Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 11 Jul 2013 01:01:18 +0300
From: Henri Salo <>
Subject: CVE request: Zenphoto waraxe-2012-SA#096

Can I get 2012 CVE identifiers for multiple issues in Zenphoto, thanks. Maybe we
can only use one ID for easiness.

Advisory URL:
Author: Janek Vind "waraxe"
Affected versions: Zenphoto and older
Patched version: Zenphoto
Release advisory: Zenphoto zp-core/zp-extensions/GoogleMap/m.php data Parameter XSS Zenphoto zp-core/zp-extensions/tiny_mce/config/zenpage-default-full.js.php locale Parameter XSS Zenphoto zp-core/zp-extensions/cloneZenphoto/cloneTab.php Multiple Parameter XSS Zenphoto zp-core/admin-tags.php tagsort Parameter XSS Zenphoto zp-core/admin-users.php error Parameter XSS Zenphoto zp-core/admin-thumbcrop.php Multiple Parameter XSS Zenphoto zp-core/admin-comments.php ndeleted Parameter XSS Zenphoto zp-core/zp-extensions/tiny_mce/plugins/tinyzenpage/js/dialog.php album Parameter XSS Zenphoto zp-core/admin-upload.php Multiple Parameter XSS Zenphoto Database Backup Direct Request Remote Information Disclosure Zenphoto zp-core/zp-extensions/uploader_flash/check.php Arbitrary File Enumeration Zenphoto zp-core/zp-extensions/search_statistics.php X_FORWARDED_FOR HTTP Header SQL Injection Zenphoto zp-core/zp-extensions/failed_access_blocker.php X_FORWARDED_FOR HTTP Header SQL Injection Zenphoto zp-core/zp-extensions/federated_logon/Verisign_logon.php redirect Parameter XSS Zenphoto zp-core/zp-extensions/federated_logon/OpenID_logon.php Multiple Parameter XSS Zenphoto zp-core/admin-functions.php File Upload PHP Code Execution Zenphoto zp-core/zp-extensions/uploader_jQuery/uploader.php File Upload PHP Code Execution Zenphoto getUserIP() Function X_FORWARDED_FOR HTTP Header IP Address Spoofing Weakness

Please note that CVE-2012-4519 has been assigned to issue
in mailing list thread

Henri Salo

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.