[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: egroupware remote code and xss
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-09-21 15:16:45
Message-ID: 1146304676.208651285082205838.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- "Hanno Böck" <hanno@hboeck.de> wrote:
>
> http://www.egroupware.org/news?item=93
>
> Nahuel Grisolia from CYBSEC S.A. Security Systems found two security
> problems in EGroupware:
>
> one is a serious remote command execution (allowing to run arbitrary
> command on the web server by simply issuing a HTTP request!).
Please use CVE-2010-3313
> The other a reflected cross-site scripting (XSS).
Please use CVE-2010-3314
>
> Here's the original advisory for both issues:
> http://www.exploit-db.com/exploits/11777/
>
Thanks
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic