oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: egroupware remote code and xss

From: Hanno Böck <hanno () hboeck de>
Date: Mon, 20 Sep 2010 14:06:05 +0200
http://www.egroupware.org/news?item=93

Nahuel Grisolia from CYBSEC S.A. Security Systems found two security
problems in EGroupware:

    one is a serious remote command execution (allowing to run arbitrary 
command on the web server by simply issuing a HTTP request!).
    the other a reflected cross-site scripting (XSS).

Here's the original advisory for both issues:
http://www.exploit-db.com/exploits/11777/


-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting

Attachment: signature.asc
Description: This is a digitally signed message part.

Previous By Date Next
Previous By Thread Next

Current thread: