5 matches found
SUSE CVE-2014-2027
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...
Mageia: Security Advisory (MGASA-2014-0116)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-2027
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...
CVE-2014-2027
CVE-2014-2027 affects eGroupware prior to 1.8.006.20140217. The issue arises from improper input handling allowing PHP object injection and potential remote code execution via multiple parameters across addressbook/csv_import.php, calendar/csv_import.php, csv_import.php (in projectmanager/ or inf...
Updated egroupware package fixes security vulnerability
eGroupware prior to 1.8.006.20140217 is vulnerable to remote file deletion and possible remote code execution due to user input being passed to PHP's unserialize method CVE-2014-2027...