Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Thu, 12 Jun 2008 09:55:50 +0200 (CEST)
From: "Thijs Kinkhorst" <thijs@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE id request: TYPO3-20080611-1: Multiple vulnerabilities in 
     TYPO3 Core

Hi,

Does anyone already have a CVE id, or could I get one (probably two)
assigned for, the following TYPO3 security announcement:

http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

Vulnerability #1: Default value of fileDenyPattern allows arbitrary code
execution on Apache
Vulnerability #2: fe_adminlib.inc allows Cross Site Scripting


cheers,
Thijs

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux