[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE assignment notification] Multiple vulnerabilities in POSH
From: Damien Cauquil <d.cauquil () sysdream ! com>
Date: 2014-02-27 7:03:15
Message-ID: 530EE333.8030906 () sysdream ! com
[Download RAW message or body]
We updated our original advisory about POSH application with the CVE-IDs
provided;
> 1. Unauthenticated SQL injection vulnerability affecting all
> POSH 3.X versions prior to 3.3.0
CVE-2014-2211 is assigned to this vulnerability
> 2. Design vulnerability affecting all POSH 3.X versions
CVE-2014-2212 is assigned to this vulnerability
> 3. Arbitrary url redirection affecting all POSH 3.X versions
CVE-2014-2213 is assigned to this vulnerability
> 4. Cross-Site scripting vulnerability affecting all POSH 3.X versions
CVE-2014-2214 is assigned to this vulnerability
References:
* Updated advisory:
http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf
--
Damien Cauquil
Directeur Recherche & Développement
CHFI | CEH | ECSA | CEI
Sysdream
108 avenue Gabriel Péri
93400 Saint Ouen
Tel: +33 (0) 1 78 76 58 21
www.sysdream.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic