oss-sec mailing list archives
Re: CVE request: egroupware remote code and xss
From: Josh Bressers <bressers () redhat com>
Date: Tue, 21 Sep 2010 11:16:45 -0400 (EDT)
----- "Hanno Böck" <hanno () hboeck de> wrote:
http://www.egroupware.org/news?item=93 Nahuel Grisolia from CYBSEC S.A. Security Systems found two security problems in EGroupware: one is a serious remote command execution (allowing to run arbitrary command on the web server by simply issuing a HTTP request!).
Please use CVE-2010-3313
The other a reflected cross-site scripting (XSS).
Please use CVE-2010-3314
Here's the original advisory for both issues: http://www.exploit-db.com/exploits/11777/
Thanks -- JB
Current thread:
- CVE request: egroupware remote code and xss Hanno Böck (Sep 20)
- Re: CVE request: egroupware remote code and xss Josh Bressers (Sep 21)