Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 27 Mar 2008 19:22:35 -0400 (EDT)
From: "Steven M. Christey" <>
To: Hanno Böck <>
cc: "Steven M. Christey" <>,
Subject: Re: Need CVEs for joomla, egroupware

Note all: these CVE's only cover the publicly disclosed issues.  The
non-public ones that Nico requested will be handled separately in the
normal CVE reservation process.

Name: CVE-2008-1502
Status: Candidate
Reference: MISC:
Reference: CONFIRM:
Reference: SECUNIA:29491
Reference: URL:

The _bad_protocol_once function in phpgwapi/inc/ in
eGroupWare before 1.4.003 allows remote attackers to bypass HTML
filtering and conduct cross-site scripting (XSS) attacks via a string
containing crafted URL protocols.

Name: CVE-2008-1533
Status: Candidate
Reference: CONFIRM:
Reference: SECUNIA:28861
Reference: URL:

Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla!
1.5 allows remote attackers to perform unauthorized article operations
on articles via unknown vectors.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.