Date: Tue, 21 Sep 2010 11:16:45 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE request: egroupware remote code and xss ----- "Hanno Böck" <hanno@...eck.de> wrote: > > http://www.egroupware.org/news?item=93 > > Nahuel Grisolia from CYBSEC S.A. Security Systems found two security > problems in EGroupware: > > one is a serious remote command execution (allowing to run arbitrary > command on the web server by simply issuing a HTTP request!). Please use CVE-2010-3313 > The other a reflected cross-site scripting (XSS). Please use CVE-2010-3314 > > Here's the original advisory for both issues: > http://www.exploit-db.com/exploits/11777/ > Thanks -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ