[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE id request: slash
From:       Steffen Joeris <steffen.joeris () skolelinux ! de>
Date:       2008-06-04 16:59:26
Message-ID: 200806050259.27141.steffen.joeris () skolelinux ! de
[Download RAW message or body]


Hi

> The Slashdote (also just known as Slash) vulnerability was an SQL
> injection. Its effect was to allow a user with no special authorization to
> read any information from any table the Slash site's mysql user was
> authorized to read (which may include other databases, including
> information_schema).
<snip>

CVE-2008-2231 from the debian pool was allocated to this as a reference.

Cheers
Steffen

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic