Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4F03F998.3040505@redhat.com>
Date: Wed, 04 Jan 2012 00:02:48 -0700
From: Kurt Seifried <kseifrie@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>
Subject: Re: CVE-request: Multiple e107 vulnerabilities

On 01/03/2012 03:04 PM, Henri Salo wrote:
> 1) Multiple Script URI XSS
> http://osvdb.org/show/osvdb/78047
>
> 2) e107_admin/users.php resend_name Parameter XSS
> http://osvdb.org/show/osvdb/78048
>
> 3) User Signatures link BBCode XSS
> http://osvdb.org/show/osvdb/78049
These 3 XSS vulns are being merged as per ADT4. Please use CVE-2011-4920
for these issues.
> 4) usersettings.php username Parameter SQL Injection
> http://osvdb.org/show/osvdb/78050

Please use CVE-2011-4921 for this issue.
>
> Secunia advisory: http://secunia.com/advisories/46706/
>
> I do not know where to find SCM links. Secunia can probably help if needed.
>
> - Henri Salo

http://e107.org/news.php?extend.885.2
http://e107.svn.sourceforge.net/viewvc/e107/

-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.