lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <4F378887-E697-44E7-976C-48B9B7475C4D@apache.org>
Date: Sun, 15 Apr 2012 15:34:02 +0200
From: Jacopo Cappellato <jacopoc@...che.org>
To: security@...che.org, Ofbiz User ML <user@...iz.apache.org>,
  dev@...iz.apache.org, full-disclosure@...ts.grok.org.uk,
  bugtraq@...urityfocus.com
Cc: mmadou@...com
Subject: [CVE-2012-1622] Apache OFBiz information disclosure vulnerability

CVE-2012-1622: Apache OFBiz 10.04 and later allows remote attackers to execute arbitrary code via unspecified vectors

Severity: Critical

Vendor:
The Apache Software Foundation - Apache OFBiz

======Versions Affected======

Apache OFBiz 10.04 (also known as 10.04.01)

======Description======

Apache OFBiz 10.04 and later allows remote attackers to execute arbitrary code via unspecified vectors

====== Mitigation======

10.04 users should upgrade to 10.04.02

======Credit======

This issue was discovered by Jacopo Cappellato, Apache OFBiz project
Download attachment "signature.asc" of type "application/pgp-signature" (842 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ