Lucene search
+L

856 matches found

nvd
nvd
added 2024/01/18 9:15 p.m.30 views

CVE-2024-22418

Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename suc...

6.5CVSS6.7AI score0.00424EPSS
Exploits1References2
cve
cve
added 2024/01/18 8:44 p.m.217 views

CVE-2024-22418

CVE-2024-22418 affects Group-Office, exposing a stored cross-site scripting (XSS) vulnerability in the file upload mechanism where an attacker can embed JavaScript in a filename (example: >.jpg). The issue is triggered during file upload and is addressed in Group-Office version 6.8.29. Affecte...

6.5CVSS5.9AI score0.00424EPSS
Exploits1References2Affected Software1
nvd
nvd
added 2023/12/13 2:15 a.m.14 views

CVE-2023-45800

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1...

7.5CVSS0.00606EPSS
Exploits0References1
osv
osv
added 2023/12/13 2:15 a.m.4 views

CVE-2023-45800

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References1
prion
prion
added 2023/12/13 2:15 a.m.11 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1...

5CVSS8AI score0.00606EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2023/12/13 1:46 a.m.23 views

CVE-2023-45800

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Hanbiro Hanbiro groupware allows Information Elicitation.This issue affects Hanbiro groupware: from V3.8.79 before V3.8.81.1...

7.5CVSS8.1AI score0.00606EPSS
Exploits0References1
cnnvd
cnnvd
added 2023/12/13 12:0 a.m.6 views

Hanbiro SQL Injection Vulnerability

Hanbiro is an application from Hanbiro Inc. A security vulnerability exists in Hanbiro groupware versions prior to V3.8.79 through V3.8.81.1 that stems from the presence of a SQL injection vulnerability...

7.5CVSS7.8AI score0.00606EPSS
Exploits0References2
nvd
nvd
added 2023/11/30 7:15 a.m.11 views

CVE-2023-49077

Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting XSS vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can sen...

8.3CVSS0.00443EPSS
Exploits0References2
osv
osv
added 2023/11/30 7:14 a.m.25 views

CVE-2023-49077 mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation

Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting XSS vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can sen...

8.3CVSS5.6AI score0.00443EPSS
Exploits0References4
cve
cve
added 2023/11/30 7:14 a.m.32 views

CVE-2023-49077

CVE-2023-49077 affects Mailcow: dockerized. A Cross-Site Scripting (XSS) vulnerability exists in the Quarantine UI, whereby an attacker could leverage a crafted email to execute malicious JavaScript in an administrator’s browser. The issue is documented across multiple sources and has been patche...

8.3CVSS6.1AI score0.00443EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/11/07 5:35 p.m.20 views

CVE-2023-46730 Server-Side Request Forgery in groupoffice

Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery SSRF vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to...

7.4CVSS8.3AI score0.00595EPSS
Exploits1References4
cve
cve
added 2023/11/07 5:35 p.m.53 views

CVE-2023-46730

CVE-2023-46730 (Group-Office) : A full Server-Side Request Forgery (SSRF) vulnerability exists in the /api/upload.php endpoint of Group-Office. The endpoint does not filter URLs, allowing an attacker to cause the server to fetch resources from untrusted domains, with possible access to local disk...

8.8CVSS8AI score0.00595EPSS
Exploits1References2Affected Software1
ibm
ibm
added 2023/06/16 3:19 p.m.34 views

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

10CVSS8.6AI score0.01034EPSS
Exploits2Affected Software1
susecve
susecve
added 2023/02/15 6:20 a.m.2 views

SUSE CVE-2004-0754

Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages...

7.5CVSS8.1AI score0.04451EPSS
Exploits0References6
susecve
susecve
added 2023/02/15 6:17 a.m.6 views

SUSE CVE-2005-2498

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier PEAR XML-RPC for PHP, as used in multiple products including 1 Drupal, 2 phpAdsNew, 3 phpPgAds, and 4 phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be...

7.5CVSS8.4AI score0.05091EPSS
Exploits0References5
susecve
susecve
added 2023/02/15 6:10 a.m.5 views

SUSE CVE-2007-6018

IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde Groupware Webmail Edition 1.0.3 does not validate unspecified HTTP requests, which allows remote attackers to 1 delete arbitrary e-mail messages via a modified numeric ID or 2 "purge" deleted emails via a crafted email message...

5.8CVSS7.1AI score0.01774EPSS
Exploits1References4
susecve
susecve
added 2023/02/15 6:8 a.m.5 views

SUSE CVE-2008-1284

Directory traversal vulnerability in Horde 3.1.6, Groupware before 1.0.5, and Groupware Webmail Edition before 1.0.6, when running with certain configurations, allows remote authenticated users to read and execute arbitrary files via ".." sequences and a null byte in the theme name...

6CVSS7.2AI score0.01677EPSS
Exploits0References5
susecve
susecve
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-2783

Multiple cross-site scripting XSS vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to 1 week.php, 2 workweek.php, and 3 day.php; and 4 the horde parameter in the PATHINFO to the...

4.3CVSS5.9AI score0.01505EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 6:7 a.m.6 views

SUSE CVE-2008-3650

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 final have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting XSS, in the 1 object browser and 2 contact view...

9CVSS6.5AI score0.0102EPSS
Exploits0References3
susecve
susecve
added 2023/02/15 6:5 a.m.9 views

SUSE CVE-2008-7219

Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not valida...

10CVSS7AI score0.02744EPSS
Exploits0References4
Rows per page
Query Builder