Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Aug 2015 13:13:17 +0200
From: Alessandro Ghedini <alessandro@...dini.me>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: CVE Request: cacti multiple SQL injections

On Sat, Jul 18, 2015 at 07:31:21PM +0200, Alessandro Ghedini wrote:
> Hi,
> 
> CVE-2015-4634 was assigned for an SQL injection in cacti [0], but according to
> the commit fixing it [1] several other SQL injections were also found:
> 
> -bug#0002574: SQL Injection Vulnerabilitie in graph items and graph template items
> http://bugs.cacti.net/view.php?id=0002574
> 
> -bug#0002579: SQL Injection Vulnerabilitie in data sources
> http://bugs.cacti.net/view.php?id=0002579
> 
> -bug#0002580: SQL Injection in cdef.php
> http://bugs.cacti.net/view.php?id=0002580
> 
> -bug#0002582: SQL Injection in data_templates.php
> http://bugs.cacti.net/view.php?id=0002582
> 
> -bug#0002583: SQL Injection in graph_templates.php
> http://bugs.cacti.net/view.php?id=0002583
> 
> -bug#0002584: SQL Injection in host_templates.php
> http://bugs.cacti.net/view.php?id=0002584
> 
> Could CVEs be assigned for these issues as well?
> 
> Thanks
> 
> [0] http://bugs.cacti.net/view.php?id=0002577
> [1] http://svn.cacti.net/viewvc?view=rev&revision=7731

Ping?

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.