Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Sep 2010 14:06:05 +0200
From: Hanno Böck <>
Subject: CVE request: egroupware remote code and xss

Nahuel Grisolia from CYBSEC S.A. Security Systems found two security
problems in EGroupware:

    one is a serious remote command execution (allowing to run arbitrary 
command on the web server by simply issuing a HTTP request!).
    the other a reflected cross-site scripting (XSS).

Here's the original advisory for both issues:

Hanno Böck		Blog:
GPG: 3DBD3B20		Jabber/Mail: - professional webhosting

Download attachment "signature.asc " of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.