856 matches found
CVE-2024-22418
Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename suc...
CVE-2024-22418
CVE-2024-22418 affects Group-Office, exposing a stored cross-site scripting (XSS) vulnerability in the file upload mechanism where an attacker can embed JavaScript in a filename (example: >.jpg). The issue is triggered during file upload and is addressed in Group-Office version 6.8.29. Affecte...
CVE-2023-45800
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1...
CVE-2023-45800
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1...
CVE-2023-45800
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1...
Hanbiro SQL Injection Vulnerability
Hanbiro is an application from Hanbiro Inc. A security vulnerability exists in Hanbiro groupware versions prior to V3.8.79 through V3.8.81.1 that stems from the presence of a SQL injection vulnerability...
CVE-2023-49077
Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting XSS vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can sen...
CVE-2023-49077 mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation
Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting XSS vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can sen...
CVE-2023-49077
CVE-2023-49077 affects Mailcow: dockerized. A Cross-Site Scripting (XSS) vulnerability exists in the Quarantine UI, whereby an attacker could leverage a crafted email to execute malicious JavaScript in an administrator’s browser. The issue is documented across multiple sources and has been patche...
CVE-2023-46730 Server-Side Request Forgery in groupoffice
Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery SSRF vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to...
CVE-2023-46730
CVE-2023-46730 (Group-Office) : A full Server-Side Request Forgery (SSRF) vulnerability exists in the /api/upload.php endpoint of Group-Office. The endpoint does not filter URLs, allowing an attacker to cause the server to fetch resources from untrusted domains, with possible access to local disk...
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...
SUSE CVE-2004-0754
Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages...
SUSE CVE-2005-2498
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier PEAR XML-RPC for PHP, as used in multiple products including 1 Drupal, 2 phpAdsNew, 3 phpPgAds, and 4 phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be...
SUSE CVE-2007-6018
IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to 1 delete arbitrary e-mail messages via a modified numeric ID or 2 "purge" deleted emails via a crafted email message...
SUSE CVE-2008-1284
Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name...
SUSE CVE-2008-2783
Multiple cross-site scripting XSS vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to 1 week.php, 2 workweek.php, and 3 day.php; and 4 the horde parameter in the PATHINFO to the...
SUSE CVE-2008-3650
Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 final have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting XSS, in the 1 object browser and 2 contact view...
SUSE CVE-2008-7219
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not valida...