[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request -- Cacti v0.8.7 -- three security
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2010-05-27 19:41:35
Message-ID: Pine.GSO.4.64.1005271535370.6392 () faron ! mitre ! org
[Download RAW message or body]
On Wed, 26 May 2010, Josh Bressers wrote:
>> [A], MOPS-2010-023: Cacti Graph Viewer SQL Injection Vulnerability
>> http://php-security.org/2010/05/13/mops-2010-023-cacti-graph-viewer-sql-injection-vulnerability/index.html
>> http://www.vupen.com/english/advisories/2010/1204
>>
>> Credit: The vulnerability was discovered by Stefan Esser as part of
>> the SQL Injection Marathon.
>>
>> Upstream changeset:
>> http://svn.cacti.net/viewvc?view=rev&revision=5920
>
> Steve, you've been handling the MOPS stuff. I'm going to leave this one
> alone unless you tell me otherwise (I don't want to dupe).
Use CVE-2010-2092, to be filled in later today (with a bunch of other MOPS
issues).
>> [C], SQL injection and shell escaping issues reported by Bonsai
>> Information Security (http://www.bonsai-sec.com)
Josh assigned CVE-2010-1645 for the OS command issue.
The SQL injection that Jan is referring to in the original request is most
likely CVE-2010-1431, which was disclosed by Bonsai back in April.
- Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic