Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-898-1
HistoryNov 17, 2005 - 12:00 a.m.

phpgroupware - programming errors

2005-11-1700:00:00
Google
osv.dev
9

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

84.9%

JSON

Several vulnerabilities have been discovered in phpsysinfo, a PHP
based host information application that is included in phpgroupware.
The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CVE-2005-0870
    Maksymilian Arciemowicz discovered several cross site scripting
    problems, of which not all were fixed in
    DSA 724.
  • CVE-2005-3347
    Christopher Kunz discovered that local variables get overwritten
    unconditionally and are trusted later, which could lead to the
    inclusion of arbitrary files.
  • CVE-2005-3348
    Christopher Kunz discovered that user-supplied input is used
    unsanitised, causing a HTTP Response splitting problem.

For the old stable distribution (woody) these problems have been fixed in
version 0.9.14-0.RC3.2.woody5.

For the stable distribution (sarge) these problems have been fixed in
version 0.9.16.005-3.sarge4.

For the unstable distribution (sid) these problems have been fixed in
version 0.9.16.008-2.

We recommend that you upgrade your phpgroupware packages.

Related

nessus 8
debian 10
osv 3
openvas 15
securityvulns 1
packetstorm 1
gentoo 1
ubuntucve 3
cve 3
debiancve 3
freebsd 1
nessus
nessus
Debian DSA-898-1 : phpgroupware - programming errors
2006-10-14 00:00:00
Debian DSA-897-1 : phpsysinfo - programming errors
2006-10-14 00:00:00
Debian DSA-899-1 : egroupware - programming errors
2006-10-14 00:00:00
debian
debian
[SECURITY] [DSA 897-1] New phpsysinfo packages fix several vulnerabilities
2005-11-15 10:47:28
[SECURITY] [DSA 898-1] New phpgroupware packages fix several vulnerabilities
2005-11-17 10:31:32
[SECURITY] [DSA 898-1] New phpgroupware packages fix several vulnerabilities
2005-11-17 10:31:32
osv
osv
phpsysinfo - programming errors
2005-11-15 00:00:00
egroupware - programming errors
2005-11-17 00:00:00
phpsysinfo - design flaw
2005-05-18 00:00:00
openvas
openvas
Debian Security Advisory DSA 898-1 (phpgroupware)
2008-01-17 00:00:00
Debian Security Advisory DSA 897-1 (phpsysinfo)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-898-1)
2008-01-17 00:00:00
securityvulns
securityvulns
[Full-disclosure] Advisory 22/2005: Multiple vulnerabilities in phpSysInfo
2005-11-14 00:00:00
packetstorm
packetstorm
Hardened-PHP Project Security Advisory 2005-21.81
2005-11-15 00:00:00
gentoo
gentoo
phpSysInfo: Multiple vulnerabilities
2005-11-22 00:00:00
ubuntucve
ubuntucve
CVE-2005-3348
2005-11-18 00:00:00
CVE-2005-0870
2005-05-02 00:00:00
CVE-2005-3347
2005-11-18 00:00:00
cve
cve
CVE-2005-3348
2005-11-18 02:02:00
CVE-2005-0870
2005-05-02 04:00:00
CVE-2005-3347
2005-11-18 02:02:00
debiancve
debiancve
CVE-2005-3348
2005-11-18 02:02:00
CVE-2005-0870
2005-05-02 04:00:00
CVE-2005-3347
2005-11-18 02:02:00
freebsd
freebsd
phpSysInfo -- cross site scripting vulnerability
2005-03-22 00:00:00

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

84.9%

JSON
Related for OSV:DSA-898-1
nessus8debian10osv3openvas15securityvulns1packetstorm1gentoo1ubuntucve3cve3debiancve3freebsd1