Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CABNh_t+Bni9tghVxmb+-Z2qoYhiiSQFm0YAGGB0_u+OYLCWxfQ@mail.gmail.com>
Date: Sat, 11 May 2013 21:11:26 +0200
From: chevalier 3as <chevalier3as@...il.com>
To: oss-security@...ts.openwall.com
Cc: Florian HENRY <florian.henry@...n-concept.pro>
Subject: Re: CVE Request: Dolibarr - Multiple Vulnerabilities

I've failed to mention command injection, fix can be found here:

https://github.com/Dolibarr/dolibarr/commit/526a80dd202bbca396687a502d52c27e06e97fff



2013/5/11 chevalier 3as <chevalier3as@...il.com>

> Hello Kurt, Steve, All,
>
> I'd like to request a CVE for two vulnerabilties in Dolibarr 3.3 and 3.4:
>
> 1- SQL injection in 'pays' parameter, correction details can be found here:
>
>
> https://github.com/Dolibarr/dolibarr/commit/9427e32e2ed54c1a2bc519a88c057207836df489
>
> 2- XSS vulnerabilty in several parameters, correction details can be found
> here:
>
>
> https://github.com/Dolibarr/dolibarr/commit/8a90598b23e1b2689848187941f7a96b04907005
>
> Cheers,
> Alaeddine Mesbahi
>
>
>
>
>


-- 
Trust your Technolust

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.