Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: LetoDMS, more issues
From: Raphael Geissert <geissert () debian org>
Date: Tue, 30 Oct 2012 13:28:09 -0600

On Friday 05 October 2012 23:11:36 Raphael Geissert wrote:
Hi,

Some more issues were fixed in LetoDMS...

* Fixed in 3.3.8
Multiple XSS:
http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/inc/
inc.ClassUI.php?r1=930&r2=929&pathrev=930
http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/out
/out.DocumentNotify.php?r1=934&r2=933&pathrev=934 (and a few others
scattered in multiple other commits)
Missing CSRF protection (all part of the same thing):
http://mydms.svn.sourceforge.net/viewvc/mydms?view=revision&revision=927
http://mydms.svn.sourceforge.net/viewvc/mydms?view=revision&revision=915
http://mydms.svn.sourceforge.net/viewvc/mydms?view=revision&revision=914
http://mydms.svn.sourceforge.net/viewvc/mydms?view=revision&revision=907
(and possibly some others...)

* Fixed in 3.3.9
Multiple XSS in out/out.UsrMgr.php:
http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/out/
out.UsrMgr.php?r1=979&r2=978&pathrev=979 Regression in the above patch
(fixed after the release of 3.3.9):
http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/out
/out.UsrMgr.php?r1=982&r2=981&pathrev=982

LetoDMS Core:
* Fixed in 3.3.8:
SQL injection:
http://mydms.svn.sourceforge.net/viewvc/mydms/branches/letoDMS-3.3.x/Leto
DMS_Core/Core/inc.ClassDMS.php?r1=929&r2=928&pathrev=929

Could CVE ids be assigned please?

Thanks,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]