Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 27 Feb 2014 08:03:15 +0100
From: Damien Cauquil <d.cauquil@...dream.com>
To: cve-assign@...re.org
CC: oss-security@...ts.openwall.com
Subject: [CVE assignment notification] Multiple vulnerabilities in POSH

We updated our original advisory about POSH application with the CVE-IDs
provided;

> 1. Unauthenticated SQL injection vulnerability affecting all
> POSH 3.X versions prior to 3.3.0

CVE-2014-2211 is assigned to this vulnerability

> 2. Design vulnerability affecting all POSH 3.X versions

CVE-2014-2212 is assigned to this vulnerability

> 3. Arbitrary url redirection affecting all POSH 3.X versions

CVE-2014-2213 is assigned to this vulnerability

> 4. Cross-Site scripting vulnerability affecting all POSH 3.X versions

CVE-2014-2214 is assigned to this vulnerability


References:

* Updated advisory:
http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf



-- 
Damien Cauquil
Directeur Recherche & Développement
CHFI | CEH | ECSA | CEI

Sysdream
108 avenue Gabriel Péri
93400 Saint Ouen
Tel: +33 (0) 1 78 76 58 21
www.sysdream.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ