From: Alex de O. S. <en...@ho...> - 2007-01-24 12:44:55
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 luci aka Lukas Masek escreveu: > On Wednesday, 24 of January 2007 1:11 pm, Alex de Oliveira Silva > wrote: >> Could you please check if tikiwiki version 1.9.7 is affected by >> CVE-2006-6457? Method to trigger this same bug is to pass a value that's too long - tiki-wiki_rss.php?ver=-65535 can be negative or positive, the webapp pukes the same info. >> >> In addition, tiki-wiki_rss.php may suffer from an XSS >> vulnerability (the affected site claims to run the 1.0 CVS >> version, though): >> >> http://tikiwiki/tiki-wiki_rss.php?ver=555555555%3Cb%3E22362623external >> link >> >> Thank you in advanced. >> >> >> >> regards, > > no idea what is CVE-2006-6457 and the URL is invalid > > luci http://"some url"/tiki-wiki_rss.php?ver=555555555%3Cb%3E22362623external - -- .''`. : :' : Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFt1SLarbczl+z12gRAhgVAJsHzkF/QDrWINV2odSDn+b69AgYDgCgzouM G4d7Sv5Fw2HIDwp9KoJe8bc= =Sv4q -----END PGP SIGNATURE----- |