oss-sec mailing list archives
Re: Need CVEs for joomla, egroupware
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 27 Mar 2008 19:22:35 -0400 (EDT)
Note all: these CVE's only cover the publicly disclosed issues. The non-public ones that Nico requested will be handled separately in the normal CVE reservation process. ====================================================== Name: CVE-2008-1502 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1502 Reference: MISC:http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110 Reference: CONFIRM:http://www.egroupware.org/changelog Reference: SECUNIA:29491 Reference: URL:http://secunia.com/advisories/29491 The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in eGroupWare before 1.4.003 allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. ====================================================== Name: CVE-2008-1533 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1533 Reference: CONFIRM:http://www.joomla.org/content/view/4560/1/ Reference: SECUNIA:28861 Reference: URL:http://secunia.com/advisories/28861 Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! 1.5 allows remote attackers to perform unauthorized article operations on articles via unknown vectors.
Current thread:
- Need CVEs for joomla, egroupware Hanno Böck (Mar 25)
- Re: Need CVEs for joomla, egroupware Nico Golde (Mar 25)
- Re: Need CVEs for joomla, egroupware Nico Golde (Mar 25)
- Re: Need CVEs for joomla, egroupware Pierre-Yves Rofes (Mar 25)
- Re: Need CVEs for joomla, egroupware Nico Golde (Mar 25)
- Re: Need CVEs for joomla, egroupware Nico Golde (Mar 25)
- Re: Need CVEs for joomla, egroupware Nico Golde (Mar 25)
- Re: Need CVEs for joomla, egroupware Steven M. Christey (Mar 27)