diff options
Diffstat (limited to 'zarb-ml/mageia-dev/attachments/20120409/ea181ca7')
| -rw-r--r-- | zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment-0001.html | 4 | ||||
| -rw-r--r-- | zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment.html | 4 |
2 files changed, 8 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment-0001.html b/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment-0001.html new file mode 100644 index 000000000..e453a5760 --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment-0001.html @@ -0,0 +1,4 @@ +ping?<br><br>在 2012年4月9日星期一,Funda Wang <<a href="mailto:fundawang@gmail.com">fundawang@gmail.com</a>> 写道:<br>> ping?<br>><br>> 2012/4/8 Funda Wang <<a href="mailto:fundawang@gmail.com">fundawang@gmail.com</a>>:<br> +>> Hello,<br>>><br>>> Could somebody pushing redmine 1.3.2 into cauldron?<br>>><br>>> Redmine before 1.3.2 does not properly restrict the use of a hash to<br>>> provide values for a model's attributes, which allows remote attackers<br> +>> to set attributes in the (1) Comment, (2) Document, (3) IssueCategory,<br>>> (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8)<br>>> Version, (9) Wiki, (10) UserPreference, or (11) Board model via a<br> +>> modified URL, related to a "mass assignment" vulnerability, a<br>>> different vulnerability than CVE-2012-0327.<br>>><br>>> Thanks.<br>> diff --git a/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment.html b/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment.html new file mode 100644 index 000000000..e453a5760 --- /dev/null +++ b/zarb-ml/mageia-dev/attachments/20120409/ea181ca7/attachment.html @@ -0,0 +1,4 @@ +ping?<br><br>在 2012年4月9日星期一,Funda Wang <<a href="mailto:fundawang@gmail.com">fundawang@gmail.com</a>> 写道:<br>> ping?<br>><br>> 2012/4/8 Funda Wang <<a href="mailto:fundawang@gmail.com">fundawang@gmail.com</a>>:<br> +>> Hello,<br>>><br>>> Could somebody pushing redmine 1.3.2 into cauldron?<br>>><br>>> Redmine before 1.3.2 does not properly restrict the use of a hash to<br>>> provide values for a model's attributes, which allows remote attackers<br> +>> to set attributes in the (1) Comment, (2) Document, (3) IssueCategory,<br>>> (4) MembersController, (5) Message, (6) News, (7) TimeEntry, (8)<br>>> Version, (9) Wiki, (10) UserPreference, or (11) Board model via a<br> +>> modified URL, related to a "mass assignment" vulnerability, a<br>>> different vulnerability than CVE-2012-0327.<br>>><br>>> Thanks.<br>> |