330 matches found
PT-2023-26363 · Unknown · Egroupware
Name of the Vulnerable Software and Affected Versions: eGroupWare version 17.1.20190111 Description: An issue affects the setup panel under setup/manageheader.php, allowing authenticated remote attackers with administrator credentials to read a cleartext database password due to improper password...
CVE-2023-38328
In CVE-2023-38328, eGroupWare version 17.1.20190111 contains an improper password storage flaw in the setup panel (setup/manageheader.php). Authentication with administrator credentials enables reading the cleartext database password. The affected component is the setup mechanism; root cause is i...
SUSE CVE-2005-1921
Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...
SUSE CVE-2008-1502
The badprotocolonce function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting XSS attacks via a string containing crafted URL protocols...
GHSA-5GX6-F2QQ-475F EGroupware Code Injection vulnerability
phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands v...
EGroupware Code Injection vulnerability
phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands v...
GHSA-QFG7-WC25-R3J2 eGroupware Community Edition Stored XSS vulnerability
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator...
eGroupware Community Edition Stored XSS vulnerability
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator...
Moodle vulnerable to Cross-site scripting
The badprotocolonce function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting XSS attacks via a string containing crafted URL protocols...
Mageia: Security Advisory (MGASA-2014-0116)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2014-0221)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
VulnCheck KEV: CVE-2010-3313
phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary...
eGroupWare 'spellchecker.php' Remote Code Execution Vulnerability
eGroupWare is a multi-user, WEB-based workware suite developed on the basis of customization sets on a PHP-based API. A remote code execution vulnerability exists in eGroupWare 'spellchecker.php' that stems from the program failing to properly validate user-submitted data. A remote attacker could...
eGroupWare 1.14 Remote Command Execution
Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Date: 2020-07-27 Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python3 import requests import sys import...
eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution
Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Date: 2020-07-27 Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python3 import requests import sys import...
eGroupWare 1.14 - (spellchecker.php) Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python...
egroupware.219119.n3.nabble.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1188529 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
GLSA-201711-12 : eGroupWare: Remote code execution
The remote host is affected by the vulnerability described in GLSA-201711-12 eGroupWare: Remote code execution It was found that eGroupWare contains multiple code injection vulnerabilities in multiple parameters and routes because of improper input sanitization. Impact : A remote attacker could...
eGroupWare: Remote code execution
Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description It was found that eGroupWare contains multiple code injection vulnerabilities in multiple parameters and routes because of improper input sanitization. Impact A remo...
EGroupware Community Edition < 16.1.20170922 Stored XSS Vulnerability
EGroupware Community Edition is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...