oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: egroupware remote code and xss

From: Josh Bressers <bressers () redhat com>
Date: Tue, 21 Sep 2010 11:16:45 -0400 (EDT)
----- "Hanno Böck" <hanno () hboeck de> wrote:


http://www.egroupware.org/news?item=93

Nahuel Grisolia from CYBSEC S.A. Security Systems found two security
problems in EGroupware:

    one is a serious remote command execution (allowing to run arbitrary
    command on the web server by simply issuing a HTTP request!).


Please use CVE-2010-3313


    The other a reflected cross-site scripting (XSS).


Please use CVE-2010-3314



Here's the original advisory for both issues:
http://www.exploit-db.com/exploits/11777/



Thanks

-- 
    JB
Previous By Date Next
Previous By Thread Next

Current thread: