5 matches found
CVE-2008-4304
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSLCLIENTCERT environment variable. NOTE: in some environments, SSLCLIENTCERT always has a base64-encoded string value, which may...
CVE-2008-4304
general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSLCLIENTCERT environment variable. NOTE: in some environments, SSLCLIENTCERT always has a base64-encoded string value, which may...
CVE-2008-4304
CVE-2008-4304 affects phpCollab 2.5 rc3 and older, where general/login.php can allow remote code execution via shell metacharacters in input related to SSL_CLIENT_CERT. The root cause is improper sanitization of the SSL_CLIENT_CERT usage in a shell command, enabling an attacker to run arbitrary c...
Gentoo Security Advisory GLSA 200812-20 (phpcollab)
The remote host is missing updates announced in advisory GLSA 200812-20. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
phpCollab: Multiple vulnerabilities
Background phpCollab is a web-enabled groupware and project management software written in PHP. It uses SQL-based database backends. Description Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not...