oss-sec mailing list archives
Re: CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 09 Jul 2012 21:43:24 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/09/2012 04:47 PM, Henri Salo wrote:
Hello, Can you assign 2012 CVE-identifier for Basilic 1.5.14 diff.php remote code execution vulnerability, thanks. Bugtraq ID: 54234 Announcement: http://seclists.org/bugtraq/2012/Jul/1 Verification: http://seclists.org/bugtraq/2012/Jul/42 Example URL: http://www.example.com/basilic/Config/diff.php?file=%26cat%20/etc/passwd&new=1&old=2
Metasploit PoC: http://downloads.securityfocus.com/vulnerabilities/exploits/54234.rb
OSVDB guys could you create item for this issue. Thank you :) - Henri Salo
Please use CVE-2012-3399 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJP+6TcAAoJEBYNRVNeJnmT9/MP/0K1Y+MhOtdBVRFTaxayUrGa LJ0DrnhY81fdEUPy9r5mwFe+aqKDZJ8JrT+nyI1n4Mn6uknTdAPetl97V4kM8iir XSAlanRETxWzX9fVLmHo/CZBrpoKU6kpXanZZLPi3iVuZF++zXugV+knmZDz+MVg QYLK/sHu2iQMlx8EG5IHFNC8YLLSv++ept/6bbHnMN24b8lnhe64ePdkRFLXBe/N +r4b7z1V6jZTwH4RLGMJruPsoXA2EroiJCwOLjyo/rv+Hp6XfQoKp2it+T4wu/kK gAxb/6bmvw6dlBk/ccvCIIDUReD52tfdyZ39kTstZqc7KQwYKrDgj8t07VXbbxDx 8qz5goHZJwbLM4GyKeUpj0kGa0geAZzJlvxZKvT7v14WYf4suFcUaoT8+IZt8Pmq WjmISuGQOBgPYcMLjYE1sE8WTlJhe///8LABT4gROsBYyljb4N29DiydMimF0x/f BOrkzlYuFaSfs6Pco8E7tkBNpzp5rFctef4QIQdO6K1nAZJ7Ovigq+gh9QVeIh1M e9575CNotVUO1bYY+x48y370zbe8J+HKxhx3yM3i7jFPVwRKE0Pn+vkAxxoyb6GY PTHxIWAFvr82qXWdqnLvR4MQ4Evm0HeF+TdjKQidXWQMQFYvVyp1yxt76EZUMGwc Fk9yOwA7LAw7U/A15/rI =UFYv -----END PGP SIGNATURE-----
Current thread:
- CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability Henri Salo (Jul 09)
- Re: CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability Kurt Seifried (Jul 09)