Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE-request: Multiple e107 vulnerabilities
From: Kurt Seifried <kseifrie () redhat com>
Date: Wed, 04 Jan 2012 00:02:48 -0700

On 01/03/2012 03:04 PM, Henri Salo wrote:
1) Multiple Script URI XSS
http://osvdb.org/show/osvdb/78047

2) e107_admin/users.php resend_name Parameter XSS
http://osvdb.org/show/osvdb/78048

3) User Signatures link BBCode XSS
http://osvdb.org/show/osvdb/78049
These 3 XSS vulns are being merged as per ADT4. Please use CVE-2011-4920
for these issues.
4) usersettings.php username Parameter SQL Injection
http://osvdb.org/show/osvdb/78050

Please use CVE-2011-4921 for this issue.

Secunia advisory: http://secunia.com/advisories/46706/

I do not know where to find SCM links. Secunia can probably help if needed.

- Henri Salo

http://e107.org/news.php?extend.885.2
http://e107.svn.sourceforge.net/viewvc/e107/

-- 

-- Kurt Seifried / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault