New installation tutorials for the new OpenMeetings 3.1.1 for download

2016-03-25 Thread Alvaro
Hello, Are ready for download, the follow installation tutorials for the new version of OpenMeetings 3.1.1. Are called: Installation OpenMeetings 3.1.x on Centos 6.7.pdf Installation OpenMeetings 3.1.x on Centos 7.pdf Installation OpenMeetings 3.1.x on Debian 8.pdf Installation OpenMeetings 3

[CVE-2016-2164] Arbitrary file read via SOAP API

2016-03-25 Thread Maxim Solodovnik
Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7 Description: When attempting to upload a file via the API using the importFileByInternalUserId or importFile methods in the FileService, it is possible to read arbitrary files from the

[CVE-2016-2163] Stored Cross Site Scripting in Event description

2016-03-25 Thread Maxim Solodovnik
Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.0.7 Description: When creating an event, it is possible to create clickable URL links in the event description. These links will be present inside the event details once a participant enter

[CVE-2016-0784] ZIP file path traversal

2016-03-25 Thread Maxim Solodovnik
Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0 Description: The Import/Export System Backups functionality in the OpenMeetings Administration menu (http://domain:5080/openmeetings/#admin/backup) is vulnerable to path traversal via s

[CVE-2016-0783] Predictable password reset token

2016-03-25 Thread Maxim Solodovnik
Severity: Critical Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0 Description: The hash generated by the external password reset function is generated by concatenating the user name and the current system time, and then hashing it using MD5. This is h

[ANNOUNCE] Apache OpenMeetings 3.1.1 released

2016-03-25 Thread Maxim Solodovnik
The Apache Openmeetings project is pleased to announce the release of Apache Openmeetings 3.1.1. The release is available for download from http://openmeetings.apache.org/downloads.html Openmeetings provides video conferencing, instant messaging, white board, collaborative document editing and oth

[ANNOUNCE] Apache OpenMeetings 3.1.0 released

2016-03-25 Thread Maxim Solodovnik
The Apache Openmeetings project is pleased to announce the release of Apache Openmeetings 3.1.0. The release is available for download from http://openmeetings.apache.org/downloads.html Openmeetings provides video conferencing, instant messaging, white board, collaborative document editing and oth