Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE-request: NGS00109 remote code execution in ImpressPages CMS
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 18 Jan 2012 14:59:26 -0700

On 01/15/2012 08:58 AM, Henri Salo wrote:
This issue does not have CVE assigned. If I am correct this needs CVE from 2011 pool as original advisory was done in 
http://seclists.org/bugtraq/2011/Sep/156 but details came in http://seclists.org/bugtraq/2012/Jan/28

Vendor url: http://www.impresspages.org/news/impresspages-1-0-13-security-release/
Secunia: http://secunia.com/advisories/46193/
OSVDB: http://osvdb.org/show/osvdb/75783

eval() is evil()

- Henri Salo
It was known as a security vuln in 2011, to 2011 CVE. Had it been
silently slipped out as an update but no info that it was security
related then it might warrant a 2012 CVE. Please use CVE-2011-4932 for
this issue.


-- Kurt Seifried / Red Hat Security Response Team

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]