|
Message-ID: <4FE7F40E.8040407@redhat.com> Date: Sun, 24 Jun 2012 23:15:58 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Luciano Bello <luciano@...ian.org> Subject: Re: CVE request: CSRF in eXtplorer -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/23/2012 06:03 PM, Luciano Bello wrote: > John Leitch has discovered a CSRF vulnerability in eXtplorer: > http://www.autosectools.com/Advisories/eXtplorer.2.1.RC3_Cross- > site.Request.Forgery_174.html > > Can you please assign a CVE id to it? > > Cheers, luciano Does this affect any versions other than just 2.1 RC3? # A cross-site request forgery vulnerability in eXtplorer 2.1 RC3 can be # exploited to create a new admin. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP5/QOAAoJEBYNRVNeJnmT+ckQANr2mpLfaXlH9WAuXceoOzzn ve2B609LhHyr0p+8KI4adqYxRN/pmxIIYVP9WPVftrBBqYmc4YxeDY3CkFNc7BLe W0pkCQ39G2EUzTDqWAYp+IWNnFPVdjrmawUccmV2RvBZa5pE2qWclAUlqdkpwSMo u8rpSSEra2b1C54XLxV18WqbmysceeYDsUBkK7Ma9rztk4RJ559392KFNYycnrWJ /9yb5hzehnrJp0DnZ5cCyiUD+eMsI48YlWRQti8NS0rgMxOE5JgdwuTEdpCJzF1y cndzjOkYidKUC9ABnLSbSb0AWxNeEhi4B6gh9J44IyyxqkKpcStoOukBJkguL0JU +RmEscdPCkn1zAOWaF2zrXEiu7A+asEPzTX7jX3IJmPCO5nfwQYfLRDjXyaTZck6 9PNhfpFe2w8IAMW77NlFIN+CORI2VWz45K3i0zqTYBysqmGWb7jeljsur2vkG09p 1FgkRLH6iCspuiCV1g5BHcUqQW88lK+XgSh4wWT2FDSlPpoRTEX1p6cdKyGop+w5 2iY6nf+pPbSThbVHq4O+WwY+lIF7VIveVGrPx85BIttOBYMi9OV9Gz59UmvKeekS dwSlho7NU6mkeuj/ta1Y0LL+VCNL4Er8hethsRuF7BKyJUOM6UpFVgwHKLyAnIsj mDqJyK6wW2PPnQYheH7V =PaP+ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.