[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: PostfixAdmin SQL injections and XSS
From: Christian Boltz <oss-securrity () cboltz ! de>
Date: 2012-01-27 10:56:33
Message-ID: 2035741.oIHJTl3Sd1 () tux ! boltz ! de ! vu
[Download RAW message or body]
Hello,
Am Donnerstag, 26. Januar 2012 schrieb Kurt Seifried:
> Please use CVE-2012-0811 for PostfixAdmin 2.3.4 multiple SQL
> vulnerabilities
> Please use CVE-2012-0812 for PostfixAdmin 2.3.4 multiple XSS
> vulnerabilities
Thanks.
I forgot to mention a small, but important detail: The credits ;-)
Credits go to
Filippo Cavallarin <filippo.cavallarin [at] codseq [dot] it>
for finding most of the vulnerabilities and notifying us.
The only exception is
- create-domain: fix SQL injection (only exploitable by superadmins)
which was found by Matthias Bethke <msbethke [at] sourceforge [dot] net>
Please add the credits to the CVEs.
Gruß
Christian Boltz
--
Und jetzt sei ein lieber Hase und hoppel irgendwohin, wo man knuddelige,
fluffige kleine Dinger wie Dich in den Arm nimmt und lieb hat.
[Robin S. Socha - d.c.o.u.l.m.]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic