Hello, A vulnerability had been found in DM Database Server , but CVE IDs have not yet been assigned. Is it possible to assign CVE IDs for this issue as well? http://www.securityfocus.com/archive/1/511559/30/0/threaded
Hi Steve, Steven M. Christey wrote: > > On Wed, 26 May 2010, Josh Bressers wrote: > >>> [A], MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability >>> >>> http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html >>> >>> http://www.vupen.com/english/advisories/2010/1204 >>> >>> Credit: The vulnerability was discovered by Stefan Esser as part of >>> the SQL Injection Marathon. >>> >>> Upstream changeset: >>> http://svn.cacti.net/viewvc?view=rev&revision=5920 >> >> Steve, you've been handling the MOPS stuff. I'm going to leave this one >> alone unless you tell me otherwise (I don't want to dupe). > > Use CVE-2010-2092, to be filled in later today (with a bunch of other > MOPS issues). > > > [C], SQL injection and shell escaping issues reported by Bonsai Information Security (http://www.bonsai-sec.com) > [7] http://www.bonsai-sec.com/blog/index.php/using-grep-to-find-0days/ > [8] http://www.bonsai-sec.com/en/research/vulnerabilities/cacti-os-command-injection-0105.php >(Continue reading)
----- "Hanno Böck" <hanno@...> wrote: > http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html > > One XSS, one CSRF. > These seem clear enough: CVE-2010-1647 mediawiki 1.15.4 XSS CVE-2010-1648 mediawiki 1.15.4 CSRF Thanks. -- -- JB
----- "Hanno Böck" <hanno@...> wrote: > http://developer.joomla.org/security/news/314-20100501-core-xss- > vulnerabilities-in-back- > end.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla! > +Security+News%29 > > Description > > Back-end user can inject javascript in various administrator screens. > > Affected all versions below 1.5.18. > Please use CVE-2010-1649. Thanks. -- -- JB
----- "Sebastien Delafond" <seb@...> wrote: > Hi, > > there is a cross-scripting issue in zonecheck's CGI, up to version > 2.1.0 > (fixed upstream in 2.1.1): > > http://bugs.debian.org/583290 > https://savannah.nongnu.org/bugs/?29967 > http://www.xssed.com/mirror/61096/ > Please use CVE-2010-2052 Thanks. -- -- JB
Please use CVE-2010-2053.
Thanks.
--
JB
----- "Emilio Pozuelo Monfort" <pochu@...> wrote:
> Hi,
>
> I sent this to vendor-sec but got no response. I've been told to send
> it to
> oss-security, so here it goes.
>
> The fix is:
>
> --- emesene-1.6.1/emesenelib/ProfileManager.py 2010-03-29
> 22:27:23.000000000 +0200
> +++ emesene-1.6.2/emesenelib/ProfileManager.py 2010-05-26
> 21:51:32.000000000 +0200
> <at> <at> -208,16 +211,10 <at> <at> class ProfileManager(gobject.GObject):
> return False
> data = response.read()
> #print "DP:", len(data), stat, reas
> - if os.name == "nt":
> - tempfolder = os.environ['TEMP'] + os.sep + "emsnpic"
> - tempfolder = unicode(tempfolder)
> - else:
> - tempfolder = '/tmp/emsnpic'
(Continue reading)
----- "Nicolas Grégoire" <nicolas.gregoire@...> wrote: > Hi, > > SFCB v1.3.8 fixes two remotely exploitable vulnerabilities (3001896 and > 3001915 in httpAdapter.c) : > http://sblim.cvs.sourceforge.net/sblim/sfcb/ChangeLog?view=markup > > CVE-2010-1937 was privately assigned to entry 3001896 but I still don't > have a CVE id for 3001915. Could you please assign one before I release > the technical advisory ? > I presuem this is the bug: http://sourceforge.net/tracker/?func=detail&aid=3001915&group_id=128809&atid=712784 Please use CVE-2010-2054 Thanks. -- -- JB
----- "Shennan.Wang" <wsn1983@...> wrote: > Hello, > > A vulnerability had been found in DM Database Server , but CVE IDs > have not > yet been assigned. > Is it possible to assign CVE IDs for this issue as well? > > http://www.securityfocus.com/archive/1/511559/30/0/threaded This doesn't appear to be an Open Source product, which is outside the scope of this list. I shall defer this to MITRE. Thanks. -- -- JB
Please use CVE-2010-2055 for this.
Thanks.
--
JB
----- "Ludwig Nussel" <ludwig.nussel@...> wrote:
> Hi,
>
> ghostscript executes initialization files relative to the current
> directory. Unfortunately the -dSAFER option has no effect on those
> files. So when viewing a file e.g. in /tmp a local attacker could
> have the victim execute arbitrary postscript programs.
> Upstream suggested to use -P- in addition to -dSAFER. That however
> would mean every program using gs to render postscript has to be
> checked. So fixing ghostscripts default behavior might be easier for
> distributions.
> http://bugs.ghostscript.com/show_bug.cgi?id=691339
> http://www.securityfocus.com/archive/1/511433
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316
> https://bugzilla.novell.com/show_bug.cgi?id=608071
>
> In the Debian bug report Paul also mentiones that gv creates a
> temporary file in an insecure way:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316#10
>
> cu
> Ludwig
(Continue reading)
On Tue, 1 Jun 2010 14:41:41 -0400 (EDT), Josh Bressers wrote: > Please use CVE-2010-2055 for this. > [...] > > In the Debian bug report Paul also mentiones that gv creates a > > temporary file in an insecure way: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316#10 should the insecure temp file get its own id since it is rather different than the original problem? | I slightly wonder about the writing of the tmp file | open("/tmp/gv_random_some.pdf.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666) | from within gs (no O_EXCL so would follow a symlink allowing clobber). mike
RSS Feed155 | |
|---|---|
244 | |
237 | |
322 | |
214 | |
157 | |
186 | |
185 | |
232 | |
207 | |
150 | |
127 | |
235 | |
209 | |
292 | |
188 | |
333 | |
144 | |
239 | |
204 | |
133 | |
162 | |
258 | |
224 | |
155 | |
354 | |
319 | |
168 | |
149 | |
136 | |
187 | |
84 | |
175 | |
137 | |
117 | |
141 | |
115 | |
118 | |
122 | |
94 | |
72 | |
74 | |
105 | |
122 | |
102 | |
98 | |
84 | |
59 | |
96 | |
114 | |
75 | |
81 | |
89 | |
108 | |
127 | |
123 | |
127 | |
126 | |
149 | |
112 | |
136 | |
143 | |
103 | |
103 |
