oss-sec mailing list archives
Re: CVE request: PostfixAdmin SQL injections and XSS
From: Christian Boltz <oss-securrity () cboltz de>
Date: Fri, 27 Jan 2012 11:56:33 +0100
Hello, Am Donnerstag, 26. Januar 2012 schrieb Kurt Seifried:
Please use CVE-2012-0811 for PostfixAdmin 2.3.4 multiple SQL vulnerabilities
Please use CVE-2012-0812 for PostfixAdmin 2.3.4 multiple XSS vulnerabilities
Thanks. I forgot to mention a small, but important detail: The credits ;-) Credits go to Filippo Cavallarin <filippo.cavallarin [at] codseq [dot] it> for finding most of the vulnerabilities and notifying us. The only exception is - create-domain: fix SQL injection (only exploitable by superadmins) which was found by Matthias Bethke <msbethke [at] sourceforge [dot] net> Please add the credits to the CVEs. Gruß Christian Boltz -- Und jetzt sei ein lieber Hase und hoppel irgendwohin, wo man knuddelige, fluffige kleine Dinger wie Dich in den Arm nimmt und lieb hat. [Robin S. Socha - d.c.o.u.l.m.]
Current thread:
- CVE request: PostfixAdmin SQL injections and XSS Christian Boltz (Jan 26)
- Re: CVE request: PostfixAdmin SQL injections and XSS Kurt Seifried (Jan 26)
- Re: CVE request: PostfixAdmin SQL injections and XSS Christian Boltz (Jan 26)
- Re: CVE request: PostfixAdmin SQL injections and XSS Kurt Seifried (Jan 26)
- Re: CVE request: PostfixAdmin SQL injections and XSS Christian Boltz (Jan 27)
- Re: CVE request: PostfixAdmin SQL injections and XSS Christian Boltz (Jan 26)
- Re: CVE request: PostfixAdmin SQL injections and XSS Kurt Seifried (Jan 26)