Pierre Chifflier ha scritto:
> I fully agree, but you should quote correctly :
>
> --8<-
> Additionally, this injection does not work here:
> http://xxx.xxx.xxx.xxx/ocsreports/download.php?n=1&dl=2&o=3&v=4%27union+all+select+concat(id,
> %27:%27,passwd)+from+operators%23
> --8<
On Wednesday 17 June 2009 15:25:57 Giuseppe Iuculano wrote:
> Hi Pierre,
>
> Pierre Chifflier ha scritto:
> > I closed the bug because the advisory [1] stated 1.02 while Lenny
> > version is 1.01.
>
> This doesn't imply that 1.01 isn't affected.
>
I fully agree, but you should quote correctly :
-
Hi Pierre,
Pierre Chifflier ha scritto:
> I closed the bug because the advisory [1] stated 1.02 while Lenny
> version is 1.01.
This doesn't imply that 1.01 isn't affected.
Cheers,
Giuseppe.
signature.asc
Description: OpenPGP digital signature
On Wed, 17 Jun 2009, Pierre Chifflier wrote:
> On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote:
> > Pierre,
> >
> > The bug in download.php is still there in lenny, why did you close
> > the bug?
>
> Hi James,
>
> I closed the bug because the advisory [1] stated 1.02 while Lenny
> ve
On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote:
> Pierre,
>
> The bug in download.php is still there in lenny, why did you close
> the bug?
Hi James,
I closed the bug because the advisory [1] stated 1.02 while Lenny
version is 1.01.
Additionally, this injection does not work here:
ht
Pierre,
The bug in download.php is still there in lenny, why did you close the bug?
--
# TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here will do \
# UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best |
[ "There's nobody getting rich writing
fixed 531735 1.02.1-1
tags 531735 lenny patch
thanks
Giuseppe Iuculano ha scritto:
> The vulnerability is confirmed in version 1.02.1. Other versions may also be
> affected.
This was wrong, 1.02.1 is not vulnerable.
Patch:
http://ocsinventory.svn.sourceforge.net/viewvc/ocsinventory?view=rev&rev
Package: ocsinventory-server
Severity: serious
Tags: security
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The following SA (Secunia Advisory) id was published for OCS Inventory NG:
SA35311[0]:
Description:
Nico Leidecker has discovered a vulnerability in OCS Inventory NG, which can be
8 matches
Mail list logo