If you don't respond until 19th February 2015 (UTC+1), I will as well release the technical details of these issues and send the vulnerabilities to the security mailing list FullDisclosure, to warn people.
Thank you for your attention.
Greetings from Germany.
Steffen Rösemann
The text was updated successfully, but these errors were encountered:
Hello, Steffen!
Thank you for inspection of phpBugTracker.
We are really have many security vulnerabilities, inherited from old developer. I have already fix a lot of them. But I need assistance to find all of them.
Now together we can make the the world a better :)
I will send copy of this message to your email to provide you my email address.
As we agreed, I just have released the technical details of these issues (see http://sroesemann.blogspot.de/2015/02/sroeadv-2015-16.html) and send them to the security mailing list FullDisclosure. If any CVE-IDs will be assigned for these issues, I will inform you here.
To end this correctly, I'd like to inform you, that these issues (and issues you found yourself) have been assigned multiple CVE-identifiers by MITRE. Please see here for further details: http://seclists.org/oss-sec/2015/q1/704
Dear development team.
I found multiple SQL injection-, reflecting/stored XSS- and CSRF-vulnerabilities in your product phpBugTracker v.1.6.0.
Please provide me an email-address where I can send the technical details to. Otherwise, if you don't mind, I can post them directly on Github.
I have released a security advisory without technical details here: http://sroesemann.blogspot.de/2015/02/sroeadv-2015-16.html.
If you don't respond until 19th February 2015 (UTC+1), I will as well release the technical details of these issues and send the vulnerabilities to the security mailing list FullDisclosure, to warn people.
Thank you for your attention.
Greetings from Germany.
Steffen Rösemann
The text was updated successfully, but these errors were encountered: