Bug#531735: SA35311: OCS Inventory NG "systemid" SQL Injection Vulnerability

Pierre Chifflier ha scritto: > I fully agree, but you should quote correctly : > > --8<- > Additionally, this injection does not work here: > http://xxx.xxx.xxx.xxx/ocsreports/download.php?n=1&dl=2&o=3&v=4%27union+all+select+concat(id, > %27:%27,passwd)+from+operators%23 > --8<

Bug#531735: SA35311: OCS Inventory NG "systemid" SQL Injection Vulnerability

On Wednesday 17 June 2009 15:25:57 Giuseppe Iuculano wrote: > Hi Pierre, > > Pierre Chifflier ha scritto: > > I closed the bug because the advisory [1] stated 1.02 while Lenny > > version is 1.01. > > This doesn't imply that 1.01 isn't affected. > I fully agree, but you should quote correctly : -

Bug#531735: SA35311: OCS Inventory NG "systemid" SQL Injection Vulnerability

Hi Pierre, Pierre Chifflier ha scritto: > I closed the bug because the advisory [1] stated 1.02 while Lenny > version is 1.01. This doesn't imply that 1.01 isn't affected. Cheers, Giuseppe. signature.asc Description: OpenPGP digital signature

Bug#531735: SA35311: OCS Inventory NG "systemid" SQL Injection Vulnerability

On Wed, 17 Jun 2009, Pierre Chifflier wrote: > On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote: > > Pierre, > > > > The bug in download.php is still there in lenny, why did you close > > the bug? > > Hi James, > > I closed the bug because the advisory [1] stated 1.02 while Lenny > ve

Bug#531735: SA35311: OCS Inventory NG "systemid" SQL Injection Vulnerability

On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote: > Pierre, > > The bug in download.php is still there in lenny, why did you close > the bug? Hi James, I closed the bug because the advisory [1] stated 1.02 while Lenny version is 1.01. Additionally, this injection does not work here: ht

Bug#531735: SA35311: OCS Inventory NG "systemid" SQL Injection Vulnerability

Pierre, The bug in download.php is still there in lenny, why did you close the bug? -- # TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \ # UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best | [ "There's nobody getting rich writing

Bug#531735: SA35311: OCS Inventory NG "systemid" SQL Injection Vulnerability

fixed 531735 1.02.1-1 tags 531735 lenny patch thanks Giuseppe Iuculano ha scritto: > The vulnerability is confirmed in version 1.02.1. Other versions may also be > affected. This was wrong, 1.02.1 is not vulnerable. Patch: http://ocsinventory.svn.sourceforge.net/viewvc/ocsinventory?view=rev&rev

Bug#531735: SA35311: OCS Inventory NG "systemid" SQL Injection Vulnerability

Package: ocsinventory-server Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, The following SA (Secunia Advisory) id was published for OCS Inventory NG: SA35311[0]: Description: Nico Leidecker has discovered a vulnerability in OCS Inventory NG, which can be