[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: egroupware before 1.8.002 various security issues
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-03-30 1:48:20
Message-ID: 4F7510E4.5090703 () redhat ! com
[Download RAW message or body]
On 03/29/2012 12:38 AM, Hanno Böck wrote:
> Am Wed, 28 Mar 2012 23:04:07 -0600 schrieb Kurt Seifried
> <kseifried@redhat.com>:
>
>> On 03/28/2012 10:26 AM, Hanno Böck wrote:
>>> http://comments.gmane.org/gmane.comp.web.egroupware.german/33144
>>>
>>>
>>>
" 1. Fixes regarding security issues like 'local file inclusion',
>>> 'sql injection', 'reflected xss' and 'open redirect'. "
>>>
>>
>> Make a list with specific requests and information please.
>>
>
> Local file inclusion:
> http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html
Please
>
use CVE-2011-4948 for this issue.
> SQL injection in 1.8.001:
> http://packetstormsecurity.org/files/100179/eGroupware-1.8.001-SQL-Injection.html
Please
>
use CVE-2011-4949 for this issue.
> reflected xss:
> http://packetstormsecurity.org/files/100180/eGroupware-1.8.001-Cross-Site-Scripting.html
Please
>
use CVE-2011-4950 for this issue.
> open redirect:
> http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html
Please
>
use CVE-2011-4951 for this issue.
--
Kurt Seifried Red Hat Security Response Team (SRT)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic