aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2010-03-12 09:45:48 +0800
committerdelphij <delphij@FreeBSD.org>2010-03-12 09:45:48 +0800
commita7dfcf53b82e9a04118c7c2a556dbd1e68a3268c (patch)
tree53dc06eb2e6c75a1398185c4060b41d2ce94cfcf /security
parentdc257571710ce0d03037fb18cb35f4fc2f5766be (diff)
downloadfreebsd-ports-gnome-a7dfcf53b82e9a04118c7c2a556dbd1e68a3268c.tar.gz
freebsd-ports-gnome-a7dfcf53b82e9a04118c7c2a556dbd1e68a3268c.tar.zst
freebsd-ports-gnome-a7dfcf53b82e9a04118c7c2a556dbd1e68a3268c.zip
Document eGroupware vulnerabilities.
Submitted by: wenheping
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml33
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 4be9607b6764..81776a89c557 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="e39caf05-2d6f-11df-aec2-000c29ba66d2">
+ <topic>egroupware -- two vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>egroupware</name>
+ <range><lt>1.6.003</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Egroupware Team report:</p>
+ <blockquote cite="http://www.egroupware.org/Home?category_id=95&amp;item=93">
+ <p>Nahuel Grisolia from CYBSEC S.A. Security Systems found two security
+ problems in EGroupware:</p>
+ <p>Serious remote command execution (allowing to run arbitrary command
+ on the web server by simply issuing a HTTP request!).</p>
+ <p>A reflected cross-site scripting (XSS).</p>
+ <p>Both require NO valid EGroupware account and work without being logged
+ in!</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <bid>38609</bid>
+ <url>http://secunia.com/advisories/38859/</url>
+ <url>http://www.egroupware.org/Home?category_id=95&amp;item=93</url>
+ </references>
+ <dates>
+ <discovery>2010-03-09</discovery>
+ <entry>2010-03-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b3531fe1-2b03-11df-b6db-00248c9b4be7">
<topic>drupal -- multiple vulnerabilities</topic>
<affects>