20 matches found
EUVD-2009-2350
Malware in sbrugna...
EUVD-2009-2351
Malware in sbrugna...
EUVD-2009-2352
Malware in sbrugna...
NullLogic Groupware Detection (Linux/Unix SSH Login)
SSH login-based detection of NullLogic Groupware. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
NullLogic Groupware Detection (HTTP)
HTTP based detection of NullLogic Groupware. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
NullLogic Groupware <= 1.2.7 Multiple Vulnerabilities
NullLogic Groupware is prone to multiple vulnerabilities. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...
NullLogic Groupware Multiple Vulnerabilities
The host is installed with NullLogic Groupware and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbnulllogicgroupwaremultvulnwin.nasl 7573 2017-10-26 09:18:50Z cfischer $ NullLogic Groupware Multiple Vulnerabilities Authors: Nikita MR Copyright: Copyright c 2009 Greenbone...
NullLogic Groupware多个远程安全漏洞
CVECAN ID: CVE-2009-2354,CVE-2009-2355,CVE-2009-2356 Groupware是一个开源的团队协作软件,包含有即时消息、公共论坛、邮件等多种功能。 远程攻击者可以通过向Groupware的多个模块提交恶意参数请求导致拒绝服务或执行任意代码。 1 Groupware在与数据库服务器通讯时通常会调用sqlqueryf函数,该函数会使用C格式字符串和其他参数来创建SQL查询。例如,在试图登录的时候,authcheckpass函数会生成以下查询: if sqr=sqlqueryfsid, "SELECT userid, password FROM...
CVE-2009-2354
SQL injection vulnerability in the authcheckpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter...
Sql injection
SQL injection vulnerability in the authcheckpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter...
CVE-2009-2355
The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service application crash by specifying 1 an empty string or 2 a non-numeric string when selecting a forum, related to the fmessagelist function...
Stack overflow
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the 1 POP3, 2 SMTP, or 3 web component that triggers a long SQL query...
Design/Logic Flaw
The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service application crash by specifying 1 an empty string or 2 a non-numeric string when selecting a forum, related to the fmessagelist function...
CVE-2009-2355
The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service application crash by specifying 1 an empty string or 2 a non-numeric string when selecting a forum, related to the fmessagelist function...
CVE-2009-2355
NullLogic Groupware 1.2.7 is affected by CVE-2009-2355 in the forum module: remotely authenticated users can crash the application by passing an empty string or a non-numeric string when selecting a forum (fmessagelist). The underlying issue is input handling in the forum selection path, as docum...
CVE-2009-2354
SQL injection vulnerability in the authcheckpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter...
CVE-2009-2356
NullLogic Groupware
CVE-2009-2354
The CVE-2009-2354 entry concerns NullLogic Groupware 1.2.7 with an SQL injection in the auth_checkpass function of the login page, allowing remote attackers to execute arbitrary SQL via the username parameter. OpenVAS entries confirm multiple vulnerabilities affecting NullLogic Groupware
CVE-2009-2356
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the 1 POP3, 2 SMTP, or 3 web component that triggers a long SQL query...
High security hole in NullLogic Groupware
Hi, I've identified a couple of security flaws affecting the NullLogic Groupware which may allow compromise of accounts, denial of service or even remote code execution. These issues were reported by email to the developer but no response was forthcoming. Tim -- Tim Brown...