'[oss-security] [CVE assignment notification] Multiple vulnerabilities in POSH'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE assignment notification] Multiple vulnerabilities in POSH
From:       Damien Cauquil <d.cauquil () sysdream ! com>
Date:       2014-02-27 7:03:15
Message-ID: 530EE333.8030906 () sysdream ! com
[Download RAW message or body]

We updated our original advisory about POSH application with the CVE-IDs
provided;

> 1. Unauthenticated SQL injection vulnerability affecting all
> POSH 3.X versions prior to 3.3.0

CVE-2014-2211 is assigned to this vulnerability

> 2. Design vulnerability affecting all POSH 3.X versions

CVE-2014-2212 is assigned to this vulnerability

> 3. Arbitrary url redirection affecting all POSH 3.X versions

CVE-2014-2213 is assigned to this vulnerability

> 4. Cross-Site scripting vulnerability affecting all POSH 3.X versions

CVE-2014-2214 is assigned to this vulnerability


References:

* Updated advisory:
http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf



-- 
Damien Cauquil
Directeur Recherche & Développement
CHFI | CEH | ECSA | CEI

Sysdream
108 avenue Gabriel Péri
93400 Saint Ouen
Tel: +33 (0) 1 78 76 58 21
www.sysdream.com
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic