Date: Thu, 27 Feb 2014 08:03:15 +0100 From: Damien Cauquil <d.cauquil@...dream.com> To: cve-assign@...re.org CC: oss-security@...ts.openwall.com Subject: [CVE assignment notification] Multiple vulnerabilities in POSH We updated our original advisory about POSH application with the CVE-IDs provided; > 1. Unauthenticated SQL injection vulnerability affecting all > POSH 3.X versions prior to 3.3.0 CVE-2014-2211 is assigned to this vulnerability > 2. Design vulnerability affecting all POSH 3.X versions CVE-2014-2212 is assigned to this vulnerability > 3. Arbitrary url redirection affecting all POSH 3.X versions CVE-2014-2213 is assigned to this vulnerability > 4. Cross-Site scripting vulnerability affecting all POSH 3.X versions CVE-2014-2214 is assigned to this vulnerability References: * Updated advisory: http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf -- Damien Cauquil Directeur Recherche & Développement CHFI | CEH | ECSA | CEI Sysdream 108 avenue Gabriel Péri 93400 Saint Ouen Tel: +33 (0) 1 78 76 58 21 www.sysdream.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.