Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: PostfixAdmin SQL injections and XSS
From: Christian Boltz <oss-securrity () cboltz de>
Date: Fri, 27 Jan 2012 11:56:33 +0100


Am Donnerstag, 26. Januar 2012 schrieb Kurt Seifried:
Please use CVE-2012-0811 for PostfixAdmin 2.3.4 multiple SQL

Please use CVE-2012-0812 for PostfixAdmin 2.3.4 multiple XSS


I forgot to mention a small, but important detail: The credits ;-)

Credits go to 
    Filippo Cavallarin <filippo.cavallarin [at] codseq [dot] it> 
for finding most of the vulnerabilities and notifying us.

The only exception is 
    - create-domain: fix SQL injection (only exploitable by superadmins) 
which was found by Matthias Bethke <msbethke [at] sourceforge [dot] net>

Please add the credits to the CVEs.


Christian Boltz
Und jetzt sei ein lieber Hase und hoppel irgendwohin, wo man knuddelige,
fluffige kleine Dinger wie Dich in den Arm nimmt und lieb hat.
[Robin S. Socha - d.c.o.u.l.m.]

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]