FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

egroupware -- two vulnerabilities

Affected packages
egroupware < 1.6.003

Details

VuXML ID e39caf05-2d6f-11df-aec2-000c29ba66d2
Discovery 2010-03-09
Entry 2010-03-11

Egroupware Team report:

Nahuel Grisolia from CYBSEC S.A. Security Systems found two security problems in EGroupware:

Serious remote command execution (allowing to run arbitrary command on the web server by simply issuing a HTTP request!).

A reflected cross-site scripting (XSS).

Both require NO valid EGroupware account and work without being logged in!

References

Bugtraq ID 38609
URL http://secunia.com/advisories/38859/
URL http://www.egroupware.org/Home?category_id=95&item=93