oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE assignment notification] Multiple vulnerabilities in POSH

From: Damien Cauquil <d.cauquil () sysdream com>
Date: Thu, 27 Feb 2014 08:03:15 +0100
We updated our original advisory about POSH application with the CVE-IDs
provided;


1. Unauthenticated SQL injection vulnerability affecting all
POSH 3.X versions prior to 3.3.0


CVE-2014-2211 is assigned to this vulnerability


2. Design vulnerability affecting all POSH 3.X versions


CVE-2014-2212 is assigned to this vulnerability


3. Arbitrary url redirection affecting all POSH 3.X versions


CVE-2014-2213 is assigned to this vulnerability


4. Cross-Site scripting vulnerability affecting all POSH 3.X versions


CVE-2014-2214 is assigned to this vulnerability


References:

* Updated advisory:
http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf



-- 
Damien Cauquil
Directeur Recherche & DĂ©veloppement
CHFI | CEH | ECSA | CEI

Sysdream
108 avenue Gabriel PĂ©ri
93400 Saint Ouen
Tel: +33 (0) 1 78 76 58 21
www.sysdream.com
Previous By Date Next
Previous By Thread Next

Current thread: