oss-sec mailing list archives
CVE request: Zenphoto waraxe-2012-SA#096
From: Henri Salo <henri () nerv fi>
Date: Thu, 11 Jul 2013 01:01:18 +0300
Can I get 2012 CVE identifiers for multiple issues in Zenphoto, thanks. Maybe we can only use one ID for easiness. Advisory URL: http://www.waraxe.us/advisory-96.html Author: Janek Vind "waraxe" Affected versions: Zenphoto 1.4.3.3 and older Patched version: Zenphoto 1.4.3.4 Release advisory: http://www.zenphoto.org/news/zenphoto-1.4.3.4 http://secunia.com/advisories/50799/ http://www.securelist.com/en/advisories/50799 http://osvdb.org/87016 Zenphoto zp-core/zp-extensions/GoogleMap/m.php data Parameter XSS http://osvdb.org/87017 Zenphoto zp-core/zp-extensions/tiny_mce/config/zenpage-default-full.js.php locale Parameter XSS http://osvdb.org/87018 Zenphoto zp-core/zp-extensions/cloneZenphoto/cloneTab.php Multiple Parameter XSS http://osvdb.org/87019 Zenphoto zp-core/admin-tags.php tagsort Parameter XSS http://osvdb.org/87020 Zenphoto zp-core/admin-users.php error Parameter XSS http://osvdb.org/87021 Zenphoto zp-core/admin-thumbcrop.php Multiple Parameter XSS http://osvdb.org/87022 Zenphoto zp-core/admin-comments.php ndeleted Parameter XSS http://osvdb.org/87023 Zenphoto zp-core/zp-extensions/tiny_mce/plugins/tinyzenpage/js/dialog.php album Parameter XSS http://osvdb.org/87024 Zenphoto zp-core/admin-upload.php Multiple Parameter XSS http://osvdb.org/87025 Zenphoto Database Backup Direct Request Remote Information Disclosure http://osvdb.org/87026 Zenphoto zp-core/zp-extensions/uploader_flash/check.php Arbitrary File Enumeration http://osvdb.org/87027 Zenphoto zp-core/zp-extensions/search_statistics.php X_FORWARDED_FOR HTTP Header SQL Injection http://osvdb.org/87028 Zenphoto zp-core/zp-extensions/failed_access_blocker.php X_FORWARDED_FOR HTTP Header SQL Injection http://osvdb.org/87029 Zenphoto zp-core/zp-extensions/federated_logon/Verisign_logon.php redirect Parameter XSS http://osvdb.org/87030 Zenphoto zp-core/zp-extensions/federated_logon/OpenID_logon.php Multiple Parameter XSS http://osvdb.org/87031 Zenphoto zp-core/admin-functions.php File Upload PHP Code Execution http://osvdb.org/87032 Zenphoto zp-core/zp-extensions/uploader_jQuery/uploader.php File Upload PHP Code Execution http://osvdb.org/87033 Zenphoto getUserIP() Function X_FORWARDED_FOR HTTP Header IP Address Spoofing Weakness Please note that CVE-2012-4519 has been assigned to issue http://osvdb.org/85899 in mailing list thread http://www.openwall.com/lists/oss-security/2012/10/11/4 --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: Zenphoto waraxe-2012-SA#096 Henri Salo (Jul 10)