Re: [oss-security] CVE request: egroupware before 1.8.002 various security issues

From: Hanno Böck <hanno_at_nospam>
Date: Thu Mar 29 2012 - 06:38:28 GMT
To: Kurt Seifried <kseifried@redhat.com>

Am Wed, 28 Mar 2012 23:04:07 -0600
schrieb Kurt Seifried <kseifried@redhat.com>:

> On 03/28/2012 10:26 AM, Hanno Böck wrote:
> > http://comments.gmane.org/gmane.comp.web.egroupware.german/33144
> >
> > " 1. Fixes regarding security issues like 'local file inclusion',
> > 'sql injection', 'reflected xss' and 'open redirect'. "
> >
>
> Make a list with specific requests and information please.
>

Local file inclusion:
http://packetstormsecurity.org/files/101676/eGroupware-1.8.001.20110421-Local-File-Inclusion.html

SQL injection in 1.8.001:
http://packetstormsecurity.org/files/100179/eGroupware-1.8.001-SQL-Injection.html

reflected xss:
http://packetstormsecurity.org/files/100180/eGroupware-1.8.001-Cross-Site-Scripting.html

open redirect:
http://packetstormsecurity.org/files/101675/eGroupware-1.8.001.20110421-Open-Redirect.html

-- Hanno Böck mail/jabber: hanno@hboeck.de GPG: BBB51E42 http://www.hboeck.de/

This message: [ Message body ]
Next message: Solar Designer: "[oss-security] Re: CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)"
Previous message: Henri Salo: "[oss-security] CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080"
In reply to: Kurt Seifried: "Re: [oss-security] CVE request: egroupware before 1.8.002 various security issues"
Next in thread: Kurt Seifried: "Re: [oss-security] CVE request: egroupware before 1.8.002 various security issues"
Reply: Kurt Seifried: "Re: [oss-security] CVE request: egroupware before 1.8.002 various security issues"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]