Lucene search
MitreCVELIST:CVE-2014-2027HistoryMar 31, 2015 - 2:00 p.m.
CVE-2014-2027
2015-03-3114:00:00
mitre
www.cve.org
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.php, (5) info_fields or (6) trans parameter to csv_import.php in (a) projectmanager/ or (b) infolog/, or (7) processed parameter to preferences/inc/class.uiaclprefs.inc.php.
References
Related
nessus
nessus
Mandriva Linux Security Advisory : egroupware (MDVSA-2015:087)
2015-03-30 00:00:00
GLSA-201711-12 : eGroupWare: Remote code execution
2017-11-13 00:00:00
nvd
nvd
CVE-2014-2027
2015-03-31 14:59:00
mageia
mageia
Updated egroupware package fixes security vulnerability
2014-03-04 00:01:25
prion
prion
Design/Logic Flaw
2015-03-31 14:59:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0116)
2022-01-28 00:00:00
EGroupware 'unserialize()' Multiple PHP Code Execution Vulnerabilities
2017-02-01 00:00:00
packetstorm
packetstorm
Egroupware 1.8.005 PHP Object Insertion
2014-02-21 00:00:00
cve
cve
CVE-2014-2027
2015-03-31 14:59:00
gentoo
gentoo
eGroupWare: Remote code execution
2017-11-12 00:00:00
securityvulns
securityvulns
[ MDVSA-2015:087 ] egroupware
2015-05-12 00:00:00
ubuntucve
ubuntucve
CVE-2014-2027
2015-03-31 00:00:00