4 matches found
phpGroupWare多个输入验证漏洞
BUGTRAQ ID: 35761 CVE ID: CVE-2009-4414,CVE-2009-4415,CVE-2009-4416 phpGroupWare是一个用PHP编写的多用户的网络组件,为开发其他程序提供了一个API。 phpGroupWare的多个组件中存在输入验证错误,远程攻击者可以通过提交恶意请求泄露敏感信息、执行跨站脚本或SQL注入攻击。 1 没有正确地验证传送给csvfile参数的输入便在addressbook/csvimport.php中使用,这可能导致在受影响系统上读取任意文件的内容。 2...
CVE-2009-4415
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to 1 read arbitrary files via the csvfile parameter to addressbook/csvimport.php, or 2 include and execute arbitrary local files via the convtype parameter...
Directory traversal
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to 1 read arbitrary files via the csvfile parameter to addressbook/csvimport.php, or 2 include and execute arbitrary local files via the convtype parameter...
CVE-2009-4415
Multiple directory traversal vulnerabilities in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allow remote attackers to 1 read arbitrary files via the csvfile parameter to addressbook/csvimport.php, or 2 include and execute arbitrary local files via the convtype parameter...