Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAN00zFCCVEDG9dUK893by9GfAduRoEDSEmD+UMjLitF+gaxNNw@mail.gmail.com>
Date: Fri, 24 Aug 2012 12:04:06 +0200
From: Thomas Pollet <thomas.pollet@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: zenoss issues

Hi,

I have found that zenoss displays snmp output like syslocation unfiltered
in the web interface.
http://jira.zenoss.com/jira/browse/ZEN-3192
I suspect there are many more bugs in this package.

Regards,
Thomas

On 24 August 2012 09:33, Thomas Pollet <thomas.pollet@...il.com> wrote:

> Hello,
>
> I have found xss and command execution problems with zenoss. I created a
> bugreport which can be found at
> http://jira.zenoss.com/jira/browse/ZEN-3183 . However the zenoss
> developers don't seem to be able to reproduce the issues.
>
> Another issue, reported by Emanuel Bronshtein can be found at
> http://jira.zenoss.com/jira/browse/ZEN-3153
>
> Regards,
> Thomas Pollet
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.