Lucene search
K

5 matches found

NVD
NVD
added 2008/12/23 6:30 p.m.21 views

CVE-2008-4304

general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSLCLIENTCERT environment variable. NOTE: in some environments, SSLCLIENTCERT always has a base64-encoded string value, which may...

10CVSS7.9AI score0.03007EPSS
Exploits0References5
Cvelist
Cvelist
added 2008/12/23 6:13 p.m.25 views

CVE-2008-4304

general/login.php in phpCollab 2.5 rc3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified input related to the SSLCLIENTCERT environment variable. NOTE: in some environments, SSLCLIENTCERT always has a base64-encoded string value, which may...

7.8AI score0.03007EPSS
Exploits0References5
CVE
CVE
added 2008/12/23 6:13 p.m.46 views

CVE-2008-4304

CVE-2008-4304 affects phpCollab 2.5 rc3 and older, where general/login.php can allow remote code execution via shell metacharacters in input related to SSL_CLIENT_CERT. The root cause is improper sanitization of the SSL_CLIENT_CERT usage in a shell command, enabling an attacker to run arbitrary c...

10CVSS7.8AI score0.03007EPSS
Exploits0References5Affected Software1
OpenVAS
OpenVAS
added 2008/12/23 12:0 a.m.24 views

Gentoo Security Advisory GLSA 200812-20 (phpcollab)

The remote host is missing updates announced in advisory GLSA 200812-20. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

10CVSS0.7AI score0.06164EPSS
Exploits1
Gentoo Linux
Gentoo Linux
added 2008/12/21 12:0 a.m.47 views

phpCollab: Multiple vulnerabilities

Background phpCollab is a web-enabled groupware and project management software written in PHP. It uses SQL-based database backends. Description Multiple vulnerabilities have been found in phpCollab: rgod reported that data sent to general/sendpassword.php via the loginForm parameter is not...

10CVSS8.4AI score0.06164EPSS
Exploits1
Rows per page
Query Builder