Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Gentoo: 200805-04 High: eGroupWare Code Execution And XSS Attacks

gentoo
Calendar Grey May 7, 2008
Dist Gentoo Esm H88
Several eGroupWare security flaws could enable PHP script execution, unauthorized file uploads, and cross-site scripting (XSS) incidents. Timely updates are crucial.
Multiple vulnerabilities in eGroupWare may lead to execution of arbitrary PHP code, the ability to upload malicious files and cross-site scripting attacks

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory GLSA 200805-04 https://security.gentoo.org/

  Severity: High
     Title: eGroupWare: Multiple vulnerabilities
      Date: May 07, 2008
      Bugs: #214212, #218625
        ID: 200805-04


Synopsis
=======
Multiple vulnerabilities in eGroupWare may lead to execution of
arbitrary PHP code, the ability to upload malicious files and
cross-site scripting attacks.

Background
=========
eGroupWare is a suite of web-based group applications including
calendar, address book, messenger and email.

Affected packages
================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/egroupware < 1.4.004 >= 1.4.004

==========
A vulnerability has been repo...
Read the Full Advisory
Topics%20covered

Topics Covered

security advisory gentoo code execution cross-site scripting file upload

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo code execution cross-site scripting file upload

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here