oss-sec mailing list archives
CVE request: egroupware remote code and xss
From: Hanno Böck <hanno () hboeck de>
Date: Mon, 20 Sep 2010 14:06:05 +0200
http://www.egroupware.org/news?item=93 Nahuel Grisolia from CYBSEC S.A. Security Systems found two security problems in EGroupware: one is a serious remote command execution (allowing to run arbitrary command on the web server by simply issuing a HTTP request!). the other a reflected cross-site scripting (XSS). Here's the original advisory for both issues: http://www.exploit-db.com/exploits/11777/ -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://schokokeks.org - professional webhosting
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: egroupware remote code and xss Hanno Böck (Sep 20)
- Re: CVE request: egroupware remote code and xss Josh Bressers (Sep 21)