From: Jarosław K. - I. <jk...@in...> - 2017-03-08 12:46:57
|
This version is obsolette use gitversion. Please make an issue on github: https://github.com/Cacti/cacti Regards JK On 08.03.2017 11:37, jer...@or... wrote: > Hello, > > I am a student at the University of Lille, in France > I begin my studies in network security. > I have to present a vulnerability : CVE-2016-3172 (SQL Injection / tree.php) + CVE-2015-8604 (SQL Injection / graphs_new.php) > > For CVE-2015-8604 : > http://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2015-8604 > http://www.openwall.com/lists/oss-security/2016/03/10/13 > > Can you explain this vulnerability : > - how to reproduce it ? > - how to correct it? > "The parameter parent_id is used without any validation." > > - Can you explain what the "parent_id" is, what is its function? > > - What is the impact ? An example ? > > > > I don't have access to cacti bug tracker : > > - Can you give me a copy of the cacti bug tracker : > > - Can you tell me, how this CVE was corrected ? The simple principle ? > > > > the same thing for CVE-2016-3172 > > https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2016-3172 > > thank you > > Cordialement > > [Logo Orange]<http://www.orange.com/> > Jérôme Strabach > Analyste Qualité de fonctionnement du Réseaux Cœur Voix > ORANGE/OF/DTSI/DERS/DR/DRM/VMI/CCI ET PERF > Lyon Sévigné > Mobile : +33 6 71 54 75 23 <https://monsi.sso.francetelecom.fr/index.asp?target=http%3A%2F%2Fclicvoice.sso.francetelecom.fr%2FClicvoiceV2%2FToolBar.do%3Faction%3Ddefault%26rootservice%3DSIGNATURE%26to%3D+33%206%2071%2054%2075%2023> > jer...@or...<mailto:jer...@or...> > > [cid:image002.png@01D297FD.49A313F0] > > > _________________________________________________________________________________________________________________________ > > Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc > pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler > a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, > Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. > > This message and its attachments may contain confidential or privileged information that may be protected by law; > they should not be distributed, used or copied without authorisation. > If you have received this email in error, please notify the sender and delete this message and its attachments. > As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. > Thank you. > > > > > ------------------------------------------------------------------------------ > Announcing the Oxford Dictionaries API! The API offers world-renowned > dictionary content that is easy and intuitive to access. Sign up for an > account today to start using our lexical data to power your apps and > projects. Get started today and enter our developer competition. > http://sdm.link/oxford > > > _______________________________________________ > cacti-user mailing list > cac...@li... > https://lists.sourceforge.net/lists/listinfo/cacti-user -- Jarosław Kłopotek kom. 607 893 111 Interduo Ł. Bujek, J. Kłopotek, J. Sowa s.c. ul. Lubelska 36B/40, 21-100 Lubartów tel. 81 475 30 00 |