'[oss-security] CVE Request: Insecure Direct Object Reference in OSTicket (last versions availablle)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE Request: Insecure Direct Object Reference in OSTicket (last versions availablle)
From:       FÃ¡bio_Pires <fp () integrity ! pt>
Date:       2016-04-26 10:32:45
Message-ID: 602dadcb-a30f-30ff-d0e6-08d6936ab60a () integrity ! pt
[Download RAW message or body]

Hi,

Can i have a CVE ID assigned to this: "Insecure Direct Object Reference
in OSTicket attachments" ?

https://labs.integrity.pt/advisories/insecure-direct-object-reference-in-osticket-attachments/

References:

https://github.com/osTicket/osTicket-1.8/issues/2615
https://github.com/osTicket/osTicket-1.8/pull/2618

Regards


-- 

Fabio Pires
Pentesting Team

*INTEGRITY Portugal*

Av. JoÃ£o CrisÃ³stomo, 30 5 º
1050-127 | Lisboa* -* Portugal
Tel. +351 21 33 03 740 . Mob (+351) 93 65 50 016

www.integrity.pt <http://www.integrity.pt/> â www.keepitsecure24.com
<http://www.keepitsecure24.com/>


	

*INTEGRITY United Kingdom*

Suite 4B | 43 Berkeley Square

Mayfair, Westminster | London W1J 5FJ - UK





[Attachment #3 (multipart/related)]

[Attachment #5 (text/html)]

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p>Hi,<br>
      <br>
      Can i have a CVE ID assigned to this: "Insecure Direct Object
      Reference in OSTicket attachments" ?<br>
      <br>
      <a rel="nofollow"
href="https://labs.integrity.pt/advisories/insecure-direct-object-reference-in-osticket-attachme \
nts/">https://labs.integrity.pt/advisories/insecure-direct-object-reference-in-osticket-attachments/</a><br>
  <br>
      References:<br>
      <br>
      <a rel="nofollow"
        href="https://github.com/osTicket/osTicket-1.8/issues/2615">https://github.com/osTicket/osTicket-1.8/issues/2615</a><br>
  <a rel="nofollow"
        href="https://github.com/osTicket/osTicket-1.8/pull/2618">https://github.com/osTicket/osTicket-1.8/pull/2618</a><br>
  <br>
      Regards</p>
    <br>
    <div class="moz-signature">-- <br>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
      <p style="margin:0cm 0cm
        0.0001pt;font-size:8pt;font-family:Calibri,sans-serif">Fabio
        Pires<br>
        Pentesting Team <br>
        <br>
        <img src="cid:part4.59CA962C.C8E9CE96@integrity.pt"
          style="font-family: arial, sans-serif; font-size: 13px;"
          width="200" height="46"></p>
      <table style="border-collapse:collapse" border="0" cellpadding="0"
        cellspacing="0">
        <tbody>
          <tr style="min-height:47.3pt">
            <td style="width:224.45pt;padding:0cm
              5.4pt;min-height:47.3pt" valign="top" width="299">
              <p style="margin:0cm 0cm
                0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><b><span
                    style="font-size:8pt;font-family:Arial,sans-serif">INTEGRITY
                    Portugal</span></b></p>
              <p style="margin:0cm 0cm
                0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
                  style="font-size:8pt;font-family:Arial,sans-serif">Av.
                  João Crisóstomo, 30 5º<br>
                  1050-127 | Lisboa<b> -</b> Portugal<br>
                  Tel. <a value="+351217983106"
                    style="color:rgb(17,85,204)">+351 21 33 03 740</a> .
                  Mob <a value="+351962048113"
                    style="color:rgb(17,85,204)">(+351) 93 65 50 016</a></span></p>
              <p style="margin:0cm 0cm
                0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
                  style="font-size:8pt;font-family:Arial,sans-serif"><font
                    color="#0000ff"><a href="http://www.integrity.pt/"
                      style="color:rgb(17,85,204)" target="_blank">www.integrity.pt</a></font> \
– <font  color="#0000ff"><a
                      href="http://www.keepitsecure24.com/"
                      style="color:rgb(17,85,204)" target="_blank"><a \
class="moz-txt-link-abbreviated" \
href="http://www.keepitsecure24.com">www.keepitsecure24.com</a></a></font></span></p>  <p \
                style="margin:0cm 0cm
                0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
                  style="font-size:8pt;font-family:Arial,sans-serif"><br>
                </span></p>
            </td>
            <td style="width:224.45pt;padding:0cm
              5.4pt;min-height:47.3pt" valign="top" width="299">
              <p style="margin:0cm 0cm
                0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><b><span
                    style="font-size:8pt;font-family:Arial,sans-serif"
                    lang="EN-US">INTEGRITY United Kingdom</span></b></p>
              <p style="margin:0cm 0cm
                0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
                  style="font-size:8pt;font-family:Arial,sans-serif"
                  lang="EN-US">Suite 4B | 43 Berkeley Square</span></p>
              <p style="margin:0cm 0cm
                0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><span
                  style="font-size:8pt;font-family:Arial,sans-serif"
                  lang="EN-US">Mayfair, Westminster | London W1J 5FJ -
                  UK</span></p>
              <p style="margin:0cm 0cm
                0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><br>
              </p>
            </td>
          </tr>
        </tbody>
      </table>
    </div>
    <div><img src="cid:part9.8843E0B1.406B1F54@integrity.pt"><br>
    </div>
    <div><br>
    </div>
  </body>
</html>


["logo_integrity.png" (image/png)]
["logos.png" (image/png)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic