| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+FRxe=mPfwik-E6_L4xx83f7-m8f7wa--Vo7uGD+oTZ0WnEVg@mail.gmail.com> Date: Fri, 24 Aug 2012 20:19:07 -0500 From: beford <xbefordx@...il.com> To: bugs@...uritytracker.com, bugtraq@...urityfocus.com Subject: Chamilo 1.8.8.4 Multiple Vulnerabilities Chamilo 1.8.8.4 Multiple Vulnerabilities ======================== CVE: CVE-2012-4029 Issue: Reflected XSS PHP_SELF in third-party app, Stored XSS * PHP_SELF XSS http://chamilo-1.8.8.4/main/inc/lib/phpdocx/pdf/www/examples.php/'"><img src=404 onerror=alert(1) > * Stored XSS unfiltered input category_name http://chamilo/chamilo-1.8.8.4/main/dropbox/index.php?cidReq=LEETLANG&view=&action=addsentcategory CVE: CVE-2012-4030 Issue: Unauthorized file delete * Unauthorized file delete You have to be subscribed to the course and you can delete other users categories by bruteforcing the category ID. http://chamilo/chamilo-1.8.8.4/main/dropbox/index.php?cidReq=COURSEID&view_received_category=&view_sent_category=&view=&action=deletesentcategory&id=CATEGORYID Vendor: www.chamilo.org Vendor informed: Jul 16/2012 Vendor acknowledgement: Jul 16/2012 Fix Released Version 1.8.8.6 - Jul 20/2012
Powered by blists - more mailing lists