Date: Thu, 27 Feb 2014 08:03:15 +0100 From: Damien Cauquil <d.cauquil@...dream.com> To: cve-assign@...re.org CC: oss-security@...ts.openwall.com Subject: [CVE assignment notification] Multiple vulnerabilities in POSH We updated our original advisory about POSH application with the CVE-IDs provided; > 1. Unauthenticated SQL injection vulnerability affecting all > POSH 3.X versions prior to 3.3.0 CVE-2014-2211 is assigned to this vulnerability > 2. Design vulnerability affecting all POSH 3.X versions CVE-2014-2212 is assigned to this vulnerability > 3. Arbitrary url redirection affecting all POSH 3.X versions CVE-2014-2213 is assigned to this vulnerability > 4. Cross-Site scripting vulnerability affecting all POSH 3.X versions CVE-2014-2214 is assigned to this vulnerability References: * Updated advisory: http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf -- Damien Cauquil Directeur Recherche & Développement CHFI | CEH | ECSA | CEI Sysdream 108 avenue Gabriel Péri 93400 Saint Ouen Tel: +33 (0) 1 78 76 58 21 www.sysdream.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ