Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: egroupware before 1.8.002 various security issues
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 29 Mar 2012 19:48:20 -0600

On 03/29/2012 12:38 AM, Hanno Böck wrote:
Am Wed, 28 Mar 2012 23:04:07 -0600 schrieb Kurt Seifried
<kseifried () redhat com>:

On 03/28/2012 10:26 AM, Hanno Böck wrote:
http://comments.gmane.org/gmane.comp.web.egroupware.german/33144



" 1. Fixes regarding security issues like 'local file inclusion',
'sql injection', 'reflected xss' and 'open redirect'. "


Make a list with specific requests and information please.


Local file inclusion: 
http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html

Please

use CVE-2011-4948 for this issue.

SQL injection in 1.8.001: 
http://packetstormsecurity.org/files/100179/eGroupware-1.8.001-SQL-Injection.html

Please

use CVE-2011-4949 for this issue.

reflected xss: 
http://packetstormsecurity.org/files/100180/eGroupware-1.8.001-Cross-Site-Scripting.html

Please

use CVE-2011-4950 for this issue.

open redirect: 
http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html

Please

use CVE-2011-4951 for this issue.

-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]