Bug#531735: SA35311: OCS Inventory NG systemid SQL Injection Vulnerability

On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote: Pierre, The bug in download.php is still there in lenny, why did you close the bug? Hi James, I closed the bug because the advisory [1] stated 1.02 while Lenny version is 1.01. Additionally, this injection does not work here:

Bug#531735: SA35311: OCS Inventory NG systemid SQL Injection Vulnerability

On Wed, 17 Jun 2009, Pierre Chifflier wrote: On Wednesday 17 June 2009 05:27:49 James Andrewartha wrote: Pierre, The bug in download.php is still there in lenny, why did you close the bug? Hi James, I closed the bug because the advisory [1] stated 1.02 while Lenny version is

Bug#531735: SA35311: OCS Inventory NG systemid SQL Injection Vulnerability

Hi Pierre, Pierre Chifflier ha scritto: I closed the bug because the advisory [1] stated 1.02 while Lenny version is 1.01. This doesn't imply that 1.01 isn't affected. Cheers, Giuseppe. signature.asc Description: OpenPGP digital signature

Bug#531735: SA35311: OCS Inventory NG systemid SQL Injection Vulnerability

On Wednesday 17 June 2009 15:25:57 Giuseppe Iuculano wrote: Hi Pierre, Pierre Chifflier ha scritto: I closed the bug because the advisory [1] stated 1.02 while Lenny version is 1.01. This doesn't imply that 1.01 isn't affected. I fully agree, but you should quote correctly :

Bug#531735: SA35311: OCS Inventory NG systemid SQL Injection Vulnerability

Pierre Chifflier ha scritto: I fully agree, but you should quote correctly : --8- Additionally, this injection does not work here: http://xxx.xxx.xxx.xxx/ocsreports/download.php?n=1dl=2o=3v=4%27union+all+select+concat(id, %27:%27,passwd)+from+operators%23

Bug#531735: SA35311: OCS Inventory NG systemid SQL Injection Vulnerability

Pierre, The bug in download.php is still there in lenny, why did you close the bug? -- # TRS-80 trs80(a)ucc.gu.uwa.edu.au #/ Otherwise Bub here will do \ # UCC Wheel Member http://trs80.ucc.asn.au/ #| what squirrels do best | [ There's nobody getting rich writing

Bug#531735: SA35311: OCS Inventory NG systemid SQL Injection Vulnerability

Package: ocsinventory-server Severity: serious Tags: security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, The following SA (Secunia Advisory) id was published for OCS Inventory NG: SA35311[0]: Description: Nico Leidecker has discovered a vulnerability in OCS Inventory NG, which can be

Bug#531735: SA35311: OCS Inventory NG systemid SQL Injection Vulnerability

fixed 531735 1.02.1-1 tags 531735 lenny patch thanks Giuseppe Iuculano ha scritto: The vulnerability is confirmed in version 1.02.1. Other versions may also be affected. This was wrong, 1.02.1 is not vulnerable. Patch: