oss-sec mailing list archives
[CVE assignment notification] Multiple vulnerabilities in POSH
From: Damien Cauquil <d.cauquil () sysdream com>
Date: Thu, 27 Feb 2014 08:03:15 +0100
We updated our original advisory about POSH application with the CVE-IDs provided;
1. Unauthenticated SQL injection vulnerability affecting all POSH 3.X versions prior to 3.3.0
CVE-2014-2211 is assigned to this vulnerability
2. Design vulnerability affecting all POSH 3.X versions
CVE-2014-2212 is assigned to this vulnerability
3. Arbitrary url redirection affecting all POSH 3.X versions
CVE-2014-2213 is assigned to this vulnerability
4. Cross-Site scripting vulnerability affecting all POSH 3.X versions
CVE-2014-2214 is assigned to this vulnerability References: * Updated advisory: http://www.sysdream.com/system/files/POSH-3.2.1-advisory_0.pdf -- Damien Cauquil Directeur Recherche & DĂ©veloppement CHFI | CEH | ECSA | CEI Sysdream 108 avenue Gabriel PĂ©ri 93400 Saint Ouen Tel: +33 (0) 1 78 76 58 21 www.sysdream.com
Current thread:
- [CVE assignment notification] Multiple vulnerabilities in POSH Damien Cauquil (Feb 26)