|
Message-ID: <20130710220118.GD9874@kludge.henri.nerv.fi>
Date: Thu, 11 Jul 2013 01:01:18 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE request: Zenphoto waraxe-2012-SA#096
Can I get 2012 CVE identifiers for multiple issues in Zenphoto, thanks. Maybe we
can only use one ID for easiness.
Advisory URL: http://www.waraxe.us/advisory-96.html
Author: Janek Vind "waraxe"
Affected versions: Zenphoto 1.4.3.3 and older
Patched version: Zenphoto 1.4.3.4
Release advisory: http://www.zenphoto.org/news/zenphoto-1.4.3.4
http://secunia.com/advisories/50799/
http://www.securelist.com/en/advisories/50799
http://osvdb.org/87016 Zenphoto zp-core/zp-extensions/GoogleMap/m.php data Parameter XSS
http://osvdb.org/87017 Zenphoto zp-core/zp-extensions/tiny_mce/config/zenpage-default-full.js.php locale Parameter XSS
http://osvdb.org/87018 Zenphoto zp-core/zp-extensions/cloneZenphoto/cloneTab.php Multiple Parameter XSS
http://osvdb.org/87019 Zenphoto zp-core/admin-tags.php tagsort Parameter XSS
http://osvdb.org/87020 Zenphoto zp-core/admin-users.php error Parameter XSS
http://osvdb.org/87021 Zenphoto zp-core/admin-thumbcrop.php Multiple Parameter XSS
http://osvdb.org/87022 Zenphoto zp-core/admin-comments.php ndeleted Parameter XSS
http://osvdb.org/87023 Zenphoto zp-core/zp-extensions/tiny_mce/plugins/tinyzenpage/js/dialog.php album Parameter XSS
http://osvdb.org/87024 Zenphoto zp-core/admin-upload.php Multiple Parameter XSS
http://osvdb.org/87025 Zenphoto Database Backup Direct Request Remote Information Disclosure
http://osvdb.org/87026 Zenphoto zp-core/zp-extensions/uploader_flash/check.php Arbitrary File Enumeration
http://osvdb.org/87027 Zenphoto zp-core/zp-extensions/search_statistics.php X_FORWARDED_FOR HTTP Header SQL Injection
http://osvdb.org/87028 Zenphoto zp-core/zp-extensions/failed_access_blocker.php X_FORWARDED_FOR HTTP Header SQL Injection
http://osvdb.org/87029 Zenphoto zp-core/zp-extensions/federated_logon/Verisign_logon.php redirect Parameter XSS
http://osvdb.org/87030 Zenphoto zp-core/zp-extensions/federated_logon/OpenID_logon.php Multiple Parameter XSS
http://osvdb.org/87031 Zenphoto zp-core/admin-functions.php File Upload PHP Code Execution
http://osvdb.org/87032 Zenphoto zp-core/zp-extensions/uploader_jQuery/uploader.php File Upload PHP Code Execution
http://osvdb.org/87033 Zenphoto getUserIP() Function X_FORWARDED_FOR HTTP Header IP Address Spoofing Weakness
Please note that CVE-2012-4519 has been assigned to issue http://osvdb.org/85899
in mailing list thread http://www.openwall.com/lists/oss-security/2012/10/11/4
---
Henri Salo
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.