Re: [cacti-user] Demande d'informations

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

This version is obsolette use gitversion.

Please make an issue on github: https://github.com/Cacti/cacti

Regards
JK

On 08.03.2017 11:37, jer...@or... wrote:
> Hello,
>
> I am a student at the University of Lille, in France
> I begin my studies in network security.
> I have to present a vulnerability : CVE-2016-3172 (SQL Injection / tree.php) + CVE-2015-8604 (SQL Injection / graphs_new.php)
>
> For CVE-2015-8604 :
> http://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2015-8604
> http://www.openwall.com/lists/oss-security/2016/03/10/13
>
> Can you explain this vulnerability :
> - how to reproduce it ?
> - how to correct it?
> "The parameter parent_id is used without any validation."
>
> - Can you explain what the "parent_id" is, what is its function?
>
> - What is the impact ? An example ?
>
>
>
> I don't have access to cacti bug tracker :
>
> - Can you give me a copy of the cacti bug tracker :
>
> - Can you tell me, how this CVE was corrected ? The simple principle ?
>
>
>
> the same thing for CVE-2016-3172
>
> https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2016-3172
>
> thank you
>
> Cordialement
>
> [Logo Orange]<http://www.orange.com/>
>   Jérôme Strabach
> Analyste Qualité de fonctionnement du Réseaux Cœur Voix
> ORANGE/OF/DTSI/DERS/DR/DRM/VMI/CCI ET PERF
> Lyon Sévigné
> Mobile : +33 6 71 54 75 23 <https://monsi.sso.francetelecom.fr/index.asp?target=http%3A%2F%2Fclicvoice.sso.francetelecom.fr%2FClicvoiceV2%2FToolBar.do%3Faction%3Ddefault%26rootservice%3DSIGNATURE%26to%3D+33%206%2071%2054%2075%2023>
> jer...@or...<mailto:jer...@or...>
>
> [cid:image002.png@01D297FD.49A313F0]
>
>
> _________________________________________________________________________________________________________________________
>
> Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
> pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
> a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
> Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
>
> This message and its attachments may contain confidential or privileged information that may be protected by law;
> they should not be distributed, used or copied without authorisation.
> If you have received this email in error, please notify the sender and delete this message and its attachments.
> As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
> Thank you.
>
>
>
>
> ------------------------------------------------------------------------------
> Announcing the Oxford Dictionaries API! The API offers world-renowned
> dictionary content that is easy and intuitive to access. Sign up for an
> account today to start using our lexical data to power your apps and
> projects. Get started today and enter our developer competition.
> http://sdm.link/oxford
>
>
> _______________________________________________
> cacti-user mailing list
> cac...@li...
> https://lists.sourceforge.net/lists/listinfo/cacti-user

-- 
Jarosław Kłopotek
kom. 607 893 111
Interduo Ł. Bujek, J. Kłopotek, J. Sowa s.c.
ul. Lubelska 36B/40, 21-100 Lubartów
tel. 81 475 30 00