New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
List of fake or duplicated security vulnerabilities we declined to accept in 2018. #205
Labels
Comments
|
This issue will be a hall of shame for speculative people. |
|
Share a tutorial of requesting for a CVE ID from the team of @ponyma233 : http://5ecurity.cn/index.php/archives/242/ Fantastic! |
|
any updates? waiting for more numbers in my |
|
只是混个CVE 干嘛那么较真。 何况老美认识汉字么,不得给它翻译一下。 |
|
@SameleTom 要是你确实发现了一个货真价实的漏洞我自然是没意见的,但你可以看一下这里交的都是啥。不能容忍用虚假报漏洞为自己脸上贴金的行为。 |
|
怎么突然就说起这件事了啊,我要澄清一下噢,这个zblog确实是误报,我当初本地验证的连接,没想到本地解析,是我的错,丢脸了好久
…------------------ 原始邮件 ------------------
发件人: "zsx"<notifications@github.com>;
发送时间: 2020年1月3日(星期五) 上午10:59
收件人: "zblogcn/zblogphp"<zblogphp@noreply.github.com>;
抄送: "黄"<2752002991@qq.com>;"Mention"<mention@noreply.github.com>;
主题: Re: [zblogcn/zblogphp] List of fake or duplicated security vulnerabilities we declined to accept in 2018. (#205)
@SameleTom 要是你确实发现了一个货真价实的漏洞我自然是没意见的,但你可以看一下这里交的都是啥。不能容忍用别的项目为自己脸上贴金的行为。
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Duplicated
CVE-2018-7737
Author: @ponyma233
Detail:
https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md(Deleted at 16/Feb)Detail: https://packetstormsecurity.com/files/147063/Z-Blog-1.5.1.1740-Full-Path-Disclosure.html
Duplicated with CVE-2018-6846. We fixed them after CVE-2018-6846 confirmed. See: 7f09eb1
CVE-2018-7736
Author: @ponyma233
Detail:
https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.mdDetail: https://packetstormsecurity.com/files/147066/Z-Blog-1.5.1.1740-Cross-Site-Scripting.html
As same as CVE-2018-10680 and CVE-2018-11208. We decline to accept it as a valid issue. If you get the admin privilege, we have so many self-xss ways.
Useless
CVE-2018-10680
Author: @Oran9e
Detail: #185
We declined to accept a self-xss with admin privilege.
CVE-2018-11208
Author: @Jayway007
Detail: #187
We declined to accept a self-xss with admin privilege.
Fake
CVE-2018-19556
Author: @novysodope
Detail: https://github.com/novysodope/Z-BlogPHP1.5Zero/commit/49b1b99d2df0fd2a3ae61655b516a1c6bc998b57
It's Adobe's bug, not us. As him said, see CVE-2017-1125 and CVE-2018-4901.
CVE-2018-19463
Author: @novysodope
Detail: https://github.com/novysodope/Z-BlogPHP1.5Zero/commit/8526931c1e5fbe185740d91f9b286c38d3401445
It's fake. We have no dynamic including. No one can run PHP by uploading an image in current version. By the way, it needs authentication.
CVE-2018-11209
Author: @Jayway007
Detail: #188
It's a joke. I laughed.
The text was updated successfully, but these errors were encountered: