 21:11:26 +0200 From: chevalier 3as <chevalier3as@...il.com> To: oss-security@...ts.openwall.com Cc: Florian HENRY <florian.henry@...n-concept.pro> Subject: Re: CVE Request: Dolibarr - Multiple Vulnerabilities I've failed to mention command injection, fix can be found here: https://github.com/Dolibarr/dolibarr/commit/526a80dd202bbca396687a502d52c27e06e97fff 2013/5/11 chevalier 3as <chevalier3as@...il.com> > Hello Kurt, Steve, All, > > I'd like to request a CVE for two vulnerabilties in Dolibarr 3.3 and 3.4: > > 1- SQL injection in 'pays' parameter, correction details can be found here: > > > https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836df489 > > 2- XSS vulnerabilty in several parameters, correction details can be found > here: > > > https://github.com/Dolibarr/dolibarr/commit/8a90598b23e1b2689848187941f7a96b04907005 > > Cheers, > Alaeddine Mesbahi > > > > > -- Trust your Technolust
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.