diff options
author | delphij <delphij@FreeBSD.org> | 2010-03-12 09:45:48 +0800 |
---|---|---|
committer | delphij <delphij@FreeBSD.org> | 2010-03-12 09:45:48 +0800 |
commit | a7dfcf53b82e9a04118c7c2a556dbd1e68a3268c (patch) | |
tree | 53dc06eb2e6c75a1398185c4060b41d2ce94cfcf /security | |
parent | dc257571710ce0d03037fb18cb35f4fc2f5766be (diff) | |
download | freebsd-ports-gnome-a7dfcf53b82e9a04118c7c2a556dbd1e68a3268c.tar.gz freebsd-ports-gnome-a7dfcf53b82e9a04118c7c2a556dbd1e68a3268c.tar.zst freebsd-ports-gnome-a7dfcf53b82e9a04118c7c2a556dbd1e68a3268c.zip |
Document eGroupware vulnerabilities.
Submitted by: wenheping
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 4be9607b6764..81776a89c557 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e39caf05-2d6f-11df-aec2-000c29ba66d2"> + <topic>egroupware -- two vulnerabilities</topic> + <affects> + <package> + <name>egroupware</name> + <range><lt>1.6.003</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Egroupware Team report:</p> + <blockquote cite="http://www.egroupware.org/Home?category_id=95&item=93"> + <p>Nahuel Grisolia from CYBSEC S.A. Security Systems found two security + problems in EGroupware:</p> + <p>Serious remote command execution (allowing to run arbitrary command + on the web server by simply issuing a HTTP request!).</p> + <p>A reflected cross-site scripting (XSS).</p> + <p>Both require NO valid EGroupware account and work without being logged + in!</p> + </blockquote> + </body> + </description> + <references> + <bid>38609</bid> + <url>http://secunia.com/advisories/38859/</url> + <url>http://www.egroupware.org/Home?category_id=95&item=93</url> + </references> + <dates> + <discovery>2010-03-09</discovery> + <entry>2010-03-11</entry> + </dates> + </vuln> + <vuln vid="b3531fe1-2b03-11df-b6db-00248c9b4be7"> <topic>drupal -- multiple vulnerabilities</topic> <affects> |