| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <FDEFA90D-1064-456F-924E-FAC13E6F1B7A@dbappsecurity.com.cn> Date: Tue, 9 Jun 2015 17:25:17 +0800 From: "xin.wang" <xin.wang@...ppsecurity.com.cn> To: fulldisclosure@...lists.org Subject: [FD] [CVE-2015-4342]SQL Injection and Location header injection from cdef id ############################################################################# # # DBAPPSECURITY LIMITED http://www.dbappsecurity.com.cn/ # ############################################################################# # # CVE ID: CVE-2015-4342 # Product: cacti # Subject: SQL Injection and Location header injection from cdef id # Author: unhex # Date: June 9th 2015 # ############################################################################# The following issue has been RESOLVED. ====================================================================== http://bugs.cacti.net/view.php?id=2571 ====================================================================== Reported By: unhex Assigned To: rony ====================================================================== Project: Cacti Issue ID: 2571 Category: Database Reproducibility: always Severity: feature Priority: normal Status: resolved Resolution: fixed Fixed in Version: 0.8.8d ====================================================================== Date Submitted: 2015-06-02 23:39 EDT Last Modified: 2015-06-08 11:51 EDT ====================================================================== Summary: SQL Injection and Location header injection from cdef id Description: I found the security vulnerability.U can receive the attachment. ====================================================================== ---------------------------------------------------------------------- (0006864) rony (administrator) - 2015-06-08 11:51 http://bugs.cacti.net/view.php?id=2571#c6864 ---------------------------------------------------------------------- Issue resolved. Issue History Date Modified Username Field Change ====================================================================== 2015-06-02 23:39 unhex New Issue 2015-06-03 02:30 Linegod Status new => assigned 2015-06-03 02:30 Linegod Assigned To => cigamit 2015-06-06 07:26 unhex Note Added: 0006863 2015-06-08 11:48 rony Assigned To cigamit => rony 2015-06-08 11:49 rony Fixed in Version => 0.8.8d 2015-06-08 11:49 rony Summary a security vulnerability => SQL Injection and Location header injection from cdef id 2015-06-08 11:51 rony Note Added: 0006864 2015-06-08 11:51 rony Status assigned => resolved 2015-06-08 11:51 rony Resolution open => fixed ====================================================================== _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists