FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

egroupware -- two vulnerabilities

Affected packages
egroupware < 1.6.003


VuXML ID e39caf05-2d6f-11df-aec2-000c29ba66d2
Discovery 2010-03-09
Entry 2010-03-11

Egroupware Team report:

Nahuel Grisolia from CYBSEC S.A. Security Systems found two security problems in EGroupware:

Serious remote command execution (allowing to run arbitrary command on the web server by simply issuing a HTTP request!).

A reflected cross-site scripting (XSS).

Both require NO valid EGroupware account and work without being logged in!


Bugtraq ID 38609