'Re: [oss-security] CVE request: egroupware remote code and xss'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: egroupware remote code and xss
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-09-21 15:16:45
Message-ID: 1146304676.208651285082205838.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- "Hanno Böck" <hanno@hboeck.de> wrote:
> 
> http://www.egroupware.org/news?item=93
> 
> Nahuel Grisolia from CYBSEC S.A. Security Systems found two security
> problems in EGroupware:
> 
>     one is a serious remote command execution (allowing to run arbitrary
>     command on the web server by simply issuing a HTTP request!).

Please use CVE-2010-3313

>     The other a reflected cross-site scripting (XSS).

Please use CVE-2010-3314

> 
> Here's the original advisory for both issues:
> http://www.exploit-db.com/exploits/11777/
> 

Thanks

-- 
    JB

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic