Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 27 Feb 2014 08:03:15 +0100
From: Damien Cauquil <d.cauquil@...dream.com>
To: cve-assign@...re.org
CC: oss-security@...ts.openwall.com
Subject: [CVE assignment notification] Multiple vulnerabilities in POSH

We updated our original advisory about POSH application with the CVE-IDs
provided;

> 1. Unauthenticated SQL injection vulnerability affecting all
> POSH 3.X versions prior to 3.3.0

CVE-2014-2211 is assigned to this vulnerability

> 2. Design vulnerability affecting all POSH 3.X versions

CVE-2014-2212 is assigned to this vulnerability

> 3. Arbitrary url redirection affecting all POSH 3.X versions

CVE-2014-2213 is assigned to this vulnerability

> 4. Cross-Site scripting vulnerability affecting all POSH 3.X versions

CVE-2014-2214 is assigned to this vulnerability


References:

* Updated advisory:
http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf



-- 
Damien Cauquil
Directeur Recherche & DĂ©veloppement
CHFI | CEH | ECSA | CEI

Sysdream
108 avenue Gabriel PĂ©ri
93400 Saint Ouen
Tel: +33 (0) 1 78 76 58 21
www.sysdream.com

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.