EUVD-2005-2782

Malware in sbrugna...

Debian DSA-899-1 : egroupware - programming errors

Several vulnerabilities have been discovered in egroupware, a web-based groupware suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems in phpsysinfo, which are also...

[SECURITY] [DSA 1063-1] New phpgroupware packages fix execution of arbitrary web script code

-------------------------------------------------------------------------- Debian Security Advisory DSA 1063-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 8th, 2006 http://www.debian.org/security/faq -...

DSA-1063-1 phpgroupware - missing input sanitising

Bulletin has no description...

DSA-899-1 egroupware - programming errors

Bulletin has no description...

Debian DSA-798-1 : phpgroupware - several vulnerabilities

Several vulnerabilities have been discovered in phpgroupware, a web-based groupware system written in PHP. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2498 Stefan Esser discovered another vulnerability in the XML-RPC libraries that allows...

CVE-2005-2781

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code...

CVE-2005-2781

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code...

[SECURITY] [DSA 798-1] New phproupware packages fix several vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 798-1 [email protected] http://www.debian.org/security/ Martin Schulze September 2nd, 2005 http://www.debian.org/security/faq -...

CVE-2005-2781

The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code...

CVE-2005-2781

The CVE-2005-2781 entry concerns the Avatar upload feature in FUD Forum (phpgroupware) prior to 2.7.0, where uploaded files are not properly validated. This allows an attacker to craft a .php file that begins with image data and then PHP code, enabling remote arbitrary PHP code execution via the ...

DSA-798-1 phpgroupware - several

Bulletin has no description...

FUD Forum < 2.7.1 PHP code injection vurnelability

Avatar upload in FUD Forum 2.7.1 may be tricked to upload a PHP file. To do so merge a graphic avatar file with a PHP file. cat foo.png foo.php uploadme.php under linux/unix. On win try notepat :...

fudForum.txt

--Apple-Mail-1--543733574 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Hello, We have found a security problem in the tree view of FUD Forum Bulletin Board Software http://www.fudforum.org in version 2.6.15, earlier versions maybe affected a...