Lucene search
K

330 matches found

Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.7 views

PT-2023-26363 · Unknown · Egroupware

Name of the Vulnerable Software and Affected Versions: eGroupWare version 17.1.20190111 Description: An issue affects the setup panel under setup/manageheader.php, allowing authenticated remote attackers with administrator credentials to read a cleartext database password due to improper password...

4.9CVSS5.1AI score0.00578EPSS
Exploits0References7
CVE
CVE
added 2023/10/26 12:0 a.m.55 views

CVE-2023-38328

In CVE-2023-38328, eGroupWare version 17.1.20190111 contains an improper password storage flaw in the setup panel (setup/manageheader.php). Authentication with administrator credentials enables reading the cleartext database password. The affected component is the setup mechanism; root cause is i...

4.9CVSS4.9AI score0.00578EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.4 views

SUSE CVE-2005-1921

Eval injection vulnerability in PEAR XMLRPC 1.3.0 and earlier aka XML-RPC or xmlrpc and PHPXMLRPC aka XML-RPC For PHP or php-xmlrpc 1.1 and earlier, as used in products such as 1 WordPress, 2 Serendipity, 3 Drupal, 4 egroupware, 5 MailWatch, 6 TikiWiki, 7 phpWebSite, 8 Ampache, and others, allows...

7.5CVSS8.2AI score0.79071EPSS
Exploits5References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.4 views

SUSE CVE-2008-1502

The badprotocolonce function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting XSS attacks via a string containing crafted URL protocols...

4.3CVSS6AI score0.10503EPSS
Exploits3References4
OSV
OSV
added 2022/05/17 5:6 a.m.6 views

GHSA-5GX6-F2QQ-475F EGroupware Code Injection vulnerability

phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands v...

9.3CVSS7.5AI score0.08663EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/17 5:6 a.m.23 views

EGroupware Code Injection vulnerability

phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands v...

7.5CVSS8.3AI score0.08663EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/17 12:35 a.m.12 views

GHSA-QFG7-WC25-R3J2 eGroupware Community Edition Stored XSS vulnerability

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator...

6.1CVSS5.9AI score0.01119EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/17 12:35 a.m.15 views

eGroupware Community Edition Stored XSS vulnerability

Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator...

6.1CVSS5.9AI score0.01119EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 11:40 p.m.27 views

Moodle vulnerable to Cross-site scripting

The badprotocolonce function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting XSS attacks via a string containing crafted URL protocols...

4.3CVSS6AI score0.10503EPSS
Exploits3References22Affected Software1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2014-0116)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.04079EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.8 views

Mageia: Security Advisory (MGASA-2014-0221)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2020/12/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-3313

phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary...

7.5CVSS5.9AI score0.08663EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/30 12:0 a.m.2 views

eGroupWare 'spellchecker.php' Remote Code Execution Vulnerability

eGroupWare is a multi-user, WEB-based workware suite developed on the basis of customization sets on a PHP-based API. A remote code execution vulnerability exists in eGroupWare 'spellchecker.php' that stems from the program failing to properly validate user-submitted data. A remote attacker could...

8.6AI score
Exploits0References1
Packet Storm
Packet Storm
added 2020/07/27 12:0 a.m.145 views

eGroupWare 1.14 Remote Command Execution

Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Date: 2020-07-27 Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python3 import requests import sys import...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2020/07/27 12:0 a.m.564 views

eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution

Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Date: 2020-07-27 Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python3 import requests import sys import...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/07/27 12:0 a.m.597 views

eGroupWare 1.14 - (spellchecker.php) Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python...

7.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/06/08 12:44 a.m.5 views

egroupware.219119.n3.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1188529 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

6.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/11/13 12:0 a.m.30 views

GLSA-201711-12 : eGroupWare: Remote code execution

The remote host is affected by the vulnerability described in GLSA-201711-12 eGroupWare: Remote code execution It was found that eGroupWare contains multiple code injection vulnerabilities in multiple parameters and routes because of improper input sanitization. Impact : A remote attacker could...

7.5CVSS6AI score0.04079EPSS
Exploits1References2
Gentoo Linux
Gentoo Linux
added 2017/11/12 12:0 a.m.33 views

eGroupWare: Remote code execution

Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description It was found that eGroupWare contains multiple code injection vulnerabilities in multiple parameters and routes because of improper input sanitization. Impact A remo...

7.5CVSS7.6AI score0.04079EPSS
Exploits1
OpenVAS
OpenVAS
added 2017/10/10 12:0 a.m.23 views

EGroupware Community Edition < 16.1.20170922 Stored XSS Vulnerability

EGroupware Community Edition is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6.1AI score0.01119EPSS
Exploits0References2
Rows per page
Query Builder